From 0f9ca9e53a0f7824a0372ef82ff28acf738c4f9e Mon Sep 17 00:00:00 2001 From: dvirlabs Date: Wed, 15 Apr 2026 15:07:11 +0300 Subject: [PATCH] refactor --- applicationsets/eck-resources.yaml | 38 - applicationsets/external-secrets-appset.yaml | 30 - applicationsets/prometheus-scrape-secret.yaml | 28 - .../rancher-monitoring-appset.yaml | 34 - applicationsets/uptime-kuma.yaml | 34 - argocd-apps/kube-prometheus-stack.yaml | 23 + charts/eck-resources/Chart.yaml | 5 - .../eck-resources/my-values/values-int.yaml | 3 - .../eck-resources/my-values/values-prod.yaml | 3 - .../templates/elasticsearch.yaml | 22 - .../templates/kibana-ingress.yaml | 25 - charts/eck-resources/templates/kibana.yaml | 27 - .../.helmignore | 12 +- charts/kube-prometheus-stack/Chart.lock | 18 + charts/kube-prometheus-stack/Chart.yaml | 72 + .../README.md | 95 +- .../charts/crds/Chart.yaml | 3 + .../charts/crds/README.md | 3 + .../crds/crds/crd-alertmanagerconfigs.yaml | 12334 ++++++++++++++ .../charts/crds/crds/crd-alertmanagers.yaml | 9983 +++++++++++ .../charts/crds/crds/crd-podmonitors.yaml | 1399 ++ .../charts/crds/crds/crd-probes.yaml | 1416 ++ .../crds/crds/crd-prometheusagents.yaml | 11449 +++++++++++++ .../charts/crds/crds/crd-prometheuses.yaml | 13720 ++++++++++++++++ .../charts/crds/crds/crd-prometheusrules.yaml | 267 + .../charts/crds/crds/crd-scrapeconfigs.yaml | 12909 +++++++++++++++ .../charts/crds/crds/crd-servicemonitors.yaml | 1413 ++ .../charts/crds/crds/crd-thanosrulers.yaml | 9754 +++++++++++ .../charts/crds/files/crds.bz2 | Bin 0 -> 197482 bytes .../charts/crds/templates/_helpers.tpl | 20 + .../crds/templates/upgrade/clusterrole.yaml | 28 + .../templates/upgrade/clusterrolebinding.yaml | 21 + .../charts/crds/templates/upgrade/crds.yaml | 15 + .../charts/crds/templates/upgrade/job.yaml | 147 + .../templates/upgrade/serviceaccount.yaml | 20 + .../charts/crds/values.yaml | 4 + .../charts/grafana}/.helmignore | 4 + .../charts/grafana/Chart.yaml | 26 +- .../charts/grafana/README.md | 583 + .../grafana/dashboards/custom-dashboard.json | 0 .../charts/grafana/templates/NOTES.txt | 0 .../charts/grafana/templates/_config.tpl | 16 +- .../charts/grafana/templates/_helpers.tpl | 171 +- .../charts/grafana/templates/_pod.tpl | 506 +- .../charts/grafana/templates/clusterrole.yaml | 0 .../grafana/templates/clusterrolebinding.yaml | 0 .../grafana/templates/configSecret.yaml | 0 .../configmap-dashboard-provider.yaml | 0 .../charts/grafana/templates/configmap.yaml | 0 .../templates/dashboards-json-configmap.yaml | 0 .../charts/grafana/templates/deployment.yaml | 0 .../grafana/templates/extra-manifests.yaml | 4 +- .../grafana/templates/headless-service.yaml | 1 + .../charts/grafana/templates/hpa.yaml | 0 .../templates/image-renderer-deployment.yaml | 17 +- .../grafana/templates/image-renderer-hpa.yaml | 0 .../image-renderer-network-policy.yaml | 0 .../templates/image-renderer-service.yaml | 6 +- .../image-renderer-servicemonitor.yaml | 2 +- .../charts/grafana/templates/ingress.yaml | 23 +- .../grafana/templates/networkpolicy.yaml | 4 + .../templates/poddisruptionbudget.yaml | 5 +- .../grafana/templates/podsecuritypolicy.yaml | 12 +- .../charts/grafana/templates/pvc.yaml | 6 +- .../charts/grafana/templates/role.yaml | 4 +- .../charts/grafana/templates/rolebinding.yaml | 0 .../charts/grafana/templates/route.yaml | 28 +- .../charts/grafana/templates/secret-env.yaml | 1 + .../charts/grafana/templates/secret.yaml | 1 + .../charts/grafana/templates/service.yaml | 5 +- .../grafana/templates/serviceaccount.yaml | 0 .../grafana/templates/servicemonitor.yaml | 17 +- .../charts/grafana/templates/statefulset.yaml | 16 +- .../charts/grafana/templates/vpa.yaml | 56 + .../charts/grafana/values.yaml | 461 +- .../charts/kube-state-metrics/.helmignore | 0 .../charts/kube-state-metrics/Chart.yaml | 4 +- .../charts/kube-state-metrics/README.md | 40 +- .../kube-state-metrics/templates/NOTES.txt | 0 .../kube-state-metrics/templates/_helpers.tpl | 68 +- .../templates/ciliumnetworkpolicy.yaml | 0 .../templates/clusterrolebinding.yaml | 0 .../templates/crs-configmap.yaml | 6 +- .../templates/deployment.yaml | 60 +- .../templates/extra-manifests.yaml | 0 .../templates/kubeconfig-secret.yaml | 0 .../templates/networkpolicy.yaml | 2 +- .../kube-state-metrics/templates/pdb.yaml | 4 - .../templates/rbac-configmap.yaml | 0 .../kube-state-metrics/templates/role.yaml | 11 +- .../templates/rolebinding.yaml | 0 .../templates/scrapeconfig.yaml | 60 + .../kube-state-metrics/templates/service.yaml | 12 +- .../templates/serviceaccount.yaml | 0 .../templates/servicemonitor.yaml | 12 - .../templates/stsdiscovery-role.yaml | 0 .../templates/stsdiscovery-rolebinding.yaml | 0 .../templates/verticalpodautoscaler.yaml | 0 .../charts/kube-state-metrics/values.yaml | 115 +- .../prometheus-node-exporter/.helmignore | 0 .../prometheus-node-exporter/Chart.yaml | 7 +- .../charts/prometheus-node-exporter/README.md | 33 +- .../templates/NOTES.txt | 4 +- .../templates/_helpers.tpl | 38 +- .../templates/clusterrole.yaml | 0 .../templates/clusterrolebinding.yaml | 0 .../templates/daemonset.yaml | 62 +- .../templates/endpoints.yaml | 2 +- .../templates/extra-manifests.yaml | 0 .../templates/networkpolicy.yaml | 0 .../templates/podmonitor.yaml | 0 .../templates/rbac-configmap.yaml | 0 .../templates/service.yaml | 3 + .../templates/serviceaccount.yaml | 0 .../templates/servicemonitor.yaml | 12 +- .../templates/verticalpodautoscaler.yaml | 0 .../prometheus-node-exporter/values.yaml | 67 +- .../prometheus-windows-exporter}/.helmignore | 0 .../prometheus-windows-exporter}/Chart.yaml | 7 +- .../prometheus-windows-exporter}/README.md | 26 +- .../templates/_helpers.tpl | 79 +- .../templates/config.yaml | 2 +- .../templates/daemonset.yaml | 28 +- .../templates/podmonitor.yaml | 2 +- .../templates/service.yaml | 6 +- .../templates/serviceaccount.yaml | 2 +- .../templates/servicemonitor.yaml | 32 +- .../prometheus-windows-exporter}/values.yaml | 32 +- .../templates/NOTES.txt | 5 + .../templates/_helpers.tpl | 278 +- .../templates/alertmanager/alertmanager.yaml | 56 +- .../templates/alertmanager/extrasecret.yaml | 2 +- .../templates/alertmanager/ingress.yaml | 29 +- .../alertmanager/ingressperreplica.yaml | 15 +- .../templates/alertmanager/networkpolicy.yaml | 6 +- .../alertmanager/podDisruptionBudget.yaml | 11 +- .../templates/alertmanager/route.yaml | 7 +- .../templates/alertmanager/secret.yaml | 12 +- .../templates/alertmanager/service.yaml | 4 +- .../alertmanager/serviceaccount.yaml | 2 +- .../alertmanager/servicemonitor.yaml | 31 +- .../alertmanager/serviceperreplica.yaml | 2 +- .../alertmanager/verticalpodautoscaler.yaml | 41 + .../templates/exporters/core-dns/service.yaml | 0 .../exporters/core-dns/servicemonitor.yaml | 20 +- .../kube-api-server/servicemonitor.yaml | 14 +- .../kube-controller-manager/endpoints.yaml | 0 .../kube-controller-manager/service.yaml | 0 .../servicemonitor.yaml | 16 +- .../templates/exporters/kube-dns/service.yaml | 0 .../exporters/kube-dns/servicemonitor.yaml | 24 +- .../exporters/kube-etcd/endpoints.yaml | 0 .../exporters/kube-etcd/service.yaml | 0 .../exporters/kube-etcd/servicemonitor.yaml | 22 +- .../exporters/kube-proxy/endpoints.yaml | 0 .../exporters/kube-proxy/service.yaml | 0 .../exporters/kube-proxy/servicemonitor.yaml | 20 +- .../exporters/kube-scheduler/endpoints.yaml | 0 .../exporters/kube-scheduler/service.yaml | 0 .../kube-scheduler/servicemonitor.yaml | 16 +- .../exporters/kubelet/servicemonitor.yaml | 19 +- .../templates/extra-objects.yaml | 15 + .../grafana/configmaps-datasources.yaml | 18 +- .../alertmanager-overview.yaml | 56 + .../grafana/dashboards-1.14/apiserver.yaml | 42 +- .../dashboards-1.14/cluster-total.yaml | 57 + .../dashboards-1.14/controller-manager.yaml | 57 + .../grafana/dashboards-1.14/etcd.yaml | 56 + .../dashboards-1.14/grafana-overview.yaml | 56 + .../grafana/dashboards-1.14/k8s-coredns.yaml | 56 + .../k8s-resources-cluster.yaml | 57 + .../k8s-resources-multicluster.yaml | 57 + .../k8s-resources-namespace.yaml | 57 + .../dashboards-1.14/k8s-resources-node.yaml | 56 + .../dashboards-1.14/k8s-resources-pod.yaml | 57 + .../k8s-resources-windows-cluster.yaml | 40 +- .../k8s-resources-windows-namespace.yaml | 40 +- .../k8s-resources-windows-pod.yaml | 40 +- .../k8s-resources-workload.yaml | 57 + .../k8s-resources-workloads-namespace.yaml | 57 + .../k8s-windows-cluster-rsrc-use.yaml | 40 +- .../k8s-windows-node-rsrc-use.yaml | 40 +- .../grafana/dashboards-1.14/kubelet.yaml | 57 + .../dashboards-1.14/namespace-by-pod.yaml | 57 + .../namespace-by-workload.yaml | 57 + .../node-cluster-rsrc-use.yaml | 56 + .../dashboards-1.14/node-rsrc-use.yaml | 56 + .../grafana/dashboards-1.14/nodes-aix.yaml | 56 + .../grafana/dashboards-1.14/nodes-darwin.yaml | 56 + .../grafana/dashboards-1.14/nodes.yaml | 56 + .../persistentvolumesusage.yaml | 57 + .../grafana/dashboards-1.14/pod-total.yaml | 57 + .../prometheus-remote-write.yaml | 56 + .../grafana/dashboards-1.14/prometheus.yaml | 56 + .../grafana/dashboards-1.14/proxy.yaml | 57 + .../grafana/dashboards-1.14/scheduler.yaml | 57 + .../dashboards-1.14/workload-total.yaml | 57 + .../_prometheus-operator.tpl | 0 .../_prometheus-operator-webhook.tpl | 0 .../deployment/deployment.yaml | 4 +- .../admission-webhooks/deployment/pdb.yaml | 6 +- .../deployment/service.yaml | 0 .../deployment/serviceaccount.yaml | 0 .../ciliumnetworkpolicy-createSecret.yaml | 0 .../ciliumnetworkpolicy-patchWebhook.yaml | 0 .../job-patch/clusterrole.yaml | 13 +- .../job-patch/clusterrolebinding.yaml | 0 .../job-patch/job-createSecret.yaml | 21 +- .../job-patch/job-patchWebhook.yaml | 31 +- .../job-patch/networkpolicy-createSecret.yaml | 0 .../job-patch/networkpolicy-patchWebhook.yaml | 0 .../admission-webhooks/job-patch/role.yaml | 0 .../job-patch/rolebinding.yaml | 0 .../job-patch/serviceaccount.yaml | 0 .../mutatingWebhookConfiguration.yaml | 4 + .../validatingWebhookConfiguration.yaml | 76 +- .../aggregate-clusterroles.yaml | 0 .../prometheus-operator/certmanager.yaml | 0 .../ciliumnetworkpolicy.yaml | 0 .../prometheus-operator/clusterrole.yaml | 9 +- .../clusterrolebinding.yaml | 0 .../prometheus-operator/deployment.yaml | 21 +- .../prometheus-operator/networkpolicy.yaml | 2 +- .../templates/prometheus-operator/pdb.yaml | 15 + .../prometheus-operator/service.yaml | 0 .../prometheus-operator/serviceaccount.yaml | 0 .../prometheus-operator/servicemonitor.yaml | 16 +- .../verticalpodautoscaler.yaml | 0 .../templates/prometheus/_rules.tpl | 0 .../additionalAlertRelabelConfigs.yaml | 0 .../additionalAlertmanagerConfigs.yaml | 0 .../prometheus/additionalPrometheusRules.yaml | 37 + .../prometheus/additionalScrapeConfigs.yaml | 0 .../prometheus/ciliumnetworkpolicy.yaml | 9 +- .../templates/prometheus/clusterrole.yaml | 5 +- .../prometheus/clusterrolebinding.yaml | 0 .../templates/prometheus/csi-secret.yaml | 0 .../templates/prometheus/extrasecret.yaml | 0 .../templates/prometheus/ingress.yaml | 27 +- .../prometheus/ingressThanosSidecar.yaml | 20 +- .../prometheus/ingressperreplica.yaml | 13 +- .../templates/prometheus/networkpolicy.yaml | 4 +- .../prometheus/podDisruptionBudget.yaml | 9 +- .../templates/prometheus/podmonitors.yaml | 4 + .../templates/prometheus/prometheus.yaml | 83 +- .../templates/prometheus/route.yaml | 5 +- .../rules-1.14/alertmanager.rules.yaml | 32 +- .../rules-1.14/config-reloaders.yaml | 0 .../templates/prometheus/rules-1.14/etcd.yaml | 4 +- .../prometheus/rules-1.14/general.rules.yaml | 4 +- .../k8s.rules.container_cpu_limits.yaml | 4 +- .../k8s.rules.container_cpu_requests.yaml | 0 ...les.container_cpu_usage_seconds_total.yaml | 19 +- .../k8s.rules.container_memory_cache.yaml | 3 +- .../k8s.rules.container_memory_limits.yaml | 0 .../k8s.rules.container_memory_requests.yaml | 0 .../k8s.rules.container_memory_rss.yaml | 3 +- .../k8s.rules.container_memory_swap.yaml | 3 +- ...es.container_memory_working_set_bytes.yaml | 3 +- .../k8s.rules.container_resource.yaml | 0 .../rules-1.14/k8s.rules.pod_owner.yaml | 220 + .../kube-apiserver-availability.rules.yaml | 24 +- .../kube-apiserver-burnrate.rules.yaml | 0 .../kube-apiserver-histogram.rules.yaml | 0 .../rules-1.14/kube-apiserver-slos.yaml | 0 .../kube-prometheus-general.rules.yaml | 0 .../kube-prometheus-node-recording.rules.yaml | 0 .../rules-1.14/kube-scheduler.rules.yaml | 31 +- .../rules-1.14/kube-state-metrics.yaml | 0 .../prometheus/rules-1.14/kubelet.rules.yaml | 29 +- .../rules-1.14/kubernetes-apps.yaml | 145 +- .../rules-1.14/kubernetes-resources.yaml | 144 +- .../rules-1.14/kubernetes-storage.yaml | 43 +- .../kubernetes-system-apiserver.yaml | 2 +- .../kubernetes-system-controller-manager.yaml | 15 +- .../kubernetes-system-kube-proxy.yaml | 10 +- .../rules-1.14/kubernetes-system-kubelet.yaml | 103 +- .../kubernetes-system-scheduler.yaml | 8 +- .../rules-1.14/kubernetes-system.yaml | 0 .../rules-1.14/node-exporter.rules.yaml | 56 + .../prometheus/rules-1.14/node-exporter.yaml | 4 +- .../prometheus/rules-1.14/node-network.yaml | 0 .../prometheus/rules-1.14/node.rules.yaml | 0 .../rules-1.14/prometheus-operator.yaml | 0 .../prometheus/rules-1.14/prometheus.yaml | 4 +- .../rules-1.14/windows.node.rules.yaml | 11 +- .../rules-1.14/windows.pod.rules.yaml | 0 .../templates/prometheus/secret.yaml | 2 +- .../templates/prometheus/service.yaml | 7 +- .../prometheus/serviceThanosSidecar.yaml | 2 + .../serviceThanosSidecarExternal.yaml | 0 .../templates/prometheus/serviceaccount.yaml | 0 .../templates/prometheus/servicemonitor.yaml | 13 +- .../servicemonitorThanosSidecar.yaml | 16 +- .../templates/prometheus/servicemonitors.yaml | 4 + .../prometheus/serviceperreplica.yaml | 0 .../prometheus/verticalpodautoscaler.yaml | 46 + .../templates/thanos-ruler/extrasecret.yaml | 0 .../templates/thanos-ruler/ingress.yaml | 20 +- .../thanos-ruler/podDisruptionBudget.yaml | 9 +- .../templates/thanos-ruler/route.yaml | 5 +- .../templates/thanos-ruler/ruler.yaml | 21 +- .../templates/thanos-ruler/secret.yaml | 0 .../templates/thanos-ruler/service.yaml | 2 +- .../thanos-ruler/serviceaccount.yaml | 0 .../thanos-ruler/servicemonitor.yaml | 10 - .../values.yaml | 1684 +- charts/rancher-monitoring/CHANGELOG.md | 47 - charts/rancher-monitoring/Chart.yaml | 158 - charts/rancher-monitoring/app-README.md | 46 - .../charts/grafana/README.md | 784 - .../grafana/templates/nginx-config.yaml | 101 - .../templates/tests/test-configmap.yaml | 20 - .../tests/test-podsecuritypolicy.yaml | 32 - .../grafana/templates/tests/test-role.yaml | 17 - .../templates/tests/test-rolebinding.yaml | 20 - .../templates/tests/test-serviceaccount.yaml | 12 - .../charts/grafana/templates/tests/test.yaml | 57 - .../charts/hardenedKubelet/.helmignore | 23 - .../charts/hardenedKubelet/Chart.yaml | 14 - .../charts/hardenedKubelet/README.md | 90 - .../hardenedKubelet/templates/_helpers.tpl | 170 - .../templates/pushprox-clients-rbac.yaml | 97 - .../templates/pushprox-clients.yaml | 157 - .../templates/pushprox-proxy-rbac.yaml | 68 - .../templates/pushprox-proxy.yaml | 57 - .../templates/pushprox-servicemonitor.yaml | 45 - .../templates/validate-install-crd.yaml | 14 - .../templates/validate-psp-install.yaml | 7 - .../charts/hardenedKubelet/values.yaml | 166 - .../charts/hardenedNodeExporter/.helmignore | 23 - .../charts/hardenedNodeExporter/Chart.yaml | 14 - .../charts/hardenedNodeExporter/README.md | 90 - .../templates/_helpers.tpl | 170 - .../templates/pushprox-clients-rbac.yaml | 97 - .../templates/pushprox-clients.yaml | 157 - .../templates/pushprox-proxy-rbac.yaml | 68 - .../templates/pushprox-proxy.yaml | 57 - .../templates/pushprox-servicemonitor.yaml | 45 - .../templates/validate-install-crd.yaml | 14 - .../templates/validate-psp-install.yaml | 7 - .../charts/hardenedNodeExporter/values.yaml | 166 - .../charts/k3sServer/.helmignore | 23 - .../charts/k3sServer/Chart.yaml | 14 - .../charts/k3sServer/README.md | 90 - .../charts/k3sServer/templates/_helpers.tpl | 170 - .../templates/pushprox-clients-rbac.yaml | 97 - .../k3sServer/templates/pushprox-clients.yaml | 157 - .../templates/pushprox-proxy-rbac.yaml | 68 - .../k3sServer/templates/pushprox-proxy.yaml | 57 - .../templates/pushprox-servicemonitor.yaml | 45 - .../templates/validate-install-crd.yaml | 14 - .../templates/validate-psp-install.yaml | 7 - .../charts/k3sServer/values.yaml | 166 - .../templates/podsecuritypolicy.yaml | 39 - .../templates/psp-clusterrole.yaml | 19 - .../templates/psp-clusterrolebinding.yaml | 16 - .../kubeAdmControllerManager/Chart.yaml | 14 - .../charts/kubeAdmControllerManager/README.md | 90 - .../templates/_helpers.tpl | 170 - .../templates/pushprox-clients-rbac.yaml | 97 - .../templates/pushprox-clients.yaml | 157 - .../templates/pushprox-proxy-rbac.yaml | 68 - .../templates/pushprox-proxy.yaml | 57 - .../templates/pushprox-servicemonitor.yaml | 45 - .../templates/validate-install-crd.yaml | 14 - .../templates/validate-psp-install.yaml | 7 - .../kubeAdmControllerManager/values.yaml | 166 - .../charts/kubeAdmEtcd/.helmignore | 23 - .../charts/kubeAdmEtcd/Chart.yaml | 14 - .../charts/kubeAdmEtcd/README.md | 90 - .../charts/kubeAdmEtcd/templates/_helpers.tpl | 170 - .../templates/pushprox-clients-rbac.yaml | 97 - .../templates/pushprox-clients.yaml | 157 - .../templates/pushprox-proxy-rbac.yaml | 68 - .../kubeAdmEtcd/templates/pushprox-proxy.yaml | 57 - .../templates/pushprox-servicemonitor.yaml | 45 - .../templates/validate-install-crd.yaml | 14 - .../templates/validate-psp-install.yaml | 7 - .../charts/kubeAdmEtcd/values.yaml | 166 - .../charts/kubeAdmProxy/.helmignore | 23 - .../charts/kubeAdmProxy/Chart.yaml | 14 - .../charts/kubeAdmProxy/README.md | 90 - .../kubeAdmProxy/templates/_helpers.tpl | 170 - .../templates/pushprox-clients-rbac.yaml | 97 - .../templates/pushprox-clients.yaml | 157 - .../templates/pushprox-proxy-rbac.yaml | 68 - .../templates/pushprox-proxy.yaml | 57 - .../templates/pushprox-servicemonitor.yaml | 45 - .../templates/validate-install-crd.yaml | 14 - .../templates/validate-psp-install.yaml | 7 - .../charts/kubeAdmProxy/values.yaml | 166 - .../charts/kubeAdmScheduler/.helmignore | 23 - .../charts/kubeAdmScheduler/Chart.yaml | 14 - .../charts/kubeAdmScheduler/README.md | 90 - .../kubeAdmScheduler/templates/_helpers.tpl | 170 - .../templates/pushprox-clients-rbac.yaml | 97 - .../templates/pushprox-clients.yaml | 157 - .../templates/pushprox-proxy-rbac.yaml | 68 - .../templates/pushprox-proxy.yaml | 57 - .../templates/pushprox-servicemonitor.yaml | 45 - .../templates/validate-install-crd.yaml | 14 - .../templates/validate-psp-install.yaml | 7 - .../charts/kubeAdmScheduler/values.yaml | 166 - .../charts/prometheus-adapter/Chart.yaml | 24 - .../charts/prometheus-adapter/README.md | 160 - .../prometheus-adapter/templates/NOTES.txt | 9 - .../prometheus-adapter/templates/_helpers.tpl | 105 - .../templates/certmanager.yaml | 82 - .../cluster-role-binding-auth-delegator.yaml | 20 - .../cluster-role-binding-auth-reader.yaml | 20 - .../cluster-role-binding-resource-reader.yaml | 20 - .../cluster-role-resource-reader.yaml | 24 - .../templates/configmap.yaml | 97 - .../templates/custom-metrics-apiservice.yaml | 34 - ...stom-metrics-cluster-role-binding-hpa.yaml | 24 - .../custom-metrics-cluster-role.yaml | 17 - .../templates/deployment.yaml | 154 - .../external-metrics-apiservice.yaml | 34 - ...rnal-metrics-cluster-role-binding-hpa.yaml | 20 - .../external-metrics-cluster-role.yaml | 20 - .../prometheus-adapter/templates/pdb.yaml | 23 - .../prometheus-adapter/templates/psp.yaml | 66 - .../resource-metrics-apiservice.yaml | 34 - ...resource-metrics-cluster-role-binding.yaml | 20 - .../resource-metrics-cluster-role.yaml | 23 - .../templates/role-binding-auth-reader.yaml | 21 - .../prometheus-adapter/templates/secret.yaml | 17 - .../prometheus-adapter/templates/service.yaml | 32 - .../templates/serviceaccount.yaml | 19 - .../charts/prometheus-adapter/values.yaml | 311 - .../templates/psp-clusterrole.yaml | 14 - .../templates/psp-clusterrolebinding.yaml | 16 - .../templates/psp.yaml | 49 - .../charts/rke2ControllerManager/.helmignore | 23 - .../charts/rke2ControllerManager/Chart.yaml | 14 - .../charts/rke2ControllerManager/README.md | 90 - .../templates/_helpers.tpl | 170 - .../templates/pushprox-clients-rbac.yaml | 97 - .../templates/pushprox-clients.yaml | 157 - .../templates/pushprox-proxy-rbac.yaml | 68 - .../templates/pushprox-proxy.yaml | 57 - .../templates/pushprox-servicemonitor.yaml | 45 - .../templates/validate-install-crd.yaml | 14 - .../templates/validate-psp-install.yaml | 7 - .../charts/rke2ControllerManager/values.yaml | 166 - .../charts/rke2Etcd/.helmignore | 23 - .../charts/rke2Etcd/Chart.yaml | 14 - .../charts/rke2Etcd/README.md | 90 - .../charts/rke2Etcd/templates/_helpers.tpl | 170 - .../templates/pushprox-clients-rbac.yaml | 97 - .../rke2Etcd/templates/pushprox-clients.yaml | 157 - .../templates/pushprox-proxy-rbac.yaml | 68 - .../rke2Etcd/templates/pushprox-proxy.yaml | 57 - .../templates/pushprox-servicemonitor.yaml | 45 - .../templates/validate-install-crd.yaml | 14 - .../templates/validate-psp-install.yaml | 7 - .../charts/rke2Etcd/values.yaml | 166 - .../charts/rke2IngressNginx/.helmignore | 23 - .../charts/rke2IngressNginx/Chart.yaml | 14 - .../charts/rke2IngressNginx/README.md | 90 - .../rke2IngressNginx/templates/_helpers.tpl | 170 - .../templates/pushprox-clients-rbac.yaml | 97 - .../templates/pushprox-clients.yaml | 157 - .../templates/pushprox-proxy-rbac.yaml | 68 - .../templates/pushprox-proxy.yaml | 57 - .../templates/pushprox-servicemonitor.yaml | 45 - .../templates/validate-install-crd.yaml | 14 - .../templates/validate-psp-install.yaml | 7 - .../charts/rke2IngressNginx/values.yaml | 166 - .../charts/rke2Proxy/.helmignore | 23 - .../charts/rke2Proxy/Chart.yaml | 14 - .../charts/rke2Proxy/README.md | 90 - .../charts/rke2Proxy/templates/_helpers.tpl | 170 - .../templates/pushprox-clients-rbac.yaml | 97 - .../rke2Proxy/templates/pushprox-clients.yaml | 157 - .../templates/pushprox-proxy-rbac.yaml | 68 - .../rke2Proxy/templates/pushprox-proxy.yaml | 57 - .../templates/pushprox-servicemonitor.yaml | 45 - .../templates/validate-install-crd.yaml | 14 - .../templates/validate-psp-install.yaml | 7 - .../charts/rke2Proxy/values.yaml | 166 - .../charts/rke2Scheduler/.helmignore | 23 - .../charts/rke2Scheduler/Chart.yaml | 14 - .../charts/rke2Scheduler/README.md | 90 - .../rke2Scheduler/templates/_helpers.tpl | 170 - .../templates/pushprox-clients-rbac.yaml | 97 - .../templates/pushprox-clients.yaml | 157 - .../templates/pushprox-proxy-rbac.yaml | 68 - .../templates/pushprox-proxy.yaml | 57 - .../templates/pushprox-servicemonitor.yaml | 45 - .../templates/validate-install-crd.yaml | 14 - .../templates/validate-psp-install.yaml | 7 - .../charts/rke2Scheduler/values.yaml | 166 - .../charts/rkeControllerManager/.helmignore | 23 - .../charts/rkeControllerManager/Chart.yaml | 14 - .../charts/rkeControllerManager/README.md | 90 - .../templates/_helpers.tpl | 170 - .../templates/pushprox-clients-rbac.yaml | 97 - .../templates/pushprox-clients.yaml | 157 - .../templates/pushprox-proxy-rbac.yaml | 68 - .../templates/pushprox-proxy.yaml | 57 - .../templates/pushprox-servicemonitor.yaml | 45 - .../templates/validate-install-crd.yaml | 14 - .../templates/validate-psp-install.yaml | 7 - .../charts/rkeControllerManager/values.yaml | 166 - .../charts/rkeEtcd/.helmignore | 23 - .../charts/rkeEtcd/Chart.yaml | 14 - .../charts/rkeEtcd/README.md | 90 - .../charts/rkeEtcd/templates/_helpers.tpl | 170 - .../templates/pushprox-clients-rbac.yaml | 97 - .../rkeEtcd/templates/pushprox-clients.yaml | 157 - .../templates/pushprox-proxy-rbac.yaml | 68 - .../rkeEtcd/templates/pushprox-proxy.yaml | 57 - .../templates/pushprox-servicemonitor.yaml | 45 - .../templates/validate-install-crd.yaml | 14 - .../templates/validate-psp-install.yaml | 7 - .../charts/rkeEtcd/values.yaml | 166 - .../charts/rkeIngressNginx/.helmignore | 23 - .../charts/rkeIngressNginx/Chart.yaml | 14 - .../charts/rkeIngressNginx/README.md | 90 - .../rkeIngressNginx/templates/_helpers.tpl | 170 - .../templates/pushprox-clients-rbac.yaml | 97 - .../templates/pushprox-clients.yaml | 157 - .../templates/pushprox-proxy-rbac.yaml | 68 - .../templates/pushprox-proxy.yaml | 57 - .../templates/pushprox-servicemonitor.yaml | 45 - .../templates/validate-install-crd.yaml | 14 - .../templates/validate-psp-install.yaml | 7 - .../charts/rkeIngressNginx/values.yaml | 166 - .../charts/rkeProxy/.helmignore | 23 - .../charts/rkeProxy/Chart.yaml | 14 - .../charts/rkeProxy/README.md | 90 - .../charts/rkeProxy/templates/_helpers.tpl | 170 - .../templates/pushprox-clients-rbac.yaml | 97 - .../rkeProxy/templates/pushprox-clients.yaml | 157 - .../templates/pushprox-proxy-rbac.yaml | 68 - .../rkeProxy/templates/pushprox-proxy.yaml | 57 - .../templates/pushprox-servicemonitor.yaml | 45 - .../templates/validate-install-crd.yaml | 14 - .../templates/validate-psp-install.yaml | 7 - .../charts/rkeProxy/values.yaml | 166 - .../charts/rkeScheduler/.helmignore | 23 - .../charts/rkeScheduler/Chart.yaml | 14 - .../charts/rkeScheduler/README.md | 90 - .../rkeScheduler/templates/_helpers.tpl | 170 - .../templates/pushprox-clients-rbac.yaml | 97 - .../templates/pushprox-clients.yaml | 157 - .../templates/pushprox-proxy-rbac.yaml | 68 - .../templates/pushprox-proxy.yaml | 57 - .../templates/pushprox-servicemonitor.yaml | 45 - .../templates/validate-install-crd.yaml | 14 - .../templates/validate-psp-install.yaml | 7 - .../charts/rkeScheduler/values.yaml | 166 - .../charts/windowsExporter/.helmignore | 21 - .../scripts/configure-firewall.ps1 | 31 - .../templates/scriptConfig.yaml | 14 - .../files/ingress-nginx/nginx.json | 1445 -- .../request-handling-performance.json | 963 -- .../cluster/rancher-cluster-nodes.json | 793 - .../rancher/cluster/rancher-cluster.json | 776 - .../files/rancher/fleet/bundle.json | 246 - .../files/rancher/fleet/bundledeployment.json | 219 - .../files/rancher/fleet/cluster.json | 484 - .../files/rancher/fleet/clustergroup.json | 468 - .../rancher/fleet/controller-runtime.json | 454 - .../files/rancher/fleet/gitrepo.json | 325 - .../rancher/home/rancher-default-home.json | 1290 -- .../files/rancher/k8s/rancher-etcd-nodes.json | 687 - .../files/rancher/k8s/rancher-etcd.json | 665 - .../k8s/rancher-k8s-components-nodes.json | 527 - .../rancher/k8s/rancher-k8s-components.json | 519 - .../files/rancher/logging/fluentbit.json | 760 - .../files/rancher/logging/fluentd.json | 3221 ---- .../rancher/nodes/rancher-node-detail.json | 805 - .../files/rancher/nodes/rancher-node.json | 792 - .../performance/performance-debugging.json | 1652 -- .../rancher/pods/rancher-pod-containers.json | 636 - .../files/rancher/pods/rancher-pod.json | 636 - .../workloads/rancher-workload-pods.json | 652 - .../rancher/workloads/rancher-workload.json | 652 - .../delete-workloads-with-old-labels.sh | 14 - .../my-values/values-prod.yaml | 62 - .../templates/alertmanager/psp-role.yaml | 23 - .../alertmanager/psp-rolebinding.yaml | 20 - .../templates/alertmanager/psp.yaml | 47 - .../kube-state-metrics/validate.yaml | 7 - .../exporters/node-exporter/validate.yaml | 3 - .../templates/extra-objects.yaml | 4 - .../alertmanager-overview.yaml | 616 - .../dashboards-1.14/cluster-total.yaml | 24 - .../dashboards-1.14/controller-manager.yaml | 1196 -- .../grafana/dashboards-1.14/etcd.yaml | 1229 -- .../dashboards-1.14/grafana-overview.yaml | 635 - .../grafana/dashboards-1.14/k8s-coredns.yaml | 1534 -- .../k8s-resources-cluster.yaml | 24 - .../k8s-resources-multicluster.yaml | 24 - .../k8s-resources-namespace.yaml | 24 - .../dashboards-1.14/k8s-resources-node.yaml | 24 - .../dashboards-1.14/k8s-resources-pod.yaml | 24 - .../k8s-resources-workload.yaml | 24 - .../k8s-resources-workloads-namespace.yaml | 24 - .../grafana/dashboards-1.14/kubelet.yaml | 2256 --- .../dashboards-1.14/namespace-by-pod.yaml | 24 - .../namespace-by-workload.yaml | 24 - .../node-cluster-rsrc-use.yaml | 1063 -- .../dashboards-1.14/node-rsrc-use.yaml | 1089 -- .../grafana/dashboards-1.14/nodes-aix.yaml | 24 - .../grafana/dashboards-1.14/nodes-darwin.yaml | 1073 -- .../grafana/dashboards-1.14/nodes.yaml | 1066 -- .../persistentvolumesusage.yaml | 587 - .../grafana/dashboards-1.14/pod-total.yaml | 1228 -- .../prometheus-remote-write.yaml | 1674 -- .../grafana/dashboards-1.14/prometheus.yaml | 24 - .../grafana/dashboards-1.14/proxy.yaml | 1276 -- .../grafana/dashboards-1.14/scheduler.yaml | 1118 -- .../dashboards-1.14/workload-total.yaml | 1438 -- .../templates/grafana/namespaces.yaml | 13 - .../admission-webhooks/job-patch/psp.yaml | 47 - .../prometheus-operator/psp-clusterrole.yaml | 21 - .../psp-clusterrolebinding.yaml | 18 - .../templates/prometheus-operator/psp.yaml | 46 - .../prometheus/additionalPrometheusRules.yaml | 43 - .../templates/prometheus/nginx-config.yaml | 68 - .../templates/prometheus/psp-clusterrole.yaml | 22 - .../prometheus/psp-clusterrolebinding.yaml | 19 - .../templates/prometheus/psp.yaml | 58 - .../rules-1.14/k8s.rules.pod_owner.yaml | 107 - .../prometheus/rules-1.14/k8s.rules.yaml | 237 - .../rancher-monitoring/clusterrole.yaml | 135 - .../rancher-monitoring/config-role.yaml | 48 - .../rancher-monitoring/dashboard-role.yaml | 47 - .../addons/ingress-nginx-dashboard.yaml | 18 - .../rancher/cluster-dashboards.yaml | 17 - .../dashboards/rancher/default-dashboard.yaml | 17 - .../dashboards/rancher/fleet-dashboards.yaml | 17 - .../rancher/fluentbit-dashboard.yaml | 17 - .../dashboards/rancher/fluentd-dashboard.yaml | 17 - .../dashboards/rancher/k8s-dashboards.yaml | 31 - .../dashboards/rancher/nodes-dashboards.yaml | 17 - .../rancher/performance-dashboards.yaml | 18 - .../dashboards/rancher/pods-dashboards.yaml | 17 - .../rancher/workload-dashboards.yaml | 17 - .../exporters/fleet/servicemonitor.yaml | 53 - .../ingress-nginx/network-policy.yaml | 19 - .../exporters/ingress-nginx/service.yaml | 27 - .../ingress-nginx/servicemonitor.yaml | 49 - .../exporters/rancher/servicemonitor.yaml | 58 - .../rancher-monitoring/hardened.yaml | 91 - .../rancher-monitoring/upgrade/configmap.yaml | 13 - .../rancher-monitoring/upgrade/job.yaml | 46 - .../rancher-monitoring/upgrade/rbac.yaml | 86 - .../templates/validate-install-crd.yaml | 23 - .../templates/validate-psp-install.yaml | 2 - charts/uptime-kuma/.helmignore | 23 - charts/uptime-kuma/Chart.yaml | 13 - charts/uptime-kuma/my-values/values-prod.yaml | 20 - charts/uptime-kuma/templates/NOTES.txt | 23 - charts/uptime-kuma/templates/_helpers.tpl | 62 - charts/uptime-kuma/templates/deployment.yaml | 76 - charts/uptime-kuma/templates/ingress.yaml | 61 - charts/uptime-kuma/templates/pvc.yaml | 18 - charts/uptime-kuma/templates/service.yaml | 15 - .../uptime-kuma/templates/serviceaccount.yaml | 12 - charts/uptime-kuma/templates/statefulset.yaml | 91 - .../templates/tests/test-connection.yaml | 15 - charts/uptime-kuma/values.yaml | 118 - manifests/alertmanager/monitoring.yaml | 15 - .../grafana/external-secret.yaml | 18 - manifests/grafana/monitoring.yaml | 15 - manifests/kibana-int/monitoring.yaml | 15 - manifests/kibana/monitoring.yaml | 15 - manifests/kube-prometheus-stack/values.yaml | 0 manifests/kuma/monitoring.yaml | 15 - .../additional-scrape-configs.yaml | 27 - manifests/prometheus/monitoring.yaml | 15 - .../grafana/monitoring.yaml | 10 - .../prometheus/monitoring.yaml | 10 - manifests/uptime-kuma/cname.yaml | 2 - 679 files changed, 80895 insertions(+), 62874 deletions(-) delete mode 100644 applicationsets/eck-resources.yaml delete mode 100644 applicationsets/external-secrets-appset.yaml delete mode 100644 applicationsets/prometheus-scrape-secret.yaml delete mode 100644 applicationsets/rancher-monitoring-appset.yaml delete mode 100644 applicationsets/uptime-kuma.yaml create mode 100644 argocd-apps/kube-prometheus-stack.yaml delete mode 100644 charts/eck-resources/Chart.yaml delete mode 100644 charts/eck-resources/my-values/values-int.yaml delete mode 100644 charts/eck-resources/my-values/values-prod.yaml delete mode 100644 charts/eck-resources/templates/elasticsearch.yaml delete mode 100644 charts/eck-resources/templates/kibana-ingress.yaml delete mode 100644 charts/eck-resources/templates/kibana.yaml rename charts/{rancher-monitoring/charts/grafana => kube-prometheus-stack}/.helmignore (74%) create mode 100644 charts/kube-prometheus-stack/Chart.lock create mode 100644 charts/kube-prometheus-stack/Chart.yaml rename charts/{rancher-monitoring => kube-prometheus-stack}/README.md (80%) create mode 100644 charts/kube-prometheus-stack/charts/crds/Chart.yaml create mode 100644 charts/kube-prometheus-stack/charts/crds/README.md create mode 100644 charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml create mode 100644 charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml create mode 100644 charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml create mode 100644 charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml create mode 100644 charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml create mode 100644 charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml create mode 100644 charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml create mode 100644 charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml create mode 100644 charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml create mode 100644 charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml create mode 100644 charts/kube-prometheus-stack/charts/crds/files/crds.bz2 create mode 100644 charts/kube-prometheus-stack/charts/crds/templates/_helpers.tpl create mode 100644 charts/kube-prometheus-stack/charts/crds/templates/upgrade/clusterrole.yaml create mode 100644 charts/kube-prometheus-stack/charts/crds/templates/upgrade/clusterrolebinding.yaml create mode 100644 charts/kube-prometheus-stack/charts/crds/templates/upgrade/crds.yaml create mode 100644 charts/kube-prometheus-stack/charts/crds/templates/upgrade/job.yaml create mode 100644 charts/kube-prometheus-stack/charts/crds/templates/upgrade/serviceaccount.yaml create mode 100644 charts/kube-prometheus-stack/charts/crds/values.yaml rename charts/{rancher-monitoring/charts/kubeAdmControllerManager => kube-prometheus-stack/charts/grafana}/.helmignore (89%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/Chart.yaml (56%) create mode 100644 charts/kube-prometheus-stack/charts/grafana/README.md rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/dashboards/custom-dashboard.json (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/NOTES.txt (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/_config.tpl (89%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/_helpers.tpl (70%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/_pod.tpl (70%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/clusterrole.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/clusterrolebinding.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/configSecret.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/configmap-dashboard-provider.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/configmap.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/dashboards-json-configmap.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/deployment.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/extra-manifests.yaml (69%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/headless-service.yaml (93%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/hpa.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/image-renderer-deployment.yaml (89%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/image-renderer-hpa.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/image-renderer-network-policy.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/image-renderer-service.yaml (83%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/image-renderer-servicemonitor.yaml (94%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/ingress.yaml (63%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/networkpolicy.yaml (92%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/poddisruptionbudget.yaml (80%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/podsecuritypolicy.yaml (63%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/pvc.yaml (74%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/role.yaml (71%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/rolebinding.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/route.yaml (66%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/secret-env.yaml (89%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/secret.yaml (93%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/service.yaml (93%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/serviceaccount.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/servicemonitor.yaml (73%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/templates/statefulset.yaml (83%) create mode 100644 charts/kube-prometheus-stack/charts/grafana/templates/vpa.yaml rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/grafana/values.yaml (76%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/.helmignore (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/Chart.yaml (95%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/README.md (60%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/NOTES.txt (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/_helpers.tpl (82%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/clusterrolebinding.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/crs-configmap.yaml (65%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/deployment.yaml (91%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/extra-manifests.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/kubeconfig-secret.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/networkpolicy.yaml (96%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/pdb.yaml (78%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/rbac-configmap.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/role.yaml (94%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/rolebinding.yaml (100%) create mode 100644 charts/kube-prometheus-stack/charts/kube-state-metrics/templates/scrapeconfig.yaml rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/service.yaml (85%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/serviceaccount.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/servicemonitor.yaml (92%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/stsdiscovery-role.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/kube-state-metrics/values.yaml (84%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/.helmignore (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/Chart.yaml (78%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/README.md (73%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/templates/NOTES.txt (92%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/templates/_helpers.tpl (85%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/templates/clusterrole.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/templates/clusterrolebinding.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/templates/daemonset.yaml (85%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/templates/endpoints.yaml (91%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/templates/extra-manifests.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/templates/networkpolicy.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/templates/podmonitor.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/templates/rbac-configmap.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/templates/service.yaml (91%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/templates/serviceaccount.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/templates/servicemonitor.yaml (85%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/templates/verticalpodautoscaler.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/charts/prometheus-node-exporter/values.yaml (92%) rename charts/{rancher-monitoring/charts/prometheus-adapter => kube-prometheus-stack/charts/prometheus-windows-exporter}/.helmignore (100%) rename charts/{rancher-monitoring/charts/windowsExporter => kube-prometheus-stack/charts/prometheus-windows-exporter}/Chart.yaml (68%) rename charts/{rancher-monitoring/charts/windowsExporter => kube-prometheus-stack/charts/prometheus-windows-exporter}/README.md (56%) rename charts/{rancher-monitoring/charts/windowsExporter => kube-prometheus-stack/charts/prometheus-windows-exporter}/templates/_helpers.tpl (56%) rename charts/{rancher-monitoring/charts/windowsExporter => kube-prometheus-stack/charts/prometheus-windows-exporter}/templates/config.yaml (83%) rename charts/{rancher-monitoring/charts/windowsExporter => kube-prometheus-stack/charts/prometheus-windows-exporter}/templates/daemonset.yaml (90%) rename charts/{rancher-monitoring/charts/windowsExporter => kube-prometheus-stack/charts/prometheus-windows-exporter}/templates/podmonitor.yaml (97%) rename charts/{rancher-monitoring/charts/windowsExporter => kube-prometheus-stack/charts/prometheus-windows-exporter}/templates/service.yaml (76%) rename charts/{rancher-monitoring/charts/windowsExporter => kube-prometheus-stack/charts/prometheus-windows-exporter}/templates/serviceaccount.yaml (90%) rename charts/{rancher-monitoring/charts/windowsExporter => kube-prometheus-stack/charts/prometheus-windows-exporter}/templates/servicemonitor.yaml (70%) rename charts/{rancher-monitoring/charts/windowsExporter => kube-prometheus-stack/charts/prometheus-windows-exporter}/values.yaml (96%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/NOTES.txt (73%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/_helpers.tpl (66%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/alertmanager/alertmanager.yaml (82%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/alertmanager/extrasecret.yaml (90%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/alertmanager/ingress.yaml (71%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/alertmanager/ingressperreplica.yaml (76%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/alertmanager/networkpolicy.yaml (92%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/alertmanager/podDisruptionBudget.yaml (53%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/alertmanager/route.yaml (90%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/alertmanager/secret.yaml (64%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/alertmanager/service.yaml (94%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/alertmanager/serviceaccount.yaml (92%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/alertmanager/servicemonitor.yaml (76%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/alertmanager/serviceperreplica.yaml (96%) create mode 100644 charts/kube-prometheus-stack/templates/alertmanager/verticalpodautoscaler.yaml rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/core-dns/service.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/core-dns/servicemonitor.yaml (75%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/kube-api-server/servicemonitor.yaml (81%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/kube-controller-manager/endpoints.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/kube-controller-manager/service.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/kube-controller-manager/servicemonitor.yaml (83%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/kube-dns/service.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/kube-dns/servicemonitor.yaml (77%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/kube-etcd/endpoints.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/kube-etcd/service.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/kube-etcd/servicemonitor.yaml (80%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/kube-proxy/endpoints.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/kube-proxy/service.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/kube-proxy/servicemonitor.yaml (77%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/kube-scheduler/endpoints.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/kube-scheduler/service.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/kube-scheduler/servicemonitor.yaml (82%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/exporters/kubelet/servicemonitor.yaml (89%) create mode 100644 charts/kube-prometheus-stack/templates/extra-objects.yaml rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/grafana/configmaps-datasources.yaml (82%) create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/alertmanager-overview.yaml rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/grafana/dashboards-1.14/apiserver.yaml (87%) create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/cluster-total.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/controller-manager.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/etcd.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/grafana-overview.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-coredns.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-multicluster.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-node.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/grafana/dashboards-1.14/k8s-resources-windows-cluster.yaml (80%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/grafana/dashboards-1.14/k8s-resources-windows-namespace.yaml (78%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/grafana/dashboards-1.14/k8s-resources-windows-pod.yaml (80%) create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/grafana/dashboards-1.14/k8s-windows-cluster-rsrc-use.yaml (71%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/grafana/dashboards-1.14/k8s-windows-node-rsrc-use.yaml (75%) create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/kubelet.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-pod.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-workload.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-rsrc-use.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-aix.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-darwin.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/pod-total.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/proxy.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/scheduler.yaml create mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/workload-total.yaml rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/_prometheus-operator.tpl (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/_prometheus-operator-webhook.tpl (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/deployment/deployment.yaml (98%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/deployment/pdb.yaml (59%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/deployment/service.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/deployment/serviceaccount.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-createSecret.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-patchWebhook.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml (64%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml (84%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml (77%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-createSecret.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-patchWebhook.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml (96%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml (51%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/aggregate-clusterroles.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/certmanager.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/ciliumnetworkpolicy.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/clusterrole.yaml (86%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/clusterrolebinding.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/deployment.yaml (92%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/networkpolicy.yaml (91%) create mode 100644 charts/kube-prometheus-stack/templates/prometheus-operator/pdb.yaml rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/service.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/serviceaccount.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/servicemonitor.yaml (75%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus-operator/verticalpodautoscaler.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/_rules.tpl (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/additionalAlertRelabelConfigs.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/additionalAlertmanagerConfigs.yaml (100%) create mode 100644 charts/kube-prometheus-stack/templates/prometheus/additionalPrometheusRules.yaml rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/additionalScrapeConfigs.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/ciliumnetworkpolicy.yaml (65%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/clusterrole.yaml (85%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/clusterrolebinding.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/csi-secret.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/extrasecret.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/ingress.yaml (72%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/ingressThanosSidecar.yaml (72%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/ingressperreplica.yaml (78%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/networkpolicy.yaml (88%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/podDisruptionBudget.yaml (64%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/podmonitors.yaml (92%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/prometheus.yaml (87%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/route.yaml (94%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/alertmanager.rules.yaml (92%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/config-reloaders.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/etcd.yaml (99%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/general.rules.yaml (88%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/k8s.rules.container_cpu_limits.yaml (97%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/k8s.rules.container_cpu_requests.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/k8s.rules.container_cpu_usage_seconds_total.yaml (63%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/k8s.rules.container_memory_cache.yaml (92%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/k8s.rules.container_memory_limits.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/k8s.rules.container_memory_requests.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/k8s.rules.container_memory_rss.yaml (92%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/k8s.rules.container_memory_swap.yaml (92%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/k8s.rules.container_memory_working_set_bytes.yaml (92%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/k8s.rules.container_resource.yaml (100%) create mode 100644 charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.pod_owner.yaml rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml (95%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml (75%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kube-state-metrics.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kubelet.rules.yaml (57%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kubernetes-apps.yaml (81%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kubernetes-resources.yaml (66%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kubernetes-storage.yaml (80%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml (99%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml (85%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kubernetes-system-kube-proxy.yaml (88%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml (79%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml (89%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/kubernetes-system.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/node-exporter.rules.yaml (76%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/node-exporter.yaml (99%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/node-network.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/node.rules.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/prometheus-operator.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/prometheus.yaml (99%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/windows.node.rules.yaml (98%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/rules-1.14/windows.pod.rules.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/secret.yaml (83%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/service.yaml (90%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/serviceThanosSidecar.yaml (96%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/serviceThanosSidecarExternal.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/serviceaccount.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/servicemonitor.yaml (89%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/servicemonitorThanosSidecar.yaml (76%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/servicemonitors.yaml (92%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/prometheus/serviceperreplica.yaml (100%) create mode 100644 charts/kube-prometheus-stack/templates/prometheus/verticalpodautoscaler.yaml rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/thanos-ruler/extrasecret.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/thanos-ruler/ingress.yaml (71%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/thanos-ruler/podDisruptionBudget.yaml (59%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/thanos-ruler/route.yaml (94%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/thanos-ruler/ruler.yaml (91%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/thanos-ruler/secret.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/thanos-ruler/service.yaml (96%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/thanos-ruler/serviceaccount.yaml (100%) rename charts/{rancher-monitoring => kube-prometheus-stack}/templates/thanos-ruler/servicemonitor.yaml (90%) rename charts/{rancher-monitoring => kube-prometheus-stack}/values.yaml (82%) delete mode 100644 charts/rancher-monitoring/CHANGELOG.md delete mode 100644 charts/rancher-monitoring/Chart.yaml delete mode 100644 charts/rancher-monitoring/app-README.md delete mode 100644 charts/rancher-monitoring/charts/grafana/README.md delete mode 100644 charts/rancher-monitoring/charts/grafana/templates/nginx-config.yaml delete mode 100644 charts/rancher-monitoring/charts/grafana/templates/tests/test-configmap.yaml delete mode 100644 charts/rancher-monitoring/charts/grafana/templates/tests/test-podsecuritypolicy.yaml delete mode 100644 charts/rancher-monitoring/charts/grafana/templates/tests/test-role.yaml delete mode 100644 charts/rancher-monitoring/charts/grafana/templates/tests/test-rolebinding.yaml delete mode 100644 charts/rancher-monitoring/charts/grafana/templates/tests/test-serviceaccount.yaml delete mode 100644 charts/rancher-monitoring/charts/grafana/templates/tests/test.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedKubelet/.helmignore delete mode 100644 charts/rancher-monitoring/charts/hardenedKubelet/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedKubelet/README.md delete mode 100644 charts/rancher-monitoring/charts/hardenedKubelet/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-clients-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-clients.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-proxy-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-proxy.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedKubelet/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedKubelet/templates/validate-psp-install.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedKubelet/values.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedNodeExporter/.helmignore delete mode 100644 charts/rancher-monitoring/charts/hardenedNodeExporter/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedNodeExporter/README.md delete mode 100644 charts/rancher-monitoring/charts/hardenedNodeExporter/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-clients-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-clients.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-proxy-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-proxy.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedNodeExporter/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedNodeExporter/templates/validate-psp-install.yaml delete mode 100644 charts/rancher-monitoring/charts/hardenedNodeExporter/values.yaml delete mode 100644 charts/rancher-monitoring/charts/k3sServer/.helmignore delete mode 100644 charts/rancher-monitoring/charts/k3sServer/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/k3sServer/README.md delete mode 100644 charts/rancher-monitoring/charts/k3sServer/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/k3sServer/templates/pushprox-clients-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/k3sServer/templates/pushprox-clients.yaml delete mode 100644 charts/rancher-monitoring/charts/k3sServer/templates/pushprox-proxy-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/k3sServer/templates/pushprox-proxy.yaml delete mode 100644 charts/rancher-monitoring/charts/k3sServer/templates/pushprox-servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/charts/k3sServer/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/charts/k3sServer/templates/validate-psp-install.yaml delete mode 100644 charts/rancher-monitoring/charts/k3sServer/values.yaml delete mode 100644 charts/rancher-monitoring/charts/kube-state-metrics/templates/podsecuritypolicy.yaml delete mode 100644 charts/rancher-monitoring/charts/kube-state-metrics/templates/psp-clusterrole.yaml delete mode 100644 charts/rancher-monitoring/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmControllerManager/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmControllerManager/README.md delete mode 100644 charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/validate-psp-install.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmControllerManager/values.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmEtcd/.helmignore delete mode 100644 charts/rancher-monitoring/charts/kubeAdmEtcd/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmEtcd/README.md delete mode 100644 charts/rancher-monitoring/charts/kubeAdmEtcd/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-clients.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmEtcd/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmEtcd/templates/validate-psp-install.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmEtcd/values.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmProxy/.helmignore delete mode 100644 charts/rancher-monitoring/charts/kubeAdmProxy/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmProxy/README.md delete mode 100644 charts/rancher-monitoring/charts/kubeAdmProxy/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-clients.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-proxy.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmProxy/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmProxy/templates/validate-psp-install.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmProxy/values.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmScheduler/.helmignore delete mode 100644 charts/rancher-monitoring/charts/kubeAdmScheduler/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmScheduler/README.md delete mode 100644 charts/rancher-monitoring/charts/kubeAdmScheduler/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-clients.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmScheduler/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmScheduler/templates/validate-psp-install.yaml delete mode 100644 charts/rancher-monitoring/charts/kubeAdmScheduler/values.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/README.md delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/NOTES.txt delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/certmanager.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-auth-reader.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/configmap.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/deployment.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/pdb.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/psp.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/secret.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/service.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/templates/serviceaccount.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-adapter/values.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml delete mode 100644 charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2ControllerManager/.helmignore delete mode 100644 charts/rancher-monitoring/charts/rke2ControllerManager/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2ControllerManager/README.md delete mode 100644 charts/rancher-monitoring/charts/rke2ControllerManager/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-clients.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-proxy.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2ControllerManager/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2ControllerManager/templates/validate-psp-install.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2ControllerManager/values.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Etcd/.helmignore delete mode 100644 charts/rancher-monitoring/charts/rke2Etcd/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Etcd/README.md delete mode 100644 charts/rancher-monitoring/charts/rke2Etcd/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-clients.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-proxy.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Etcd/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Etcd/templates/validate-psp-install.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Etcd/values.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2IngressNginx/.helmignore delete mode 100644 charts/rancher-monitoring/charts/rke2IngressNginx/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2IngressNginx/README.md delete mode 100644 charts/rancher-monitoring/charts/rke2IngressNginx/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-clients-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-clients.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-proxy-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-proxy.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2IngressNginx/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2IngressNginx/templates/validate-psp-install.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2IngressNginx/values.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Proxy/.helmignore delete mode 100644 charts/rancher-monitoring/charts/rke2Proxy/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Proxy/README.md delete mode 100644 charts/rancher-monitoring/charts/rke2Proxy/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-clients.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-proxy.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Proxy/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Proxy/templates/validate-psp-install.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Proxy/values.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Scheduler/.helmignore delete mode 100644 charts/rancher-monitoring/charts/rke2Scheduler/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Scheduler/README.md delete mode 100644 charts/rancher-monitoring/charts/rke2Scheduler/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-clients.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-proxy.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Scheduler/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Scheduler/templates/validate-psp-install.yaml delete mode 100644 charts/rancher-monitoring/charts/rke2Scheduler/values.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeControllerManager/.helmignore delete mode 100644 charts/rancher-monitoring/charts/rkeControllerManager/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeControllerManager/README.md delete mode 100644 charts/rancher-monitoring/charts/rkeControllerManager/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-clients.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-proxy.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeControllerManager/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeControllerManager/templates/validate-psp-install.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeControllerManager/values.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeEtcd/.helmignore delete mode 100644 charts/rancher-monitoring/charts/rkeEtcd/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeEtcd/README.md delete mode 100644 charts/rancher-monitoring/charts/rkeEtcd/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-clients.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-proxy.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeEtcd/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeEtcd/templates/validate-psp-install.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeEtcd/values.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeIngressNginx/.helmignore delete mode 100644 charts/rancher-monitoring/charts/rkeIngressNginx/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeIngressNginx/README.md delete mode 100644 charts/rancher-monitoring/charts/rkeIngressNginx/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-clients-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-clients.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-proxy-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-proxy.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeIngressNginx/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeIngressNginx/templates/validate-psp-install.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeIngressNginx/values.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeProxy/.helmignore delete mode 100644 charts/rancher-monitoring/charts/rkeProxy/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeProxy/README.md delete mode 100644 charts/rancher-monitoring/charts/rkeProxy/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-clients-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-clients.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-proxy.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeProxy/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeProxy/templates/validate-psp-install.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeProxy/values.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeScheduler/.helmignore delete mode 100644 charts/rancher-monitoring/charts/rkeScheduler/Chart.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeScheduler/README.md delete mode 100644 charts/rancher-monitoring/charts/rkeScheduler/templates/_helpers.tpl delete mode 100644 charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-clients.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-proxy.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeScheduler/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeScheduler/templates/validate-psp-install.yaml delete mode 100644 charts/rancher-monitoring/charts/rkeScheduler/values.yaml delete mode 100644 charts/rancher-monitoring/charts/windowsExporter/.helmignore delete mode 100644 charts/rancher-monitoring/charts/windowsExporter/scripts/configure-firewall.ps1 delete mode 100644 charts/rancher-monitoring/charts/windowsExporter/templates/scriptConfig.yaml delete mode 100644 charts/rancher-monitoring/files/ingress-nginx/nginx.json delete mode 100644 charts/rancher-monitoring/files/ingress-nginx/request-handling-performance.json delete mode 100644 charts/rancher-monitoring/files/rancher/cluster/rancher-cluster-nodes.json delete mode 100644 charts/rancher-monitoring/files/rancher/cluster/rancher-cluster.json delete mode 100644 charts/rancher-monitoring/files/rancher/fleet/bundle.json delete mode 100644 charts/rancher-monitoring/files/rancher/fleet/bundledeployment.json delete mode 100644 charts/rancher-monitoring/files/rancher/fleet/cluster.json delete mode 100644 charts/rancher-monitoring/files/rancher/fleet/clustergroup.json delete mode 100644 charts/rancher-monitoring/files/rancher/fleet/controller-runtime.json delete mode 100644 charts/rancher-monitoring/files/rancher/fleet/gitrepo.json delete mode 100644 charts/rancher-monitoring/files/rancher/home/rancher-default-home.json delete mode 100644 charts/rancher-monitoring/files/rancher/k8s/rancher-etcd-nodes.json delete mode 100644 charts/rancher-monitoring/files/rancher/k8s/rancher-etcd.json delete mode 100644 charts/rancher-monitoring/files/rancher/k8s/rancher-k8s-components-nodes.json delete mode 100644 charts/rancher-monitoring/files/rancher/k8s/rancher-k8s-components.json delete mode 100644 charts/rancher-monitoring/files/rancher/logging/fluentbit.json delete mode 100644 charts/rancher-monitoring/files/rancher/logging/fluentd.json delete mode 100644 charts/rancher-monitoring/files/rancher/nodes/rancher-node-detail.json delete mode 100644 charts/rancher-monitoring/files/rancher/nodes/rancher-node.json delete mode 100644 charts/rancher-monitoring/files/rancher/performance/performance-debugging.json delete mode 100644 charts/rancher-monitoring/files/rancher/pods/rancher-pod-containers.json delete mode 100644 charts/rancher-monitoring/files/rancher/pods/rancher-pod.json delete mode 100644 charts/rancher-monitoring/files/rancher/workloads/rancher-workload-pods.json delete mode 100644 charts/rancher-monitoring/files/rancher/workloads/rancher-workload.json delete mode 100644 charts/rancher-monitoring/files/upgrade/scripts/delete-workloads-with-old-labels.sh delete mode 100644 charts/rancher-monitoring/my-values/values-prod.yaml delete mode 100644 charts/rancher-monitoring/templates/alertmanager/psp-role.yaml delete mode 100644 charts/rancher-monitoring/templates/alertmanager/psp-rolebinding.yaml delete mode 100644 charts/rancher-monitoring/templates/alertmanager/psp.yaml delete mode 100644 charts/rancher-monitoring/templates/exporters/kube-state-metrics/validate.yaml delete mode 100644 charts/rancher-monitoring/templates/exporters/node-exporter/validate.yaml delete mode 100644 charts/rancher-monitoring/templates/extra-objects.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/alertmanager-overview.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/cluster-total.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/controller-manager.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/etcd.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/grafana-overview.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-coredns.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-multicluster.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-node.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/kubelet.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/namespace-by-pod.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/namespace-by-workload.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/node-rsrc-use.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes-aix.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes-darwin.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/pod-total.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/prometheus.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/proxy.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/scheduler.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/dashboards-1.14/workload-total.yaml delete mode 100644 charts/rancher-monitoring/templates/grafana/namespaces.yaml delete mode 100644 charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml delete mode 100644 charts/rancher-monitoring/templates/prometheus-operator/psp-clusterrole.yaml delete mode 100644 charts/rancher-monitoring/templates/prometheus-operator/psp-clusterrolebinding.yaml delete mode 100644 charts/rancher-monitoring/templates/prometheus-operator/psp.yaml delete mode 100644 charts/rancher-monitoring/templates/prometheus/additionalPrometheusRules.yaml delete mode 100644 charts/rancher-monitoring/templates/prometheus/nginx-config.yaml delete mode 100644 charts/rancher-monitoring/templates/prometheus/psp-clusterrole.yaml delete mode 100644 charts/rancher-monitoring/templates/prometheus/psp-clusterrolebinding.yaml delete mode 100644 charts/rancher-monitoring/templates/prometheus/psp.yaml delete mode 100644 charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.pod_owner.yaml delete mode 100644 charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/clusterrole.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/config-role.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/dashboard-role.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/fleet-dashboards.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/fluentbit-dashboard.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/fluentd-dashboard.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/performance-dashboards.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/exporters/fleet/servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/network-policy.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/exporters/rancher/servicemonitor.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/hardened.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/upgrade/configmap.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/upgrade/job.yaml delete mode 100644 charts/rancher-monitoring/templates/rancher-monitoring/upgrade/rbac.yaml delete mode 100644 charts/rancher-monitoring/templates/validate-install-crd.yaml delete mode 100644 charts/rancher-monitoring/templates/validate-psp-install.yaml delete mode 100644 charts/uptime-kuma/.helmignore delete mode 100644 charts/uptime-kuma/Chart.yaml delete mode 100644 charts/uptime-kuma/my-values/values-prod.yaml delete mode 100644 charts/uptime-kuma/templates/NOTES.txt delete mode 100644 charts/uptime-kuma/templates/_helpers.tpl delete mode 100644 charts/uptime-kuma/templates/deployment.yaml delete mode 100644 charts/uptime-kuma/templates/ingress.yaml delete mode 100644 charts/uptime-kuma/templates/pvc.yaml delete mode 100644 charts/uptime-kuma/templates/service.yaml delete mode 100644 charts/uptime-kuma/templates/serviceaccount.yaml delete mode 100644 charts/uptime-kuma/templates/statefulset.yaml delete mode 100644 charts/uptime-kuma/templates/tests/test-connection.yaml delete mode 100644 charts/uptime-kuma/values.yaml delete mode 100644 manifests/alertmanager/monitoring.yaml delete mode 100644 manifests/external-secrets/grafana/external-secret.yaml delete mode 100644 manifests/grafana/monitoring.yaml delete mode 100644 manifests/kibana-int/monitoring.yaml delete mode 100644 manifests/kibana/monitoring.yaml create mode 100644 manifests/kube-prometheus-stack/values.yaml delete mode 100644 manifests/kuma/monitoring.yaml delete mode 100644 manifests/prometheus-scrape-secret/additional-scrape-configs.yaml delete mode 100644 manifests/prometheus/monitoring.yaml delete mode 100644 manifests/rancher-monitoring/grafana/monitoring.yaml delete mode 100644 manifests/rancher-monitoring/prometheus/monitoring.yaml delete mode 100644 manifests/uptime-kuma/cname.yaml diff --git a/applicationsets/eck-resources.yaml b/applicationsets/eck-resources.yaml deleted file mode 100644 index f189788..0000000 --- a/applicationsets/eck-resources.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: eck-resources - namespace: argocd -spec: - generators: - - list: - elements: - - env: prod - valuesFile: values-prod.yaml - nameSuffix: eck-prod - host: kibana.dvirlabs.com - - env: int - valuesFile: values-int.yaml - nameSuffix: eck-int - host: kibana-int.dvirlabs.com - template: - metadata: - name: '{{nameSuffix}}' - spec: - project: observability - source: - repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git - targetRevision: master - path: charts/eck-resources - helm: - valueFiles: - - my-values/{{valuesFile}} - destination: - server: https://kubernetes.default.svc - namespace: monitoring - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/applicationsets/external-secrets-appset.yaml b/applicationsets/external-secrets-appset.yaml deleted file mode 100644 index 3b4dcf5..0000000 --- a/applicationsets/external-secrets-appset.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: external-secrets-appset - namespace: argocd -spec: - generators: - - git: - repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git - revision: master - directories: - - path: manifests/external-secrets - template: - metadata: - name: 'external-secret-{{path.basename}}' - spec: - project: observability - source: - repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git - targetRevision: master - path: '{{path}}' - directory: - recurse: true - destination: - server: https://kubernetes.default.svc - namespace: monitoring - syncPolicy: - automated: - prune: true - selfHeal: true \ No newline at end of file diff --git a/applicationsets/prometheus-scrape-secret.yaml b/applicationsets/prometheus-scrape-secret.yaml deleted file mode 100644 index cc7c260..0000000 --- a/applicationsets/prometheus-scrape-secret.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: prometheus-scrape-secret - namespace: argocd -spec: - generators: - - list: - elements: - - name: prometheus-scrape-secret - template: - metadata: - name: '{{name}}' - spec: - project: observability - source: - repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git - targetRevision: HEAD - path: manifests/prometheus-scrape-secret - destination: - server: https://kubernetes.default.svc - namespace: monitoring - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/applicationsets/rancher-monitoring-appset.yaml b/applicationsets/rancher-monitoring-appset.yaml deleted file mode 100644 index 9e3506e..0000000 --- a/applicationsets/rancher-monitoring-appset.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: rancher-monitoring-appset - namespace: argocd -spec: - generators: - - list: - elements: - - env: prod - valuesFile: values-prod.yaml - nameSuffix: rancher-monitoring-prod - host: grafana.dvirlabs.com - template: - metadata: - name: '{{nameSuffix}}' - spec: - project: observability - source: - repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git - targetRevision: HEAD - path: charts/rancher-monitoring - helm: - valueFiles: - - my-values/{{valuesFile}} - destination: - server: https://kubernetes.default.svc - namespace: monitoring - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/applicationsets/uptime-kuma.yaml b/applicationsets/uptime-kuma.yaml deleted file mode 100644 index 5e9eb5a..0000000 --- a/applicationsets/uptime-kuma.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: uptime-kuma - namespace: argocd -spec: - generators: - - list: - elements: - - env: prod - valuesFile: values-prod.yaml - nameSuffix: uptime-kuma-prod - host: kuma.dvirlabs.com - template: - metadata: - name: '{{nameSuffix}}' - spec: - project: observability - source: - repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git - targetRevision: master - path: charts/uptime-kuma - helm: - valueFiles: - - my-values/{{valuesFile}} - destination: - server: https://kubernetes.default.svc - namespace: monitoring - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/argocd-apps/kube-prometheus-stack.yaml b/argocd-apps/kube-prometheus-stack.yaml new file mode 100644 index 0000000..9cb7ff7 --- /dev/null +++ b/argocd-apps/kube-prometheus-stack.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kube-prometheus-stack + namespace: argocd +spec: + project: observability + source: + repoURL: ssh://git@gitea-ssh.dev-tools.svc.cluster.local.:2222/dvirlabs/observability-stack.git + targetRevision: HEAD + path: charts/kube-prometheus-stack + helm: + valueFiles: + - ../../manifests/kube-prometheus-stack/values.yaml + destination: + server: https://kubernetes.default.svc + namespace: observability + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true \ No newline at end of file diff --git a/charts/eck-resources/Chart.yaml b/charts/eck-resources/Chart.yaml deleted file mode 100644 index 5eee716..0000000 --- a/charts/eck-resources/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v2 -name: eck-resources -description: Deploy ECK Elasticsearch and Kibana CRs -version: 0.1.0 -appVersion: "8.12.0" diff --git a/charts/eck-resources/my-values/values-int.yaml b/charts/eck-resources/my-values/values-int.yaml deleted file mode 100644 index bbd66ba..0000000 --- a/charts/eck-resources/my-values/values-int.yaml +++ /dev/null @@ -1,3 +0,0 @@ -enabled: false -env: int -host: kibana-int.dvirlabs.com \ No newline at end of file diff --git a/charts/eck-resources/my-values/values-prod.yaml b/charts/eck-resources/my-values/values-prod.yaml deleted file mode 100644 index 93cffec..0000000 --- a/charts/eck-resources/my-values/values-prod.yaml +++ /dev/null @@ -1,3 +0,0 @@ -enabled: true -env: prod -host: kibana.dvirlabs.com \ No newline at end of file diff --git a/charts/eck-resources/templates/elasticsearch.yaml b/charts/eck-resources/templates/elasticsearch.yaml deleted file mode 100644 index 027bdf9..0000000 --- a/charts/eck-resources/templates/elasticsearch.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# elasticsearch.yaml -apiVersion: elasticsearch.k8s.elastic.co/v1 -kind: Elasticsearch -metadata: - name: elasticsearch-{{ .Values.env }} - namespace: monitoring -spec: - version: 8.12.0 - nodeSets: - - name: default - count: 1 - config: - node.store.allow_mmap: false - volumeClaimTemplates: - - metadata: - name: elasticsearch-data - spec: - accessModes: ["ReadWriteOnce"] - storageClassName: nfs-client - resources: - requests: - storage: 100Gi diff --git a/charts/eck-resources/templates/kibana-ingress.yaml b/charts/eck-resources/templates/kibana-ingress.yaml deleted file mode 100644 index f5c1cc3..0000000 --- a/charts/eck-resources/templates/kibana-ingress.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# ingress.yaml (Kibana) -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: kibana-{{ .Values.env }} - namespace: monitoring - annotations: - kubernetes.io/ingress.class: traefik - # if behind Cloudflare, strongly recommended to disable cache for bundles: - traefik.ingress.kubernetes.io/browser-xss-filter: "true" -spec: - tls: - - hosts: [kibana.dvirlabs.com] - secretName: kibana-tls - rules: - - host: kibana.dvirlabs.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: kibana-{{ .Values.env }}-kb-http - port: - number: 5601 diff --git a/charts/eck-resources/templates/kibana.yaml b/charts/eck-resources/templates/kibana.yaml deleted file mode 100644 index cb65431..0000000 --- a/charts/eck-resources/templates/kibana.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# kibana.yaml -apiVersion: kibana.k8s.elastic.co/v1 -kind: Kibana -metadata: - name: kibana-{{ .Values.env }} - namespace: monitoring -spec: - version: 8.12.0 - count: 1 - elasticsearchRef: - name: elasticsearch-{{ .Values.env }} # same ns: monitoring - config: - # set correct external URL for Ingress - server.publicBaseUrl: "https://kibana.dvirlabs.com" - # if you use a path like /kibana, also set: - # server.basePath: "/kibana" - # server.rewriteBasePath: true - xpack.security.authc.providers: - basic.basic1: - order: 0 - http: - tls: - selfSignedCertificate: - disabled: true # Ingress terminates TLS - service: - spec: - type: ClusterIP diff --git a/charts/rancher-monitoring/charts/grafana/.helmignore b/charts/kube-prometheus-stack/.helmignore similarity index 74% rename from charts/rancher-monitoring/charts/grafana/.helmignore rename to charts/kube-prometheus-stack/.helmignore index 8cade13..925b647 100644 --- a/charts/rancher-monitoring/charts/grafana/.helmignore +++ b/charts/kube-prometheus-stack/.helmignore @@ -16,8 +16,18 @@ *.tmp *~ # Various IDEs -.vscode .project .idea/ *.tmproj +# helm/charts OWNERS +hack/ +ci/ +kube-prometheus-*.tgz + +unittests/ +files/dashboards/ + +UPGRADE.md +CONTRIBUTING.md +.editorconfig diff --git a/charts/kube-prometheus-stack/Chart.lock b/charts/kube-prometheus-stack/Chart.lock new file mode 100644 index 0000000..69a6c2e --- /dev/null +++ b/charts/kube-prometheus-stack/Chart.lock @@ -0,0 +1,18 @@ +dependencies: +- name: crds + repository: "" + version: 0.0.0 +- name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 7.2.2 +- name: prometheus-node-exporter + repository: https://prometheus-community.github.io/helm-charts + version: 4.53.1 +- name: grafana + repository: https://grafana-community.github.io/helm-charts + version: 11.6.1 +- name: prometheus-windows-exporter + repository: https://prometheus-community.github.io/helm-charts + version: 0.12.6 +digest: sha256:e21304bc9748d1449437449b6e8819afeed2f1f68c473efb775f712790bdff40 +generated: "2026-04-14T18:06:28.207180094Z" diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml new file mode 100644 index 0000000..ea4d119 --- /dev/null +++ b/charts/kube-prometheus-stack/Chart.yaml @@ -0,0 +1,72 @@ +annotations: + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Chart Source + url: https://github.com/prometheus-community/helm-charts + - name: Upstream Project + url: https://github.com/prometheus-operator/kube-prometheus + - name: Upgrade Process + url: https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/README.md#upgrading-chart + artifacthub.io/operator: "true" +apiVersion: v2 +appVersion: v0.90.1 +dependencies: +- condition: crds.enabled + name: crds + repository: "" + version: 0.0.0 +- condition: kubeStateMetrics.enabled + name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 7.2.2 +- condition: nodeExporter.enabled + name: prometheus-node-exporter + repository: https://prometheus-community.github.io/helm-charts + version: 4.53.1 +- condition: grafana.enabled + name: grafana + repository: https://grafana-community.github.io/helm-charts + version: 11.6.1 +- condition: windowsMonitoring.enabled + name: prometheus-windows-exporter + repository: https://prometheus-community.github.io/helm-charts + version: 0.12.* +description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, + and Prometheus rules combined with documentation and scripts to provide easy to + operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus + Operator. +home: https://github.com/prometheus-operator/kube-prometheus +icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png +keywords: +- operator +- prometheus +- kube-prometheus +kubeVersion: '>=1.25.0-0' +maintainers: +- email: andrew@quadcorps.co.uk + name: andrewgkew + url: https://github.com/andrewgkew +- email: gianrubio@gmail.com + name: gianrubio + url: https://github.com/gianrubio +- email: github.gkarthiks@gmail.com + name: gkarthiks + url: https://github.com/gkarthiks +- email: kube-prometheus-stack@sisti.pt + name: GMartinez-Sisti + url: https://github.com/GMartinez-Sisti +- email: github@jkroepke.de + name: jkroepke + url: https://github.com/jkroepke +- email: miroslav.hadzhiev@gmail.com + name: Xtigyro + url: https://github.com/Xtigyro +- email: quentin.bisson@gmail.com + name: QuentinBisson + url: https://github.com/QuentinBisson +name: kube-prometheus-stack +sources: +- https://github.com/prometheus-community/helm-charts +- https://github.com/prometheus-operator/kube-prometheus +type: application +version: 83.4.2 diff --git a/charts/rancher-monitoring/README.md b/charts/kube-prometheus-stack/README.md similarity index 80% rename from charts/rancher-monitoring/README.md rename to charts/kube-prometheus-stack/README.md index f7792ac..bb4f2fa 100644 --- a/charts/rancher-monitoring/README.md +++ b/charts/kube-prometheus-stack/README.md @@ -11,26 +11,26 @@ _Note: This chart was formerly named `prometheus-operator` chart, now renamed to - Kubernetes 1.19+ - Helm 3+ -## Get Helm Repository Info +## Usage + +The chart is distributed as an [OCI Artifact](https://helm.sh/docs/topics/registries/) as well as via a traditional [Helm Repository](https://helm.sh/docs/topics/chart_repository/). + +- OCI Artifact: `oci://ghcr.io/prometheus-community/charts/kube-prometheus-stack` +- Helm Repository: `https://prometheus-community.github.io/helm-charts` with chart `kube-prometheus-stack` + +The installation instructions use the OCI registry. Refer to the [`helm repo`]([`helm repo`](https://helm.sh/docs/helm/helm_repo/)) command documentation for information on installing charts via the traditional repository. + +### Install Helm Chart ```console -helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -helm repo update -``` - -_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Helm Chart - -```console -helm install [RELEASE_NAME] prometheus-community/kube-prometheus-stack +helm install [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/kube-prometheus-stack ``` _See [configuration](#configuration) below._ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ -## Dependencies +### Dependencies By default this chart installs additional, dependent charts: @@ -42,7 +42,17 @@ To disable dependencies during installation, see [multiple releases](#multiple-r _See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._ -## Uninstall Helm Chart +#### Grafana Dashboards + +This chart provisions a collection of curated Grafana dashboards that are automatically loaded into Grafana via ConfigMaps. These dashboards are rendered into the Helm chart under [`templates/grafana/`](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/templates/grafana/), but **this is not their source of truth**. + +The dashboards originate from various upstream projects and are gathered and processed using scripts in the [`hack/`](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack) directory. For details on how these dashboards are sourced and kept up to date, refer to the [hack/README.md](https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/hack/README.md). + +> **Note:** The dashboards referenced in the `hack` scripts are usually **not the original source** either. Most originate from separate **Prometheus mixin repositories** (e.g., [kubernetes-mixin](https://github.com/kubernetes-monitoring/kubernetes-mixin)) and are processed through `jsonnet` tooling before being included here. To find the original source in case you want to modify it you may have to search even further upstream. + +If you wish to contribute or modify dashboards, please follow the guidance in the `hack/README.md` to ensure consistency and reproducibility. + +### Uninstall Helm Chart ```console helm uninstall [RELEASE_NAME] @@ -67,10 +77,10 @@ kubectl delete crd servicemonitors.monitoring.coreos.com kubectl delete crd thanosrulers.monitoring.coreos.com ``` -## Upgrading Chart +### Upgrading Chart ```console -helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack +helm upgrade [RELEASE_NAME] [CHART] ``` With Helm v3, CRDs created by this chart are not updated by default and should be manually updated. @@ -81,7 +91,7 @@ The Chart's [appVersion](https://github.com/prometheus-community/helm-charts/blo _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ -### Upgrading an existing Release to a new major version +#### Upgrading an existing Release to a new major version A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. @@ -93,41 +103,36 @@ for breaking changes between versions. See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: ```console -helm show values prometheus-community/kube-prometheus-stack +helm show values oci://ghcr.io/prometheus-community/charts/kube-prometheus-stack ``` -You may also run `helm show values` on this chart's [dependencies](#dependencies) for additional options. +You may also `helm show values` on this chart's [dependencies](#dependencies) for additional options. -### Rancher Monitoring Configuration +For templated Grafana datasource definitions (e.g. when using Helm flow control), use `grafana.additionalDataSourcesString`, which is rendered via `tpl`. -The following table shows values exposed by Rancher Monitoring's additions to the chart: +### Prometheus High Availability (HA) -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `nameOverride` | Provide a name that should be used instead of the chart name when naming all resources deployed by this chart |`"rancher-monitoring"`| -| `namespaceOverride` | Override the deployment namespace | `"cattle-monitoring-system"` | -| `global.rbac.userRoles.create` | Create default user ClusterRoles to allow users to interact with Prometheus CRs, ConfigMaps, and Secrets | `true` | -| `global.rbac.userRoles.aggregateToDefaultRoles` | Aggregate default user ClusterRoles into default k8s ClusterRoles | `true` | -| `prometheus-adapter.enabled` | Whether to install [prometheus-adapter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-adapter) within the cluster | `true` | -| `prometheus-adapter.prometheus.url` | A URL pointing to the Prometheus deployment within your cluster. The default value is set based on the assumption that you plan to deploy the default Prometheus instance from this chart where `.Values.namespaceOverride=cattle-monitoring-system` and `.Values.nameOverride=rancher-monitoring` | `http://rancher-monitoring-prometheus.cattle-monitoring-system.svc` | -| `prometheus-adapter.prometheus.port` | The port on the Prometheus deployment that Prometheus Adapter can make requests to | `9090` | -| `prometheus.prometheusSpec.ignoreNamespaceSelectors` | Ignore NamespaceSelector settings from the PodMonitor and ServiceMonitor configs. If true, PodMonitors and ServiceMonitors can only discover Pods and Services within the namespace they are deployed into | `false` | +For a basic HA setup, run multiple Prometheus replicas: -The following values are enabled for different distributions via [rancher-pushprox](https://github.com/rancher/dev-charts/tree/master/packages/rancher-pushprox). See the rancher-pushprox `README.md` for more information on what all values can be configured for the PushProxy chart. +```yaml +prometheus: + prometheusSpec: + replicas: 2 + podAntiAffinity: "hard" + externalLabels: + cluster: prod-eu1 +``` -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `rkeControllerManager.enabled` | Create a PushProx installation for monitoring kube-controller-manager metrics in RKE clusters | `false` | -| `rkeScheduler.enabled` | Create a PushProx installation for monitoring kube-scheduler metrics in RKE clusters | `false` | -| `rkeProxy.enabled` | Create a PushProx installation for monitoring kube-proxy metrics in RKE clusters | `false` | -| `rkeIngressNginx.enabled` | Create a PushProx installation for monitoring ingress-nginx metrics in RKE clusters | `false` | -| `rkeEtcd.enabled` | Create a PushProx installation for monitoring etcd metrics in RKE clusters | `false` | -| `rke2IngressNginx.enabled` | Create a PushProx installation for monitoring ingress-nginx metrics in RKE2 clusters | `false` | -| `k3sServer.enabled` | Create a PushProx installation for monitoring k3s-server metrics (accounts for kube-controller-manager, kube-scheduler, and kube-proxy metrics) in k3s clusters | `false` | -| `kubeAdmControllerManager.enabled` | Create a PushProx installation for monitoring kube-controller-manager metrics in kubeAdm clusters | `false` | -| `kubeAdmScheduler.enabled` | Create a PushProx installation for monitoring kube-scheduler metrics in kubeAdm clusters | `false` | -| `kubeAdmProxy.enabled` | Create a PushProx installation for monitoring kube-proxy metrics in kubeAdm clusters | `false` | -| `kubeAdmEtcd.enabled` | Create a PushProx installation for monitoring etcd metrics in kubeAdm clusters | `false` | +Important notes: + +1. `replicas` controls how many Prometheus pods are deployed for each shard. +2. Keep anti-affinity enabled (or hardened) to avoid scheduling all replicas on one node. +3. Do not clear replica/instance external labels in HA setups (`replicaExternalLabelNameClear` / `prometheusExternalLabelNameClear`), otherwise deduplication and alert/source identification become harder. +4. Querying replicas through a Kubernetes Service provides availability, but not sample deduplication across replicas by itself. For global/deduplicated querying, use a Thanos Query layer (or another backend that performs deduplication). + +See also Prometheus Operator HA guidance: + +- [Prometheus Operator HA docs](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/high-availability.md#prometheus) ### Multiple releases @@ -283,7 +288,7 @@ There is no simple and direct migration path between the charts as the changes a The capabilities of the old chart are all available in the new chart, including the ability to run multiple prometheus instances on a single cluster - you will need to disable the parts of the chart you do not wish to deploy. -You can check out the tickets for this change [here](https://github.com/prometheus-operator/prometheus-operator/issues/592) and [here](https://github.com/helm/charts/pull/6765). +You can check out the tickets for this change at [prometheus-operator/prometheus-operator #592](https://github.com/prometheus-operator/prometheus-operator/issues/592) and [helm/charts #6765](https://github.com/helm/charts/pull/6765). ### High-level overview of Changes diff --git a/charts/kube-prometheus-stack/charts/crds/Chart.yaml b/charts/kube-prometheus-stack/charts/crds/Chart.yaml new file mode 100644 index 0000000..adb9e4a --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: crds +version: 0.0.0 diff --git a/charts/kube-prometheus-stack/charts/crds/README.md b/charts/kube-prometheus-stack/charts/crds/README.md new file mode 100644 index 0000000..02092b9 --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/README.md @@ -0,0 +1,3 @@ +# crds subchart + +See: [https://github.com/prometheus-community/helm-charts/issues/3548](https://github.com/prometheus-community/helm-charts/issues/3548) diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml new file mode 100644 index 0000000..ac74578 --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml @@ -0,0 +1,12334 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + operator.prometheus.io/version: 0.90.1 + name: alertmanagerconfigs.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: AlertmanagerConfig + listKind: AlertmanagerConfigList + plural: alertmanagerconfigs + shortNames: + - amcfg + singular: alertmanagerconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + AlertmanagerConfig configures the Prometheus Alertmanager, + specifying how alerts should be grouped, inhibited and notified to external systems. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec defines the specification of AlertmanagerConfigSpec + properties: + inhibitRules: + description: |- + inhibitRules defines the list of inhibition rules. The rules will only apply to alerts matching + the resource's namespace. + items: + description: |- + InhibitRule defines an inhibition rule that allows to mute alerts when other + alerts are already firing. + See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule + properties: + equal: + description: |- + equal defines labels that must have an equal value in the source and target alert + for the inhibition to take effect. This ensures related alerts are properly grouped. + items: + type: string + type: array + x-kubernetes-list-type: atomic + sourceMatch: + description: |- + sourceMatch defines matchers for which one or more alerts have to exist for the inhibition + to take effect. The operator enforces that the alert matches the resource's namespace. + These are the "trigger" alerts that cause other alerts to be inhibited. + items: + description: Matcher defines how to match on alert's labels. + properties: + matchType: + description: |- + matchType defines the match operation available with AlertManager >= v0.22.0. + Takes precedence over Regex (deprecated) if non-empty. + Valid values: "=" (equality), "!=" (inequality), "=~" (regex match), "!~" (regex non-match). + enum: + - '!=' + - = + - =~ + - '!~' + type: string + name: + description: |- + name defines the label to match. + This specifies which alert label should be evaluated. + minLength: 1 + type: string + regex: + description: |- + regex defines whether to match on equality (false) or regular-expression (true). + Deprecated: for AlertManager >= v0.22.0, `matchType` should be used instead. + type: boolean + value: + description: |- + value defines the label value to match. + This is the expected value for the specified label. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-type: atomic + targetMatch: + description: |- + targetMatch defines matchers that have to be fulfilled in the alerts to be muted. + The operator enforces that the alert matches the resource's namespace. + When these conditions are met, matching alerts will be inhibited (silenced). + items: + description: Matcher defines how to match on alert's labels. + properties: + matchType: + description: |- + matchType defines the match operation available with AlertManager >= v0.22.0. + Takes precedence over Regex (deprecated) if non-empty. + Valid values: "=" (equality), "!=" (inequality), "=~" (regex match), "!~" (regex non-match). + enum: + - '!=' + - = + - =~ + - '!~' + type: string + name: + description: |- + name defines the label to match. + This specifies which alert label should be evaluated. + minLength: 1 + type: string + regex: + description: |- + regex defines whether to match on equality (false) or regular-expression (true). + Deprecated: for AlertManager >= v0.22.0, `matchType` should be used instead. + type: boolean + value: + description: |- + value defines the label value to match. + This is the expected value for the specified label. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + muteTimeIntervals: + description: muteTimeIntervals defines the list of MuteTimeInterval + specifying when the routes should be muted. + items: + description: MuteTimeInterval specifies the periods in time when + notifications will be muted + properties: + name: + description: name of the time interval + type: string + timeIntervals: + description: timeIntervals defines a list of TimeInterval + items: + description: TimeInterval describes intervals of time + properties: + daysOfMonth: + description: daysOfMonth defines a list of DayOfMonthRange + items: + description: DayOfMonthRange is an inclusive range of + days of the month beginning at 1 + properties: + end: + description: end of the inclusive range + maximum: 31 + minimum: -31 + type: integer + start: + description: start of the inclusive range + maximum: 31 + minimum: -31 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + months: + description: months defines a list of MonthRange + items: + description: |- + MonthRange is an inclusive range of months of the year beginning in January + Months can be specified by name (e.g 'January') by numerical month (e.g '1') or as an inclusive range (e.g 'January:March', '1:3', '1:March') + pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9]))$)|$) + type: string + type: array + x-kubernetes-list-type: atomic + times: + description: times defines a list of TimeRange + items: + description: TimeRange defines a start and end time + in 24hr format + properties: + endTime: + description: endTime defines the end time in 24hr + format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + startTime: + description: startTime defines the start time in + 24hr format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + type: object + type: array + x-kubernetes-list-type: atomic + weekdays: + description: weekdays defines a list of WeekdayRange + items: + description: |- + WeekdayRange is an inclusive range of days of the week beginning on Sunday + Days can be specified by name (e.g 'Sunday') or as an inclusive range (e.g 'Monday:Friday') + pattern: ^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$) + type: string + type: array + x-kubernetes-list-type: atomic + years: + description: years defines a list of YearRange + items: + description: YearRange is an inclusive range of years + pattern: ^2\d{3}(?::2\d{3}|$) + type: string + type: array + x-kubernetes-list-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + required: + - name + type: object + type: array + x-kubernetes-list-type: atomic + receivers: + description: receivers defines the list of receivers. + items: + description: Receiver defines one or more notification integrations. + properties: + discordConfigs: + description: discordConfigs defines the list of Slack configurations. + items: + description: |- + DiscordConfig configures notifications via Discord. + See https://prometheus.io/docs/alerting/latest/configuration/#discord_config + properties: + apiURL: + description: |- + apiURL defines the secret's key that contains the Discord webhook URL. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + avatarURL: + description: avatarURL defines the avatar url of the message + sender. + pattern: ^https?://.+$ + type: string + content: + description: content defines the template of the content's + body. + minLength: 1 + type: string + httpConfig: + description: httpConfig defines the HTTP client configuration. + properties: + authorization: + description: |- + authorization defines the authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: credentials defines a key of a Secret + in the namespace that contains the credentials + for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the basic authentication credentials for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects specifies whether the client should follow HTTP 3xx redirects. + When true, the client will automatically follow redirect responses. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. + This enables OAuth2 authentication flow for HTTP requests. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes + used for the token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how + to disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret + containing the client key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify + the hostname for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch + the token from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyURL: + description: |- + proxyURL defines an optional proxy URL for HTTP requests. + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + tlsConfig: + description: |- + tlsConfig defines the TLS configuration for the client. + This includes settings for certificates, CA validation, and TLS protocol options. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to + disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the + hostname for the targets. + type: string + type: object + type: object + message: + description: message defines the template of the message's + body. + type: string + sendResolved: + description: sendResolved defines whether or not to notify + about resolved alerts. + type: boolean + title: + description: title defines the template of the message's + title. + type: string + username: + description: username defines the username of the message + sender. + minLength: 1 + type: string + required: + - apiURL + type: object + type: array + x-kubernetes-list-type: atomic + emailConfigs: + description: emailConfigs defines the list of Email configurations. + items: + description: EmailConfig configures notifications via Email. + properties: + authIdentity: + description: |- + authIdentity defines the identity to use for SMTP authentication. + This is typically used with PLAIN authentication mechanism. + minLength: 1 + type: string + authPassword: + description: |- + authPassword defines the secret's key that contains the password to use for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authSecret: + description: |- + authSecret defines the secret's key that contains the CRAM-MD5 secret. + This is used for CRAM-MD5 authentication mechanism. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authUsername: + description: |- + authUsername defines the username to use for SMTP authentication. + This is used for SMTP AUTH when the server requires authentication. + minLength: 1 + type: string + forceImplicitTLS: + description: |- + forceImplicitTLS defines whether to force use of implicit TLS (direct TLS connection) for better security. + true: force use of implicit TLS (direct TLS connection on any port) + false: force disable implicit TLS (use explicit TLS/STARTTLS if required) + nil (default): auto-detect based on port (465=implicit, other=explicit) for backward compatibility + It requires Alertmanager >= v0.31.0. + type: boolean + from: + description: |- + from defines the sender address for email notifications. + This appears as the "From" field in the email header. + minLength: 1 + type: string + headers: + description: |- + headers defines additional email header key/value pairs. + These override any headers previously set by the notification implementation. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: |- + key defines the key of the tuple. + This is the identifier or name part of the key-value pair. + minLength: 1 + type: string + value: + description: |- + value defines the value of the tuple. + This is the data or content associated with the key. + type: string + required: + - key + - value + type: object + type: array + x-kubernetes-list-type: atomic + hello: + description: |- + hello defines the hostname to identify to the SMTP server. + This is used in the SMTP HELO/EHLO command during the connection handshake. + minLength: 1 + type: string + html: + description: |- + html defines the HTML body of the email notification. + This allows for rich formatting in the email content. + type: string + requireTLS: + description: |- + requireTLS defines the SMTP TLS requirement. + Note that Go does not support unencrypted connections to remote SMTP endpoints. + type: boolean + sendResolved: + description: sendResolved defines whether or not to notify + about resolved alerts. + type: boolean + smarthost: + description: |- + smarthost defines the SMTP host and port through which emails are sent. + Format should be "hostname:port", e.g. "smtp.example.com:587". + minLength: 1 + type: string + text: + description: |- + text defines the plain text body of the email notification. + This provides a fallback for email clients that don't support HTML. + minLength: 1 + type: string + tlsConfig: + description: |- + tlsConfig defines the TLS configuration for SMTP connections. + This includes settings for certificates, CA validation, and TLS protocol options. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + to: + description: |- + to defines the email address to send notifications to. + This is the recipient address for alert notifications. + minLength: 1 + type: string + type: object + type: array + x-kubernetes-list-type: atomic + msteamsConfigs: + description: |- + msteamsConfigs defines the list of MSTeams configurations. + It requires Alertmanager >= 0.26.0. + items: + description: |- + MSTeamsConfig configures notifications via Microsoft Teams. + It requires Alertmanager >= 0.26.0. + properties: + httpConfig: + description: httpConfig defines the HTTP client configuration + for Teams webhook requests. + properties: + authorization: + description: |- + authorization defines the authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: credentials defines a key of a Secret + in the namespace that contains the credentials + for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the basic authentication credentials for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects specifies whether the client should follow HTTP 3xx redirects. + When true, the client will automatically follow redirect responses. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. + This enables OAuth2 authentication flow for HTTP requests. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes + used for the token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how + to disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret + containing the client key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify + the hostname for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch + the token from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyURL: + description: |- + proxyURL defines an optional proxy URL for HTTP requests. + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + tlsConfig: + description: |- + tlsConfig defines the TLS configuration for the client. + This includes settings for certificates, CA validation, and TLS protocol options. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to + disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the + hostname for the targets. + type: string + type: object + type: object + sendResolved: + description: sendResolved defines whether or not to notify + about resolved alerts. + type: boolean + summary: + description: |- + summary defines the message summary template for Teams notifications. + This provides a brief overview that appears in Teams notification previews. + It requires Alertmanager >= 0.27.0. + type: string + text: + description: |- + text defines the message body template for Teams notifications. + This contains the detailed content of the Teams message. + type: string + title: + description: |- + title defines the message title template for Teams notifications. + This appears as the main heading of the Teams message card. + type: string + webhookUrl: + description: |- + webhookUrl defines the MSTeams webhook URL for sending notifications. + This is the incoming webhook URL configured in your Teams channel. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - webhookUrl + type: object + type: array + x-kubernetes-list-type: atomic + msteamsv2Configs: + description: |- + msteamsv2Configs defines the list of MSTeamsV2 configurations. + It requires Alertmanager >= 0.28.0. + items: + description: |- + MSTeamsV2Config configures notifications via Microsoft Teams using the new message format with adaptive cards as required by flows. + See https://prometheus.io/docs/alerting/latest/configuration/#msteamsv2_config + It requires Alertmanager >= 0.28.0. + properties: + httpConfig: + description: httpConfig defines the HTTP client configuration + for Teams webhook requests. + properties: + authorization: + description: |- + authorization defines the authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: credentials defines a key of a Secret + in the namespace that contains the credentials + for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the basic authentication credentials for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects specifies whether the client should follow HTTP 3xx redirects. + When true, the client will automatically follow redirect responses. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. + This enables OAuth2 authentication flow for HTTP requests. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes + used for the token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how + to disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret + containing the client key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify + the hostname for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch + the token from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyURL: + description: |- + proxyURL defines an optional proxy URL for HTTP requests. + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + tlsConfig: + description: |- + tlsConfig defines the TLS configuration for the client. + This includes settings for certificates, CA validation, and TLS protocol options. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to + disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the + hostname for the targets. + type: string + type: object + type: object + sendResolved: + description: sendResolved defines whether or not to notify + about resolved alerts. + type: boolean + text: + description: |- + text defines the message body template for adaptive card notifications. + This contains the detailed content displayed in the Teams adaptive card format. + minLength: 1 + type: string + title: + description: |- + title defines the message title template for adaptive card notifications. + This appears as the main heading in the Teams adaptive card. + minLength: 1 + type: string + webhookURL: + description: |- + webhookURL defines the MSTeams incoming webhook URL for adaptive card notifications. + This webhook must support the newer adaptive cards format required by Teams flows. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + name: + description: name defines the name of the receiver. Must be + unique across all items from the list. + minLength: 1 + type: string + opsgenieConfigs: + description: opsgenieConfigs defines the list of OpsGenie configurations. + items: + description: |- + OpsGenieConfig configures notifications via OpsGenie. + See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config + properties: + actions: + description: |- + actions defines a comma separated list of actions that will be available for the alert. + These appear as action buttons in the OpsGenie interface. + minLength: 1 + type: string + apiKey: + description: |- + apiKey defines the secret's key that contains the OpsGenie API key. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiURL: + description: |- + apiURL defines the URL to send OpsGenie API requests to. + When not specified, defaults to the standard OpsGenie API endpoint. + pattern: ^https?://.+$ + type: string + description: + description: |- + description defines the detailed description of the incident. + This provides additional context beyond the message field. + minLength: 1 + type: string + details: + description: |- + details defines a set of arbitrary key/value pairs that provide further detail about the incident. + These appear as additional fields in the OpsGenie alert. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: |- + key defines the key of the tuple. + This is the identifier or name part of the key-value pair. + minLength: 1 + type: string + value: + description: |- + value defines the value of the tuple. + This is the data or content associated with the key. + type: string + required: + - key + - value + type: object + type: array + x-kubernetes-list-type: atomic + entity: + description: |- + entity defines an optional field that can be used to specify which domain alert is related to. + This helps group related alerts together in OpsGenie. + minLength: 1 + type: string + httpConfig: + description: httpConfig defines the HTTP client configuration + for OpsGenie API requests. + properties: + authorization: + description: |- + authorization defines the authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: credentials defines a key of a Secret + in the namespace that contains the credentials + for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the basic authentication credentials for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects specifies whether the client should follow HTTP 3xx redirects. + When true, the client will automatically follow redirect responses. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. + This enables OAuth2 authentication flow for HTTP requests. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes + used for the token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how + to disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret + containing the client key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify + the hostname for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch + the token from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyURL: + description: |- + proxyURL defines an optional proxy URL for HTTP requests. + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + tlsConfig: + description: |- + tlsConfig defines the TLS configuration for the client. + This includes settings for certificates, CA validation, and TLS protocol options. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to + disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the + hostname for the targets. + type: string + type: object + type: object + message: + description: |- + message defines the alert text limited to 130 characters. + This appears as the main alert title in OpsGenie. + minLength: 1 + type: string + note: + description: |- + note defines an additional alert note. + This provides supplementary information about the alert. + minLength: 1 + type: string + priority: + description: |- + priority defines the priority level of alert. + Possible values are P1, P2, P3, P4, and P5, where P1 is highest priority. + minLength: 1 + type: string + responders: + description: |- + responders defines the list of responders responsible for notifications. + These determine who gets notified when the alert is created. + items: + description: |- + OpsGenieConfigResponder defines a responder to an incident. + One of `id`, `name` or `username` has to be defined. + properties: + id: + description: |- + id defines the unique identifier of the responder. + This corresponds to the responder's ID within OpsGenie. + minLength: 1 + type: string + name: + description: |- + name defines the display name of the responder. + This is used when the responder is identified by name rather than ID. + minLength: 1 + type: string + type: + description: |- + type defines the type of responder. + Valid values include "user", "team", "schedule", and "escalation". + This determines how OpsGenie interprets the other identifier fields. + enum: + - team + - teams + - user + - escalation + - schedule + minLength: 1 + type: string + username: + description: |- + username defines the username of the responder. + This is typically used for user-type responders when identifying by username. + minLength: 1 + type: string + required: + - type + type: object + type: array + x-kubernetes-list-type: atomic + sendResolved: + description: sendResolved defines whether or not to notify + about resolved alerts. + type: boolean + source: + description: |- + source defines the backlink to the sender of the notification. + This helps identify where the alert originated from. + minLength: 1 + type: string + tags: + description: |- + tags defines a comma separated list of tags attached to the notifications. + These help categorize and filter alerts within OpsGenie. + minLength: 1 + type: string + updateAlerts: + description: |- + updateAlerts defines Whether to update message and description of the alert in OpsGenie if it already exists + By default, the alert is never updated in OpsGenie, the new message only appears in activity log. + type: boolean + type: object + type: array + x-kubernetes-list-type: atomic + pagerdutyConfigs: + description: pagerdutyConfigs defines the List of PagerDuty + configurations. + items: + description: |- + PagerDutyConfig configures notifications via PagerDuty. + See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config + properties: + class: + description: class defines the class/type of the event. + minLength: 1 + type: string + client: + description: client defines the client identification. + minLength: 1 + type: string + clientURL: + description: clientURL defines the backlink to the sender + of notification. + type: string + component: + description: component defines the part or component of + the affected system that is broken. + minLength: 1 + type: string + description: + description: description of the incident. + minLength: 1 + type: string + details: + description: details defines the arbitrary key/value pairs + that provide further detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: |- + key defines the key of the tuple. + This is the identifier or name part of the key-value pair. + minLength: 1 + type: string + value: + description: |- + value defines the value of the tuple. + This is the data or content associated with the key. + type: string + required: + - key + - value + type: object + type: array + x-kubernetes-list-type: atomic + group: + description: group defines a cluster or grouping of sources. + minLength: 1 + type: string + httpConfig: + description: httpConfig defines the HTTP client configuration. + properties: + authorization: + description: |- + authorization defines the authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: credentials defines a key of a Secret + in the namespace that contains the credentials + for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the basic authentication credentials for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects specifies whether the client should follow HTTP 3xx redirects. + When true, the client will automatically follow redirect responses. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. + This enables OAuth2 authentication flow for HTTP requests. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes + used for the token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how + to disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret + containing the client key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify + the hostname for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch + the token from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyURL: + description: |- + proxyURL defines an optional proxy URL for HTTP requests. + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + tlsConfig: + description: |- + tlsConfig defines the TLS configuration for the client. + This includes settings for certificates, CA validation, and TLS protocol options. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to + disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the + hostname for the targets. + type: string + type: object + type: object + pagerDutyImageConfigs: + description: pagerDutyImageConfigs defines a list of image + details to attach that provide further detail about + an incident. + items: + description: PagerDutyImageConfig attaches images to + an incident + properties: + alt: + description: alt is the optional alternative text + for the image. + minLength: 1 + type: string + href: + description: href defines the optional URL; makes + the image a clickable link. + type: string + src: + description: src of the image being attached to + the incident + minLength: 1 + type: string + type: object + type: array + x-kubernetes-list-type: atomic + pagerDutyLinkConfigs: + description: pagerDutyLinkConfigs defines a list of link + details to attach that provide further detail about + an incident. + items: + description: PagerDutyLinkConfig attaches text links + to an incident + properties: + alt: + description: alt defines the text that describes + the purpose of the link, and can be used as the + link's text. + minLength: 1 + type: string + href: + description: href defines the URL of the link to + be attached + type: string + type: object + type: array + x-kubernetes-list-type: atomic + routingKey: + description: |- + routingKey defines the secret's key that contains the PagerDuty integration key (when using + Events API v2). Either this field or `serviceKey` needs to be defined. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sendResolved: + description: sendResolved defines whether or not to notify + about resolved alerts. + type: boolean + serviceKey: + description: |- + serviceKey defines the secret's key that contains the PagerDuty service key (when using + integration type "Prometheus"). Either this field or `routingKey` needs to + be defined. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + severity: + description: severity of the incident. + minLength: 1 + type: string + source: + description: source defines the unique location of the + affected system. + minLength: 1 + type: string + timeout: + description: |- + timeout is the maximum time allowed to invoke the pagerduty + It requires Alertmanager >= v0.30.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + url: + description: url defines the URL to send requests to. + pattern: ^https?://.+$ + type: string + type: object + type: array + x-kubernetes-list-type: atomic + pushoverConfigs: + description: pushoverConfigs defines the list of Pushover configurations. + items: + description: |- + PushoverConfig configures notifications via Pushover. + See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config + properties: + device: + description: |- + device defines the name of a specific device to send the notification to. + If not specified, the notification is sent to all user's devices. + minLength: 1 + type: string + expire: + description: |- + expire defines how long your notification will continue to be retried for, + unless the user acknowledges the notification. Only applies to priority 2 notifications. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + html: + description: |- + html defines whether notification message is HTML or plain text. + When true, the message can include HTML formatting tags. + html and monospace formatting are mutually exclusive. + type: boolean + httpConfig: + description: httpConfig defines the HTTP client configuration + for Pushover API requests. + properties: + authorization: + description: |- + authorization defines the authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: credentials defines a key of a Secret + in the namespace that contains the credentials + for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the basic authentication credentials for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects specifies whether the client should follow HTTP 3xx redirects. + When true, the client will automatically follow redirect responses. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. + This enables OAuth2 authentication flow for HTTP requests. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes + used for the token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how + to disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret + containing the client key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify + the hostname for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch + the token from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyURL: + description: |- + proxyURL defines an optional proxy URL for HTTP requests. + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + tlsConfig: + description: |- + tlsConfig defines the TLS configuration for the client. + This includes settings for certificates, CA validation, and TLS protocol options. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to + disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the + hostname for the targets. + type: string + type: object + type: object + message: + description: |- + message defines the notification message content. + This is the main body text of the Pushover notification. + minLength: 1 + type: string + monospace: + description: |- + monospace optional HTML/monospace formatting for the message, see https://pushover.net/api#html + html and monospace formatting are mutually exclusive. + type: boolean + priority: + description: |- + priority defines the notification priority level. + See https://pushover.net/api#priority for valid values and behavior. + minLength: 1 + type: string + retry: + description: |- + retry defines how often the Pushover servers will send the same notification to the user. + Must be at least 30 seconds. Only applies to priority 2 notifications. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + sendResolved: + description: sendResolved defines whether or not to notify + about resolved alerts. + type: boolean + sound: + description: |- + sound defines the name of one of the sounds supported by device clients. + This overrides the user's default sound choice for this notification. + minLength: 1 + type: string + title: + description: |- + title defines the notification title displayed in the Pushover message. + This appears as the bold header text in the notification. + minLength: 1 + type: string + token: + description: |- + token defines the secret's key that contains the registered application's API token. + See https://pushover.net/apps for application registration. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + Either `token` or `tokenFile` is required. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tokenFile: + description: |- + tokenFile defines the token file that contains the registered application's API token. + See https://pushover.net/apps for application registration. + Either `token` or `tokenFile` is required. + It requires Alertmanager >= v0.26.0. + minLength: 1 + type: string + ttl: + description: |- + ttl defines the time to live for the alert notification. + This determines how long the notification remains active before expiring. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + url: + description: |- + url defines a supplementary URL shown alongside the message. + This creates a clickable link within the Pushover notification. + type: string + urlTitle: + description: |- + urlTitle defines a title for the supplementary URL. + If not specified, the raw URL is shown instead. + minLength: 1 + type: string + userKey: + description: |- + userKey defines the secret's key that contains the recipient user's user key. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + Either `userKey` or `userKeyFile` is required. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + userKeyFile: + description: |- + userKeyFile defines the user key file that contains the recipient user's user key. + Either `userKey` or `userKeyFile` is required. + It requires Alertmanager >= v0.26.0. + minLength: 1 + type: string + type: object + type: array + x-kubernetes-list-type: atomic + rocketchatConfigs: + description: |- + rocketchatConfigs defines the list of RocketChat configurations. + It requires Alertmanager >= 0.28.0. + items: + description: |- + RocketChatConfig configures notifications via RocketChat. + It requires Alertmanager >= 0.28.0. + properties: + actions: + description: |- + actions defines interactive actions to include in the message. + These appear as buttons that users can click to trigger responses. + items: + description: RocketChatActionConfig defines actions + for RocketChat messages. + properties: + msg: + description: |- + msg defines the message to send when the button is clicked. + This allows the button to post a predefined message to the channel. + minLength: 1 + type: string + text: + description: |- + text defines the button text displayed to users. + This is the label that appears on the interactive button. + minLength: 1 + type: string + url: + description: |- + url defines the URL the button links to when clicked. + This creates a clickable button that opens the specified URL. + type: string + type: object + minItems: 1 + type: array + x-kubernetes-list-type: atomic + apiURL: + description: |- + apiURL defines the API URL for RocketChat. + Defaults to https://open.rocket.chat/ if not specified. + pattern: ^https?://.+$ + type: string + channel: + description: |- + channel defines the channel to send alerts to. + This can be a channel name (e.g., "#alerts") or a direct message recipient. + minLength: 1 + type: string + color: + description: |- + color defines the message color displayed in RocketChat. + This appears as a colored bar alongside the message. + minLength: 1 + type: string + emoji: + description: |- + emoji defines the emoji to be displayed as an avatar. + If provided, this emoji will be used instead of the default avatar or iconURL. + minLength: 1 + type: string + fields: + description: |- + fields defines additional fields for the message attachment. + These appear as structured key-value pairs within the message. + items: + description: RocketChatFieldConfig defines additional + fields for RocketChat messages. + properties: + short: + description: |- + short defines whether this field should be a short field. + When true, the field may be displayed inline with other short fields to save space. + type: boolean + title: + description: |- + title defines the title of this field. + This appears as bold text labeling the field content. + minLength: 1 + type: string + value: + description: |- + value defines the value of this field, displayed underneath the title. + This contains the actual data or content for the field. + minLength: 1 + type: string + type: object + minItems: 1 + type: array + x-kubernetes-list-type: atomic + httpConfig: + description: httpConfig defines the HTTP client configuration + for RocketChat API requests. + properties: + authorization: + description: |- + authorization defines the authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: credentials defines a key of a Secret + in the namespace that contains the credentials + for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the basic authentication credentials for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects specifies whether the client should follow HTTP 3xx redirects. + When true, the client will automatically follow redirect responses. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. + This enables OAuth2 authentication flow for HTTP requests. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes + used for the token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how + to disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret + containing the client key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify + the hostname for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch + the token from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyURL: + description: |- + proxyURL defines an optional proxy URL for HTTP requests. + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + tlsConfig: + description: |- + tlsConfig defines the TLS configuration for the client. + This includes settings for certificates, CA validation, and TLS protocol options. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to + disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the + hostname for the targets. + type: string + type: object + type: object + iconURL: + description: |- + iconURL defines the icon URL for the message avatar. + This displays a custom image as the message sender's avatar. + type: string + imageURL: + description: |- + imageURL defines the image URL to display within the message. + This embeds an image directly in the message attachment. + type: string + linkNames: + description: |- + linkNames defines whether to enable automatic linking of usernames and channels. + When true, @username and #channel references become clickable links. + type: boolean + sendResolved: + description: sendResolved defines whether or not to notify + about resolved alerts. + type: boolean + shortFields: + description: |- + shortFields defines whether to use short fields in the message layout. + When true, fields may be displayed side by side to save space. + type: boolean + text: + description: |- + text defines the message text to send. + This is optional because attachments can be used instead of or alongside text. + minLength: 1 + type: string + thumbURL: + description: |- + thumbURL defines the thumbnail URL for the message. + This displays a small thumbnail image alongside the message content. + type: string + title: + description: |- + title defines the message title displayed prominently in the message. + This appears as bold text at the top of the message attachment. + minLength: 1 + type: string + titleLink: + description: |- + titleLink defines the URL that the title will link to when clicked. + This makes the message title clickable in the RocketChat interface. + minLength: 1 + type: string + token: + description: |- + token defines the sender token for RocketChat authentication. + This is the personal access token or bot token used to authenticate API requests. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tokenID: + description: |- + tokenID defines the sender token ID for RocketChat authentication. + This is the user ID associated with the token used for API requests. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - token + - tokenID + type: object + type: array + x-kubernetes-list-type: atomic + slackConfigs: + description: slackConfigs defines the list of Slack configurations. + items: + description: |- + SlackConfig configures notifications via Slack. + See https://prometheus.io/docs/alerting/latest/configuration/#slack_config + properties: + actions: + description: actions defines a list of Slack actions that + are sent with each notification. + items: + description: |- + SlackAction configures a single Slack action that is sent with each + notification. + See https://api.slack.com/docs/message-attachments#action_fields and + https://api.slack.com/docs/message-buttons for more information. + properties: + confirm: + description: |- + confirm defines an optional confirmation dialog that appears before the action is executed. + When set, users must confirm their intent before the action proceeds. + properties: + dismissText: + description: |- + dismissText defines the label for the cancel button in the dialog. + When not specified, defaults to "Cancel". This button cancels the action. + minLength: 1 + type: string + okText: + description: |- + okText defines the label for the confirmation button in the dialog. + When not specified, defaults to "Okay". This button proceeds with the action. + minLength: 1 + type: string + text: + description: |- + text defines the main message displayed in the confirmation dialog. + This should be a clear question or statement asking the user to confirm their action. + minLength: 1 + type: string + title: + description: |- + title defines the title text displayed at the top of the confirmation dialog. + When not specified, a default title will be used. + minLength: 1 + type: string + required: + - text + type: object + name: + description: |- + name defines a unique identifier for the action within the message. + This value is sent back to your application when the action is triggered. + minLength: 1 + type: string + style: + description: |- + style defines the visual appearance of the action element. + Valid values include "default", "primary" (green), and "danger" (red). + minLength: 1 + type: string + text: + description: |- + text defines the user-visible label displayed on the action element. + For buttons, this is the button text. For select menus, this is the placeholder text. + minLength: 1 + type: string + type: + description: |- + type defines the type of interactive component. + Common values include "button" for clickable buttons and "select" for dropdown menus. + minLength: 1 + type: string + url: + description: |- + url defines the URL to open when the action is triggered. + Only applicable for button-type actions. When set, clicking the button opens this URL. + type: string + value: + description: |- + value defines the payload sent when the action is triggered. + This data is included in the callback sent to your application. + minLength: 1 + type: string + required: + - text + - type + type: object + minItems: 1 + type: array + x-kubernetes-list-type: atomic + apiURL: + description: |- + apiURL defines the secret's key that contains the Slack webhook URL. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + callbackId: + description: callbackId defines an identifier for the + message used in interactive components. + minLength: 1 + type: string + channel: + description: channel defines the channel or user to send + notifications to. + minLength: 1 + type: string + color: + description: |- + color defines the color of the left border of the Slack message attachment. + Can be a hex color code (e.g., "#ff0000") or a predefined color name. + minLength: 1 + type: string + fallback: + description: fallback defines a plain-text summary of + the attachment for clients that don't support attachments. + minLength: 1 + type: string + fields: + description: fields defines a list of Slack fields that + are sent with each notification. + items: + description: |- + SlackField configures a single Slack field that is sent with each notification. + Each field must contain a title, value, and optionally, a boolean value to indicate if the field + is short enough to be displayed next to other fields designated as short. + See https://api.slack.com/docs/message-attachments#fields for more information. + properties: + short: + description: |- + short determines whether this field can be displayed alongside other short fields. + When true, Slack may display this field side by side with other short fields. + When false or not specified, the field takes the full width of the message. + type: boolean + title: + description: |- + title defines the label or header text displayed for this field. + This appears as bold text above the field value in the Slack message. + minLength: 1 + type: string + value: + description: |- + value defines the content or data displayed for this field. + This appears below the title and can contain plain text or Slack markdown. + minLength: 1 + type: string + required: + - title + - value + type: object + minItems: 1 + type: array + x-kubernetes-list-type: atomic + footer: + description: footer defines small text displayed at the + bottom of the message attachment. + minLength: 1 + type: string + httpConfig: + description: httpConfig defines the HTTP client configuration. + properties: + authorization: + description: |- + authorization defines the authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: credentials defines a key of a Secret + in the namespace that contains the credentials + for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the basic authentication credentials for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects specifies whether the client should follow HTTP 3xx redirects. + When true, the client will automatically follow redirect responses. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. + This enables OAuth2 authentication flow for HTTP requests. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes + used for the token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how + to disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret + containing the client key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify + the hostname for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch + the token from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyURL: + description: |- + proxyURL defines an optional proxy URL for HTTP requests. + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + tlsConfig: + description: |- + tlsConfig defines the TLS configuration for the client. + This includes settings for certificates, CA validation, and TLS protocol options. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to + disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the + hostname for the targets. + type: string + type: object + type: object + iconEmoji: + description: iconEmoji defines the emoji to use as the + bot's avatar (e.g., ":ghost:"). + minLength: 1 + type: string + iconURL: + description: iconURL defines the URL to an image to use + as the bot's avatar. + type: string + imageURL: + description: imageURL defines the URL to an image file + that will be displayed inside the message attachment. + type: string + linkNames: + description: |- + linkNames enables automatic linking of channel names and usernames in the message. + When true, @channel and @username will be converted to clickable links. + type: boolean + messageText: + description: |- + messageText defines text content of the Slack message. + If set, this is sent as the top-level 'text' field in the Slack payload. + It requires Alertmanager >= v0.31.0. + minLength: 1 + type: string + mrkdwnIn: + description: |- + mrkdwnIn defines which fields should be parsed as Slack markdown. + Valid values include "pretext", "text", and "fields". + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: atomic + pretext: + description: pretext defines optional text that appears + above the message attachment block. + minLength: 1 + type: string + sendResolved: + description: sendResolved defines whether or not to notify + about resolved alerts. + type: boolean + shortFields: + description: |- + shortFields determines whether fields are displayed in a compact format. + When true, fields are shown side by side when possible. + type: boolean + text: + description: text defines the main text content of the + Slack message attachment. + minLength: 1 + type: string + thumbURL: + description: |- + thumbURL defines the URL to an image file that will be displayed as a thumbnail + on the right side of the message attachment. + type: string + timeout: + description: |- + timeout defines the maximum time to wait for a webhook request to complete, + before failing the request and allowing it to be retried. + It requires Alertmanager >= v0.30.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + title: + description: title defines the title text displayed in + the Slack message attachment. + minLength: 1 + type: string + titleLink: + description: titleLink defines the URL that the title + will link to when clicked. + type: string + username: + description: username defines the slack bot user name. + minLength: 1 + type: string + type: object + type: array + x-kubernetes-list-type: atomic + snsConfigs: + description: snsConfigs defines the list of SNS configurations + items: + description: |- + SNSConfig configures notifications via AWS SNS. + See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs + properties: + apiURL: + description: |- + apiURL defines the SNS API URL, e.g. https://sns.us-east-2.amazonaws.com. + If not specified, the SNS API URL from the SNS SDK will be used. + type: string + attributes: + additionalProperties: + type: string + description: |- + attributes defines SNS message attributes as key-value pairs. + These provide additional metadata that can be used for message filtering and routing. + type: object + httpConfig: + description: httpConfig defines the HTTP client configuration + for SNS API requests. + properties: + authorization: + description: |- + authorization defines the authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: credentials defines a key of a Secret + in the namespace that contains the credentials + for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the basic authentication credentials for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects specifies whether the client should follow HTTP 3xx redirects. + When true, the client will automatically follow redirect responses. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. + This enables OAuth2 authentication flow for HTTP requests. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes + used for the token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how + to disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret + containing the client key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify + the hostname for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch + the token from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyURL: + description: |- + proxyURL defines an optional proxy URL for HTTP requests. + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + tlsConfig: + description: |- + tlsConfig defines the TLS configuration for the client. + This includes settings for certificates, CA validation, and TLS protocol options. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to + disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the + hostname for the targets. + type: string + type: object + type: object + message: + description: |- + message defines the message content of the SNS notification. + This is the actual notification text that will be sent to subscribers. + minLength: 1 + type: string + phoneNumber: + description: |- + phoneNumber defines the phone number if message is delivered via SMS in E.164 format. + If you don't specify this value, you must specify a value for the TopicARN or TargetARN. + minLength: 1 + type: string + sendResolved: + description: sendResolved defines whether or not to notify + about resolved alerts. + type: boolean + sigv4: + description: |- + sigv4 configures AWS's Signature Verification 4 signing process to sign requests. + This includes AWS credentials and region configuration for authentication. + properties: + accessKey: + description: |- + accessKey defines the AWS API key. If not specified, the environment variable + `AWS_ACCESS_KEY_ID` is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: profile defines the named AWS profile + used to authenticate. + type: string + region: + description: region defines the AWS region. If blank, + the region from the default credentials chain used. + type: string + roleArn: + description: roleArn defines the named AWS profile + used to authenticate. + type: string + secretKey: + description: |- + secretKey defines the AWS API secret. If not specified, the environment + variable `AWS_SECRET_ACCESS_KEY` is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines the FIPS mode for the AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean + type: object + subject: + description: |- + subject defines the subject line when the message is delivered to email endpoints. + This field is only used when sending to email subscribers of an SNS topic. + minLength: 1 + type: string + targetARN: + description: |- + targetARN defines the mobile platform endpoint ARN if message is delivered via mobile notifications. + If you don't specify this value, you must specify a value for the TopicARN or PhoneNumber. + minLength: 1 + type: string + topicARN: + description: |- + topicARN defines the SNS topic ARN, e.g. arn:aws:sns:us-east-2:698519295917:My-Topic. + If you don't specify this value, you must specify a value for the PhoneNumber or TargetARN. + minLength: 1 + type: string + type: object + type: array + x-kubernetes-list-type: atomic + telegramConfigs: + description: telegramConfigs defines the list of Telegram configurations. + items: + description: |- + TelegramConfig configures notifications via Telegram. + See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config + properties: + apiURL: + description: |- + apiURL defines the Telegram API URL, e.g. https://api.telegram.org. + If not specified, the default Telegram API URL will be used. + pattern: ^https?://.+$ + type: string + botToken: + description: |- + botToken defines the Telegram bot token. It is mutually exclusive with `botTokenFile`. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + Either `botToken` or `botTokenFile` is required. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + botTokenFile: + description: |- + botTokenFile defines the file to read the Telegram bot token from. + It is mutually exclusive with `botToken`. + Either `botToken` or `botTokenFile` is required. + It requires Alertmanager >= v0.26.0. + type: string + chatID: + description: |- + chatID defines the Telegram chat ID where messages will be sent. + This can be a user ID, group ID, or channel ID (with @ prefix for public channels). + format: int64 + type: integer + disableNotifications: + description: |- + disableNotifications controls whether Telegram notifications are sent silently. + When true, users will receive the message without notification sounds. + type: boolean + httpConfig: + description: httpConfig defines the HTTP client configuration + for Telegram API requests. + properties: + authorization: + description: |- + authorization defines the authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: credentials defines a key of a Secret + in the namespace that contains the credentials + for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the basic authentication credentials for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects specifies whether the client should follow HTTP 3xx redirects. + When true, the client will automatically follow redirect responses. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. + This enables OAuth2 authentication flow for HTTP requests. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes + used for the token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how + to disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret + containing the client key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify + the hostname for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch + the token from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyURL: + description: |- + proxyURL defines an optional proxy URL for HTTP requests. + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + tlsConfig: + description: |- + tlsConfig defines the TLS configuration for the client. + This includes settings for certificates, CA validation, and TLS protocol options. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to + disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the + hostname for the targets. + type: string + type: object + type: object + message: + description: |- + message defines the message template for the Telegram notification. + This is the content that will be sent to the specified chat. + type: string + messageThreadID: + description: |- + messageThreadID defines the Telegram Group Topic ID for threaded messages. + This allows sending messages to specific topics within Telegram groups. + It requires Alertmanager >= 0.26.0. + format: int64 + type: integer + parseMode: + description: |- + parseMode defines the parse mode for telegram message formatting. + Valid values are "MarkdownV2", "Markdown", and "HTML". + This determines how text formatting is interpreted in the message. + enum: + - MarkdownV2 + - Markdown + - HTML + type: string + sendResolved: + description: sendResolved defines whether or not to notify + about resolved alerts. + type: boolean + required: + - chatID + type: object + type: array + x-kubernetes-list-type: atomic + victoropsConfigs: + description: victoropsConfigs defines the list of VictorOps + configurations. + items: + description: |- + VictorOpsConfig configures notifications via VictorOps. + See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config + properties: + apiKey: + description: |- + apiKey defines the secret's key that contains the API key to use when talking to the VictorOps API. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiUrl: + description: |- + apiUrl defines the VictorOps API URL. + When not specified, defaults to the standard VictorOps API endpoint. + pattern: ^https?://.+$ + type: string + customFields: + description: |- + customFields defines additional custom fields for notification. + These provide extra metadata that will be included with the VictorOps incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: |- + key defines the key of the tuple. + This is the identifier or name part of the key-value pair. + minLength: 1 + type: string + value: + description: |- + value defines the value of the tuple. + This is the data or content associated with the key. + type: string + required: + - key + - value + type: object + type: array + x-kubernetes-list-type: atomic + entityDisplayName: + description: |- + entityDisplayName contains a summary of the alerted problem. + This appears as the main title or identifier for the incident. + minLength: 1 + type: string + httpConfig: + description: httpConfig defines the HTTP client's configuration + for VictorOps API requests. + properties: + authorization: + description: |- + authorization defines the authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: credentials defines a key of a Secret + in the namespace that contains the credentials + for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the basic authentication credentials for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects specifies whether the client should follow HTTP 3xx redirects. + When true, the client will automatically follow redirect responses. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. + This enables OAuth2 authentication flow for HTTP requests. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes + used for the token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how + to disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret + containing the client key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify + the hostname for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch + the token from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyURL: + description: |- + proxyURL defines an optional proxy URL for HTTP requests. + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + tlsConfig: + description: |- + tlsConfig defines the TLS configuration for the client. + This includes settings for certificates, CA validation, and TLS protocol options. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to + disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the + hostname for the targets. + type: string + type: object + type: object + messageType: + description: |- + messageType describes the behavior of the alert. + Valid values are "CRITICAL", "WARNING", and "INFO". + minLength: 1 + type: string + monitoringTool: + description: |- + monitoringTool defines the monitoring tool the state message is from. + This helps identify the source system that generated the alert. + minLength: 1 + type: string + routingKey: + description: |- + routingKey defines a key used to map the alert to a team. + This determines which VictorOps team will receive the alert notification. + minLength: 1 + type: string + sendResolved: + description: sendResolved defines whether or not to notify + about resolved alerts. + type: boolean + stateMessage: + description: |- + stateMessage contains a long explanation of the alerted problem. + This provides detailed context about the incident. + minLength: 1 + type: string + required: + - routingKey + type: object + type: array + x-kubernetes-list-type: atomic + webexConfigs: + description: webexConfigs defines the list of Webex configurations. + items: + description: |- + WebexConfig configures notification via Cisco Webex + See https://prometheus.io/docs/alerting/latest/configuration/#webex_config + properties: + apiURL: + description: apiURL defines the Webex Teams API URL i.e. + https://webexapis.com/v1/messages + pattern: ^https?://.+$ + type: string + httpConfig: + description: httpConfig defines the HTTP client's configuration. + properties: + authorization: + description: |- + authorization defines the authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: credentials defines a key of a Secret + in the namespace that contains the credentials + for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the basic authentication credentials for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects specifies whether the client should follow HTTP 3xx redirects. + When true, the client will automatically follow redirect responses. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. + This enables OAuth2 authentication flow for HTTP requests. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes + used for the token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how + to disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret + containing the client key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify + the hostname for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch + the token from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyURL: + description: |- + proxyURL defines an optional proxy URL for HTTP requests. + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + tlsConfig: + description: |- + tlsConfig defines the TLS configuration for the client. + This includes settings for certificates, CA validation, and TLS protocol options. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to + disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the + hostname for the targets. + type: string + type: object + type: object + message: + description: message defines the message template + type: string + roomID: + description: roomID defines the ID of the Webex Teams + room where to send the messages. + minLength: 1 + type: string + sendResolved: + description: sendResolved defines whether or not to notify + about resolved alerts. + type: boolean + required: + - roomID + type: object + type: array + x-kubernetes-list-type: atomic + webhookConfigs: + description: webhookConfigs defines the List of webhook configurations. + items: + description: |- + WebhookConfig configures notifications via a generic receiver supporting the webhook payload. + See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config + properties: + httpConfig: + description: httpConfig defines the HTTP client configuration + for webhook requests. + properties: + authorization: + description: |- + authorization defines the authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: credentials defines a key of a Secret + in the namespace that contains the credentials + for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the basic authentication credentials for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects specifies whether the client should follow HTTP 3xx redirects. + When true, the client will automatically follow redirect responses. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. + This enables OAuth2 authentication flow for HTTP requests. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes + used for the token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how + to disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret + containing the client key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify + the hostname for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch + the token from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyURL: + description: |- + proxyURL defines an optional proxy URL for HTTP requests. + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + tlsConfig: + description: |- + tlsConfig defines the TLS configuration for the client. + This includes settings for certificates, CA validation, and TLS protocol options. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to + disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the + hostname for the targets. + type: string + type: object + type: object + maxAlerts: + description: |- + maxAlerts defines the maximum number of alerts to be sent per webhook message. + When 0, all alerts are included in the webhook payload. + format: int32 + minimum: 0 + type: integer + sendResolved: + description: sendResolved defines whether or not to notify + about resolved alerts. + type: boolean + timeout: + description: |- + timeout defines the maximum time to wait for a webhook request to complete, + before failing the request and allowing it to be retried. + It requires Alertmanager >= v0.28.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + url: + description: |- + url defines the URL to send HTTP POST requests to. + urlSecret takes precedence over url. One of urlSecret and url should be defined. + type: string + urlSecret: + description: |- + urlSecret defines the secret's key that contains the webhook URL to send HTTP requests to. + urlSecret takes precedence over url. One of urlSecret and url should be defined. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + wechatConfigs: + description: wechatConfigs defines the list of WeChat configurations. + items: + description: |- + WeChatConfig configures notifications via WeChat. + See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config + properties: + agentID: + description: |- + agentID defines the application agent ID within WeChat Work. + This identifies which WeChat Work application will send the notifications. + minLength: 1 + type: string + apiSecret: + description: |- + apiSecret defines the secret's key that contains the WeChat API key. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiURL: + description: |- + apiURL defines the WeChat API URL. + When not specified, defaults to the standard WeChat Work API endpoint. + pattern: ^https?://.+$ + type: string + corpID: + description: |- + corpID defines the corp id for authentication. + This is the unique identifier for your WeChat Work organization. + minLength: 1 + type: string + httpConfig: + description: httpConfig defines the HTTP client configuration + for WeChat API requests. + properties: + authorization: + description: |- + authorization defines the authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: credentials defines a key of a Secret + in the namespace that contains the credentials + for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the basic authentication credentials for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects specifies whether the client should follow HTTP 3xx redirects. + When true, the client will automatically follow redirect responses. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. + This enables OAuth2 authentication flow for HTTP requests. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes + used for the token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret + containing data to use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how + to disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret + containing the client key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify + the hostname for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch + the token from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyURL: + description: |- + proxyURL defines an optional proxy URL for HTTP requests. + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + tlsConfig: + description: |- + tlsConfig defines the TLS configuration for the client. + This includes settings for certificates, CA validation, and TLS protocol options. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to + disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the + hostname for the targets. + type: string + type: object + type: object + message: + description: |- + message defines the API request data as defined by the WeChat API. + This contains the actual notification content to be sent. + minLength: 1 + type: string + messageType: + description: |- + messageType defines the type of message to send. + Valid values include "text", "markdown", and other WeChat Work supported message types. + minLength: 1 + type: string + sendResolved: + description: sendResolved defines whether or not to notify + about resolved alerts. + type: boolean + toParty: + description: |- + toParty defines the target department(s) to receive the notification. + Can be a single department ID or multiple department IDs separated by '|'. + minLength: 1 + type: string + toTag: + description: |- + toTag defines the target tag(s) to receive the notification. + Can be a single tag ID or multiple tag IDs separated by '|'. + minLength: 1 + type: string + toUser: + description: |- + toUser defines the target user(s) to receive the notification. + Can be a single user ID or multiple user IDs separated by '|'. + minLength: 1 + type: string + type: object + type: array + x-kubernetes-list-type: atomic + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + route: + description: |- + route defines the Alertmanager route definition for alerts matching the resource's + namespace. If present, it will be added to the generated Alertmanager + configuration as a first-level route. + properties: + activeTimeIntervals: + description: activeTimeIntervals is a list of MuteTimeInterval + names when this route should be active. + items: + type: string + type: array + x-kubernetes-list-type: set + continue: + description: |- + continue defines the boolean indicating whether an alert should continue matching subsequent + sibling nodes. It will always be overridden to true for the first-level + route by the Prometheus operator. + type: boolean + groupBy: + description: |- + groupBy defines the list of labels to group by. + Labels must not be repeated (unique list). + Special label "..." (aggregate by all possible labels), if provided, must be the only element in the list. + items: + type: string + type: array + x-kubernetes-list-type: set + groupInterval: + description: |- + groupInterval defines how long to wait before sending an updated notification. + Must be greater than 0. + Example: "5m" + minLength: 1 + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + groupWait: + description: |- + groupWait defines how long to wait before sending the initial notification. + Example: "30s" + minLength: 1 + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + matchers: + description: |- + matchers defines the list of matchers that the alert's labels should match. For the first + level route, the operator removes any existing equality and regexp + matcher on the `namespace` label and adds a `namespace: ` matcher. + items: + description: Matcher defines how to match on alert's labels. + properties: + matchType: + description: |- + matchType defines the match operation available with AlertManager >= v0.22.0. + Takes precedence over Regex (deprecated) if non-empty. + Valid values: "=" (equality), "!=" (inequality), "=~" (regex match), "!~" (regex non-match). + enum: + - '!=' + - = + - =~ + - '!~' + type: string + name: + description: |- + name defines the label to match. + This specifies which alert label should be evaluated. + minLength: 1 + type: string + regex: + description: |- + regex defines whether to match on equality (false) or regular-expression (true). + Deprecated: for AlertManager >= v0.22.0, `matchType` should be used instead. + type: boolean + value: + description: |- + value defines the label value to match. + This is the expected value for the specified label. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-type: atomic + muteTimeIntervals: + description: muteTimeIntervals is a list of MuteTimeInterval names + that will mute this route when matched, + items: + type: string + type: array + x-kubernetes-list-type: set + receiver: + description: |- + receiver defines the name of the receiver for this route. If not empty, it should be listed in + the `receivers` field. + type: string + repeatInterval: + description: |- + repeatInterval defines how long to wait before repeating the last notification. + Must be greater than 0. + Example: "4h" + minLength: 1 + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + routes: + description: routes defines the child routes. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + x-kubernetes-list-type: atomic + type: object + type: object + status: + description: |- + status defines the status subresource. It is under active development and is updated only when the + "StatusForConfigurationResources" feature gate is enabled. + + Most recent observed status of the ServiceMonitor. Read-only. + More info: + https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + bindings: + description: bindings defines the list of workload resources (Prometheus, + PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration + resource. + items: + description: WorkloadBinding is a link between a configuration resource + and a workload resource. + properties: + conditions: + description: conditions defines the current state of the configuration + resource when bound to the referenced Workload object. + items: + description: ConfigResourceCondition describes the status + of configuration resources linked to Prometheus, PrometheusAgent, + Alertmanager or ThanosRuler. + properties: + lastTransitionTime: + description: lastTransitionTime defines the time of the + last update to the current status property. + format: date-time + type: string + message: + description: message defines the human-readable message + indicating details for the condition's last transition. + type: string + observedGeneration: + description: |- + observedGeneration defines the .metadata.generation that the + condition was set based upon. For instance, if `.metadata.generation` is + currently 12, but the `.status.conditions[].observedGeneration` is 9, the + condition is out of date with respect to the current state of the object. + format: int64 + type: integer + reason: + description: reason for the condition's last transition. + type: string + status: + description: status of the condition. + minLength: 1 + type: string + type: + description: |- + type of the condition being reported. + Currently, only "Accepted" is supported. + enum: + - Accepted + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + group: + description: group defines the group of the referenced resource. + enum: + - monitoring.coreos.com + type: string + name: + description: name defines the name of the referenced object. + minLength: 1 + type: string + namespace: + description: namespace defines the namespace of the referenced + object. + minLength: 1 + type: string + resource: + description: resource defines the type of resource being referenced + (e.g. Prometheus, PrometheusAgent, ThanosRuler or Alertmanager). + enum: + - prometheuses + - prometheusagents + - thanosrulers + - alertmanagers + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - name + - namespace + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml new file mode 100644 index 0000000..790a049 --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml @@ -0,0 +1,9983 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + operator.prometheus.io/version: 0.90.1 + name: alertmanagers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + shortNames: + - am + singular: alertmanager + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Alertmanager + jsonPath: .spec.version + name: Version + type: string + - description: The number of desired replicas + jsonPath: .spec.replicas + name: Replicas + type: integer + - description: The number of ready replicas + jsonPath: .status.availableReplicas + name: Ready + type: integer + - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status + name: Reconciled + type: string + - jsonPath: .status.conditions[?(@.type == 'Available')].status + name: Available + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Whether the resource reconciliation is paused or not + jsonPath: .status.paused + name: Paused + priority: 1 + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: |- + The `Alertmanager` custom resource definition (CRD) defines a desired [Alertmanager](https://prometheus.io/docs/alerting) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage and many more. + + For each `Alertmanager` resource, the Operator deploys a `StatefulSet` in the same namespace. When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode. + + The resource defines via label and namespace selectors which `AlertmanagerConfig` objects should be associated to the deployed Alertmanager instances. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + spec defines the specification of the desired behavior of the Alertmanager cluster. More info: + https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + additionalArgs: + description: |- + additionalArgs allows setting additional arguments for the 'Alertmanager' container. + It is intended for e.g. activating hidden flags which are not supported by + the dedicated configuration options yet. The arguments are passed as-is to the + Alertmanager container which may cause issues if they are invalid or not supported + by the given Alertmanager version. + items: + description: Argument as part of the AdditionalArgs list. + properties: + name: + description: name of the argument, e.g. "scrape.discovery-reload-interval". + minLength: 1 + type: string + value: + description: value defines the argument value, e.g. 30s. Can + be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile) + type: string + required: + - name + type: object + type: array + additionalPeers: + description: additionalPeers allows injecting a set of additional + Alertmanagers to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: affinity defines the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and subtracting + "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + alertmanagerConfigMatcherStrategy: + description: |- + alertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects + process incoming alerts. + properties: + type: + default: OnNamespace + description: |- + type defines the strategy used by + AlertmanagerConfig objects to match alerts in the routes and inhibition + rules. + + The default value is `OnNamespace`. + enum: + - OnNamespace + - OnNamespaceExceptForAlertmanagerNamespace + - None + type: string + type: object + alertmanagerConfigNamespaceSelector: + description: |- + alertmanagerConfigNamespaceSelector defines the namespaces to be selected for AlertmanagerConfig discovery. If nil, only + check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + alertmanagerConfigSelector: + description: alertmanagerConfigSelector defines the selector to be + used for to merge and configure Alertmanager with. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + alertmanagerConfiguration: + description: |- + alertmanagerConfiguration defines the configuration of Alertmanager. + + If defined, it takes precedence over the `configSecret` field. + + This is an *experimental feature*, it may change in any upcoming release + in a breaking way. + properties: + global: + description: global defines the global parameters of the Alertmanager + configuration. + properties: + httpConfig: + description: httpConfig defines the default HTTP configuration. + properties: + authorization: + description: |- + authorization configures the Authorization header credentials used by + the client. + + Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret + in the namespace that contains the credentials for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the Basic Authentication credentials used by the + client. + + Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + bearerTokenSecret defines a key of a Secret containing the bearer token + used by the client for authentication. The secret needs to be in the + same namespace as the custom resource and readable by the Prometheus + Operator. + + Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`. + + Deprecated: use `authorization` instead. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects defines whether the client should follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the OAuth2 settings used by the client. + + It requires Prometheus >= 2.27.0. + + Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server + to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used + for the token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate + to present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap + containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to + disable target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the + hostname for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the + token from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a + Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to + use. + pattern: ^(http|https|socks5)://.+$ + type: string + tlsConfig: + description: tlsConfig defines the TLS configuration used + by the client. + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + type: object + jira: + description: jira defines the default configuration for Jira. + properties: + apiURL: + description: |- + apiURL defines the default Jira API URL. + + It requires Alertmanager >= v0.28.0. + pattern: ^(http|https)://.+$ + type: string + type: object + opsGenieApiKey: + description: opsGenieApiKey defines the default OpsGenie API + Key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + opsGenieApiUrl: + description: opsGenieApiUrl defines the default OpsGenie API + URL. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + pagerdutyUrl: + description: pagerdutyUrl defines the default Pagerduty URL. + pattern: ^(http|https)://.+$ + type: string + resolveTimeout: + description: |- + resolveTimeout defines the default value used by alertmanager if the alert does + not include EndsAt, after this time passes it can declare the alert as resolved if it has not been updated. + This has no impact on alerts from Prometheus, as they always include EndsAt. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + rocketChat: + description: rocketChat defines the default configuration + for Rocket Chat. + properties: + apiURL: + description: |- + apiURL defines the default Rocket Chat API URL. + + It requires Alertmanager >= v0.28.0. + pattern: ^(http|https)://.+$ + type: string + token: + description: |- + token defines the default Rocket Chat token. + + It requires Alertmanager >= v0.28.0. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tokenID: + description: |- + tokenID defines the default Rocket Chat Token ID. + + It requires Alertmanager >= v0.28.0. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + slackApiUrl: + description: slackApiUrl defines the default Slack API URL. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + smtp: + description: smtp defines global SMTP parameters. + properties: + authIdentity: + description: authIdentity represents SMTP Auth using PLAIN + type: string + authPassword: + description: authPassword represents SMTP Auth using LOGIN + and PLAIN. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authSecret: + description: authSecret represents SMTP Auth using CRAM-MD5. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authUsername: + description: authUsername represents SMTP Auth using CRAM-MD5, + LOGIN and PLAIN. If empty, Alertmanager doesn't authenticate + to the SMTP server. + type: string + forceImplicitTLS: + description: |- + forceImplicitTLS defines whether to force use of implicit TLS (direct TLS connection) for better security. + true: force use of implicit TLS (direct TLS connection on any port) + false: force disable implicit TLS (use explicit TLS/STARTTLS if required) + nil (default): auto-detect based on port (465=implicit, other=explicit) for backward compatibility + It requires Alertmanager >= v0.31.0. + type: boolean + from: + description: from defines the default SMTP From header + field. + type: string + hello: + description: hello defines the default hostname to identify + to the SMTP server. + type: string + requireTLS: + description: |- + requireTLS defines the default SMTP TLS requirement. + Note that Go does not support unencrypted connections to remote SMTP endpoints. + type: boolean + smartHost: + description: smartHost defines the default SMTP smarthost + used for sending emails. + properties: + host: + description: host defines the host's address, it can + be a DNS name or a literal IP address. + minLength: 1 + type: string + port: + description: port defines the host's port, it can + be a literal port number or a port name. + minLength: 1 + type: string + required: + - host + - port + type: object + tlsConfig: + description: tlsConfig defines the default TLS configuration + for SMTP receivers + properties: + ca: + description: ca defines the Certificate authority + used when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + type: object + telegram: + description: telegram defines the default Telegram config + properties: + apiURL: + description: |- + apiURL defines he default Telegram API URL. + + It requires Alertmanager >= v0.24.0. + pattern: ^(http|https)://.+$ + type: string + type: object + victorops: + description: victorops defines the default configuration for + VictorOps. + properties: + apiKey: + description: apiKey defines the default VictorOps API + Key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiURL: + description: apiURL defines the default VictorOps API + URL. + pattern: ^(http|https)://.+$ + type: string + type: object + webex: + description: webex defines the default configuration for Webex. + properties: + apiURL: + description: |- + apiURL defines the is the default Webex API URL. + + It requires Alertmanager >= v0.25.0. + pattern: ^(http|https)://.+$ + type: string + type: object + wechat: + description: wechat defines the default WeChat Config + properties: + apiCorpID: + description: apiCorpID defines the default WeChat API + Corporate ID. + minLength: 1 + type: string + apiSecret: + description: apiSecret defines the default WeChat API + Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiURL: + description: |- + apiURL defines he default WeChat API URL. + The default value is "https://qyapi.weixin.qq.com/cgi-bin/" + pattern: ^(http|https)://.+$ + type: string + type: object + type: object + name: + description: |- + name defines the name of the AlertmanagerConfig custom resource which is used to generate the Alertmanager configuration. + It must be defined in the same namespace as the Alertmanager object. + The operator will not enforce a `namespace` label for routes and inhibition rules. + minLength: 1 + type: string + templates: + description: templates defines the custom notification templates. + items: + description: SecretOrConfigMap allows to specify data as a Secret + or ConfigMap. Fields are mutually exclusive. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + type: object + automountServiceAccountToken: + description: |- + automountServiceAccountToken defines whether a service account token should be automatically mounted in the pod. + If the service account has `automountServiceAccountToken: true`, set the field to `false` to opt out of automounting API credentials. + type: boolean + baseImage: + description: |- + baseImage that is used to deploy pods, without tag. + Deprecated: use 'image' instead. + type: string + clusterAdvertiseAddress: + description: |- + clusterAdvertiseAddress defines the explicit address to advertise in cluster. + Needs to be provided for non RFC1918 [1] (public) addresses. + [1] RFC1918: https://tools.ietf.org/html/rfc1918 + type: string + clusterGossipInterval: + description: clusterGossipInterval defines the interval between gossip + attempts. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + clusterLabel: + description: |- + clusterLabel defines the identifier that uniquely identifies the Alertmanager cluster. + You should only set it when the Alertmanager cluster includes Alertmanager instances which are external to this Alertmanager resource. In practice, the addresses of the external instances are provided via the `.spec.additionalPeers` field. + type: string + clusterPeerTimeout: + description: clusterPeerTimeout defines the timeout for cluster peering. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + clusterPushpullInterval: + description: clusterPushpullInterval defines the interval between + pushpull attempts. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + clusterTLS: + description: |- + clusterTLS defines the mutual TLS configuration for the Alertmanager cluster's gossip protocol. + + It requires Alertmanager >= 0.24.0. + properties: + client: + description: client defines the client-side configuration for + mutual TLS. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + server: + description: server defines the server-side configuration for + mutual TLS. + properties: + cert: + description: |- + cert defines the Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: |- + certFile defines the path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. + type: string + cipherSuites: + description: |- + cipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants + items: + type: string + type: array + client_ca: + description: |- + client_ca defines the Secret or ConfigMap containing the CA certificate for client certificate + authentication to the server. + + It is mutually exclusive with `clientCAFile`. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientAuthType: + description: |- + clientAuthType defines the server policy for client TLS authentication. + + For more detail on clientAuth options: + https://golang.org/pkg/crypto/tls/#ClientAuthType + type: string + clientCAFile: + description: |- + clientCAFile defines the path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. + type: string + curvePreferences: + description: |- + curvePreferences defines elliptic curves that will be used in an ECDHE handshake, in preference + order. + + Available curves are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#CurveID + items: + type: string + type: array + keyFile: + description: |- + keyFile defines the path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. + type: string + keySecret: + description: |- + keySecret defines the secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: maxVersion defines the Maximum TLS version that + is acceptable. + type: string + minVersion: + description: minVersion defines the minimum TLS version that + is acceptable. + type: string + preferServerCipherSuites: + description: |- + preferServerCipherSuites defines whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in + the order of elements in cipherSuites, is used. + type: boolean + type: object + required: + - client + - server + type: object + configMaps: + description: |- + configMaps defines a list of ConfigMaps in the same namespace as the Alertmanager + object, which shall be mounted into the Alertmanager Pods. + Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. + The ConfigMaps are mounted into `/etc/alertmanager/configmaps/` in the 'alertmanager' container. + items: + type: string + type: array + configSecret: + description: |- + configSecret defines the name of a Kubernetes Secret in the same namespace as the + Alertmanager object, which contains the configuration for this Alertmanager + instance. If empty, it defaults to `alertmanager-`. + + The Alertmanager configuration should be available under the + `alertmanager.yaml` key. Additional keys from the original secret are + copied to the generated secret and mounted into the + `/etc/alertmanager/config` directory in the `alertmanager` container. + + If either the secret or the `alertmanager.yaml` key is missing, the + operator provisions a minimal Alertmanager configuration with one empty + receiver (effectively dropping alert notifications). + type: string + containers: + description: |- + containers allows injecting additional containers or modifying operator + generated containers. This can be used to allow adding an authentication + proxy to the Pods or to change the behavior of an operator generated + container. Containers described here modify an operator generated + container if they share the same name and modifications are done via a + strategic merge patch. + + The names of containers managed by the operator are: + * `alertmanager` + * `config-reloader` + * `thanos-sidecar` + + Overriding containers which are managed by the operator require careful + testing, especially when upgrading to a new version of the operator. + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps or Secrets + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies a command to execute in + the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents a duration that the container + should sleep. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies a command to execute in + the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents a duration that the container + should sleep. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + description: |- + StopSignal defines which signal will be sent to a container when it is being stopped. + If not specified, the default is defined by the container runtime in use. + StopSignal can only be set for Pods with a non-empty .spec.os.name + type: string + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This overrides the pod-level restart policy. When this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Additionally, setting the RestartPolicy as "Always" for the init container will + have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + restartPolicyRules: + description: |- + Represents a list of rules to be checked to determine if the + container should be restarted on exit. The rules are evaluated in + order. Once a rule matches a container exit condition, the remaining + rules are ignored. If no rule matches the container exit condition, + the Container-level restart policy determines the whether the container + is restarted or not. Constraints on the rules: + - At most 20 rules are allowed. + - Rules can have the same action. + - Identical rules are not forbidden in validations. + When rules are specified, container MUST set RestartPolicy explicitly + even it if matches the Pod's RestartPolicy. + items: + description: ContainerRestartRule describes how a container + exit is handled. + properties: + action: + description: |- + Specifies the action taken on a container exit if the requirements + are satisfied. The only possible value is "Restart" to restart the + container. + type: string + exitCodes: + description: Represents the exit codes to check on container + exits. + properties: + operator: + description: |- + Represents the relationship between the container exit code(s) and the + specified values. Possible values are: + - In: the requirement is satisfied if the container exit code is in the + set of specified values. + - NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + type: string + values: + description: |- + Specifies the set of values to check for container exit codes. + At most 255 elements are allowed. + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + type: object + required: + - action + type: object + type: array + x-kubernetes-list-type: atomic + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: dnsConfig defines the DNS configuration for the pods. + properties: + nameservers: + description: |- + nameservers defines the list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + options: + description: |- + options defines the list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. + properties: + name: + description: name is required and must be unique. + minLength: 1 + type: string + value: + description: value is optional. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + searches: + description: |- + searches defines the list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + type: object + dnsPolicy: + description: dnsPolicy defines the DNS policy for the pods. + enum: + - ClusterFirstWithHostNet + - ClusterFirst + - Default + - None + type: string + enableFeatures: + description: |- + enableFeatures defines the Alertmanager's feature flags. By default, no features are enabled. + Enabling features which are disabled by default is entirely outside the + scope of what the maintainers will support and by doing so, you accept + that this behaviour may break at any time without notice. + + It requires Alertmanager >= 0.27.0. + items: + type: string + type: array + enableServiceLinks: + description: enableServiceLinks defines whether information about + services should be injected into pod's environment variables + type: boolean + externalUrl: + description: |- + externalUrl defines the URL used to access the Alertmanager web service. This is + necessary to generate correct URLs. This is necessary if Alertmanager is not + served from root of a DNS name. + type: string + forceEnableClusterMode: + description: |- + forceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. + Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. + type: boolean + hostAliases: + description: hostAliases Pods configuration + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: hostnames defines hostnames for the above IP address. + items: + type: string + type: array + ip: + description: ip defines the IP address of the host file entry. + type: string + required: + - hostnames + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostNetwork: + description: |- + hostNetwork controls whether the pod may use the node network namespace. + + Make sure to understand the security implications if you want to enable + it (https://kubernetes.io/docs/concepts/configuration/overview/). + + When hostNetwork is enabled, this will set the DNS policy to + `ClusterFirstWithHostNet` automatically (unless `.spec.dnsPolicy` is set + to a different value). + type: boolean + hostUsers: + description: |- + hostUsers supports the user space in Kubernetes. + + More info: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/ + + The feature requires at least Kubernetes 1.28 with the `UserNamespacesSupport` feature gate enabled. + Starting Kubernetes 1.33, the feature is enabled by default. + type: boolean + image: + description: |- + image if specified has precedence over baseImage, tag and sha + combinations. Specifying the version is still necessary to ensure the + Prometheus Operator knows what version of Alertmanager is being + configured. + type: string + imagePullPolicy: + description: |- + imagePullPolicy for the 'alertmanager', 'init-config-reloader' and 'config-reloader' containers. + See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. + enum: + - "" + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: |- + imagePullSecrets An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + initContainers allows injecting initContainers to the Pod definition. Those + can be used to e.g. fetch secrets for injection into the Prometheus + configuration from external sources. Any errors during the execution of + an initContainer will lead to a restart of the Pod. More info: + https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + InitContainers described here modify an operator generated init + containers if they share the same name and modifications are done via a + strategic merge patch. + + The names of init container name managed by the operator are: + * `init-config-reloader`. + + Overriding init containers which are managed by the operator require + careful testing, especially when upgrading to a new version of the + operator. + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps or Secrets + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies a command to execute in + the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents a duration that the container + should sleep. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies a command to execute in + the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents a duration that the container + should sleep. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + description: |- + StopSignal defines which signal will be sent to a container when it is being stopped. + If not specified, the default is defined by the container runtime in use. + StopSignal can only be set for Pods with a non-empty .spec.os.name + type: string + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This overrides the pod-level restart policy. When this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Additionally, setting the RestartPolicy as "Always" for the init container will + have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + restartPolicyRules: + description: |- + Represents a list of rules to be checked to determine if the + container should be restarted on exit. The rules are evaluated in + order. Once a rule matches a container exit condition, the remaining + rules are ignored. If no rule matches the container exit condition, + the Container-level restart policy determines the whether the container + is restarted or not. Constraints on the rules: + - At most 20 rules are allowed. + - Rules can have the same action. + - Identical rules are not forbidden in validations. + When rules are specified, container MUST set RestartPolicy explicitly + even it if matches the Pod's RestartPolicy. + items: + description: ContainerRestartRule describes how a container + exit is handled. + properties: + action: + description: |- + Specifies the action taken on a container exit if the requirements + are satisfied. The only possible value is "Restart" to restart the + container. + type: string + exitCodes: + description: Represents the exit codes to check on container + exits. + properties: + operator: + description: |- + Represents the relationship between the container exit code(s) and the + specified values. Possible values are: + - In: the requirement is satisfied if the container exit code is in the + set of specified values. + - NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + type: string + values: + description: |- + Specifies the set of values to check for container exit codes. + At most 255 elements are allowed. + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + type: object + required: + - action + type: object + type: array + x-kubernetes-list-type: atomic + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + limits: + description: limits defines the limits command line flags when starting + Alertmanager. + properties: + maxPerSilenceBytes: + description: |- + maxPerSilenceBytes defines the maximum size of an individual silence as stored on disk. This corresponds to the Alertmanager's + `--silences.max-per-silence-bytes` flag. + It requires Alertmanager >= v0.28.0. + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string + maxSilences: + description: |- + maxSilences defines the maximum number active and pending silences. This corresponds to the + Alertmanager's `--silences.max-silences` flag. + It requires Alertmanager >= v0.28.0. + format: int32 + minimum: 0 + type: integer + type: object + listenLocal: + description: |- + listenLocal defines the Alertmanager server listen on loopback, so that it + does not bind against the Pod IP. Note this is only for the Alertmanager + UI, not the gossip communication. + type: boolean + logFormat: + description: logFormat for Alertmanager to be configured with. + enum: + - "" + - logfmt + - json + type: string + logLevel: + description: logLevel for Alertmanager to be configured with. + enum: + - "" + - debug + - info + - warn + - error + type: string + minReadySeconds: + description: |- + minReadySeconds defines the minimum number of seconds for which a newly + created pod should be ready without any of its container crashing for it + to be considered available. + + If unset, pods will be considered available as soon as they are ready. + + When the Alertmanager version is greater than or equal to v0.30.0, the + duration is also used to delay the first flush of the aggregation + groups. This delay helps ensuring that all alerts have been resent by + the Prometheus instances to Alertmanager after a roll-out. It is + possible to override this behavior passing a custom value via + `.spec.additionalArgs`. + format: int32 + minimum: 0 + type: integer + nodeSelector: + additionalProperties: + type: string + description: nodeSelector defines which Nodes the Pods are scheduled + on. + type: object + paused: + description: |- + paused if set to true all actions on the underlying managed objects are not + going to be performed, except for delete actions. + type: boolean + persistentVolumeClaimRetentionPolicy: + description: |- + persistentVolumeClaimRetentionPolicy controls if and how PVCs are deleted during the lifecycle of a StatefulSet. + The default behavior is all PVCs are retained. + This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. + It requires enabling the StatefulSetAutoDeletePVC feature gate. + properties: + whenDeleted: + description: |- + WhenDeleted specifies what happens to PVCs created from StatefulSet + VolumeClaimTemplates when the StatefulSet is deleted. The default policy + of `Retain` causes PVCs to not be affected by StatefulSet deletion. The + `Delete` policy causes those PVCs to be deleted. + type: string + whenScaled: + description: |- + WhenScaled specifies what happens to PVCs created from StatefulSet + VolumeClaimTemplates when the StatefulSet is scaled down. The default + policy of `Retain` causes PVCs to not be affected by a scaledown. The + `Delete` policy causes the associated PVCs for any excess pods above + the replica count to be deleted. + type: string + type: object + podManagementPolicy: + description: |- + podManagementPolicy defines the policy for creating/deleting pods when + scaling up and down. + + Unlike the default StatefulSet behavior, the default policy is + `Parallel` to avoid manual intervention in case a pod gets stuck during + a rollout. + + Note that updating this value implies the recreation of the StatefulSet + which incurs a service outage. + enum: + - OrderedReady + - Parallel + type: string + podMetadata: + description: |- + podMetadata defines labels and annotations which are propagated to the Alertmanager pods. + + The following items are reserved and cannot be overridden: + * "alertmanager" label, set to the name of the Alertmanager instance. + * "app.kubernetes.io/instance" label, set to the name of the Alertmanager instance. + * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". + * "app.kubernetes.io/name" label, set to "alertmanager". + * "app.kubernetes.io/version" label, set to the Alertmanager version. + * "kubectl.kubernetes.io/default-container" annotation, set to "alertmanager". + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations defines an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + type: object + labels: + additionalProperties: + type: string + description: |- + labels define the map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + name: + description: |- + name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/ + type: string + type: object + portName: + default: web + description: |- + portName defines the port's name for the pods and governing service. + Defaults to `web`. + type: string + priorityClassName: + description: priorityClassName assigned to the Pods + type: string + replicas: + description: |- + replicas defines the expected size of the alertmanager cluster. The controller will + eventually make the size of the running cluster equal to the expected + size. + format: int32 + type: integer + resources: + description: resources defines the resource requests and limits of + the Pods. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + retention: + default: 120h + description: |- + retention defines the time duration Alertmanager shall retain data for. Default is '120h', + and must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + routePrefix: + description: |- + routePrefix Alertmanager registers HTTP handlers for. This is useful, + if using ExternalURL and a proxy is rewriting HTTP routes of a request, + and the actual ExternalURL is still true, but the server serves requests + under a different route prefix. For example for use with `kubectl proxy`. + type: string + schedulerName: + description: schedulerName defines the scheduler to use for Pod scheduling. + If not specified, the default scheduler is used. + minLength: 1 + type: string + secrets: + description: |- + secrets is a list of Secrets in the same namespace as the Alertmanager + object, which shall be mounted into the Alertmanager Pods. + Each Secret is added to the StatefulSet definition as a volume named `secret-`. + The Secrets are mounted into `/etc/alertmanager/secrets/` in the 'alertmanager' container. + items: + type: string + type: array + securityContext: + description: |- + securityContext holds pod-level security attributes and common container settings. + This defaults to the default PodSecurityContext. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxChangePolicy: + description: |- + seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. + It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. + Valid values are "MountOption" and "Recursive". + + "Recursive" means relabeling of all files on all Pod volumes by the container runtime. + This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + This requires all Pods that share the same volume to use the same SELinux label. + It is not possible to share the same volume among privileged and unprivileged Pods. + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes + whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their + CSIDriver instance. Other volumes are always re-labelled recursively. + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. + If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes + and "Recursive" for all other volumes. + + This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. + + All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. + Note that this field cannot be set when spec.os.name is windows. + type: string + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: |- + serviceAccountName is the name of the ServiceAccount to use to run the + Prometheus Pods. + type: string + serviceName: + description: |- + serviceName defines the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Alertmanager resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `alertmanager-operated` for Alertmanager resources. + When deploying multiple Alertmanager resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string + sha: + description: |- + sha of Alertmanager container image to be deployed. Defaults to the value of `version`. + Similar to a tag, but the SHA explicitly deploys an immutable container image. + Version and Tag are ignored if SHA is set. + Deprecated: use 'image' instead. The image digest can be specified as part of the image URL. + type: string + storage: + description: |- + storage defines the definition of how storage will be used by the Alertmanager + instances. + properties: + disableMountSubPath: + description: 'disableMountSubPath deprecated: subPath usage will + be removed in a future release.' + type: boolean + emptyDir: + description: |- + emptyDir to be used by the StatefulSet. + If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral to be used by the StatefulSet. + This is a beta field in k8s 1.21 and GA in 1.15. + For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. + More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + Users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines the PVC spec to be used by the Prometheus StatefulSets. + The easiest way to use a volume that cannot be automatically provisioned + is to use a label selector alongside manually created PersistentVolumes. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: metadata defines EmbeddedMetadata contains metadata + relevant to an EmbeddedResource. + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations defines an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + type: object + labels: + additionalProperties: + type: string + description: |- + labels define the map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + name: + description: |- + name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/ + type: string + type: object + spec: + description: |- + spec defines the specification of the characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + Users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'status is deprecated: this field is never set.' + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the volume + in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller with + a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing the + volume but further resizing of\n\t\tvolume is needed + on the node.\n\t- NodeResizeInProgress:\n\t\tState set + when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState + set when resizing has failed in kubelet with a terminal + error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor + example: if expanding a PVC for more capacity - this + field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not set, + it means that no resize operation is in progress for + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion + capacity request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress and + if the actual volume capacity\nis equal or lower than + the requested capacity.\n\nA controller that receives + PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'Resizing'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "Resizing" that means the underlying + persistent volume is being resized. + type: string + status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required + type: string + type: + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as\n the specified VolumeAttributesClass not existing.\n + - InProgress\n InProgress indicates that the volume + is being modified.\n - Infeasible\n Infeasible + indicates that the request has been rejected as + invalid by the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be specified.\nNote: + New statuses can be added in the future. Consumers + should check for unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: |- + tag of Alertmanager container image to be deployed. Defaults to the value of `version`. + Version is ignored if Tag is set. + Deprecated: use 'image' instead. The image tag can be specified as part of the image URL. + type: string + terminationGracePeriodSeconds: + description: |- + terminationGracePeriodSeconds defines the Optional duration in seconds the pod needs to terminate gracefully. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down) which may lead to data corruption. + + Defaults to 120 seconds. + format: int64 + minimum: 0 + type: integer + tolerations: + description: tolerations defines the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints defines the Pod's topology + spread constraints. + items: + description: TopologySpreadConstraint specifies how to spread matching + pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + updateStrategy: + description: |- + updateStrategy indicates the strategy that will be employed to update + Pods in the StatefulSet when a revision is made to statefulset's Pod + Template. + + The default strategy is RollingUpdate. + properties: + rollingUpdate: + description: rollingUpdate is used to communicate parameters when + type is RollingUpdate. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + maxUnavailable is the maximum number of pods that can be unavailable + during the update. The value can be an absolute number (ex: 5) or a + percentage of desired pods (ex: 10%). Absolute number is calculated from + percentage by rounding up. This can not be 0. Defaults to 1. This field + is alpha-level and is only honored by servers that enable the + MaxUnavailableStatefulSet feature. The field applies to all pods in the + range 0 to Replicas-1. That means if there is any unavailable pod in + the range 0 to Replicas-1, it will be counted towards MaxUnavailable. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + type indicates the type of the StatefulSetUpdateStrategy. + + Default is RollingUpdate. + enum: + - OnDelete + - RollingUpdate + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: rollingUpdate requires type to be RollingUpdate + rule: '!(self.type != ''RollingUpdate'' && has(self.rollingUpdate))' + version: + description: version the cluster should be on. + type: string + volumeMounts: + description: |- + volumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. + VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, + that are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: |- + volumes allows configuration of additional volumes on the output StatefulSet definition. + Volumes specified will be appended to other volumes that are generated as a result of + StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree + awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers. + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name, namespace and uid + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + Users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. + properties: + endpoints: + description: endpoints is the endpoint name that details + Glusterfs topology. + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate + is on. + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podCertificate: + description: |- + Projects an auto-rotating credential bundle (private key and certificate + chain) that the pod can use either as a TLS client or server. + + Kubelet generates a private key and uses it to send a + PodCertificateRequest to the named signer. Once the signer approves the + request and issues a certificate chain, Kubelet writes the key and + certificate chain to the pod filesystem. The pod does not start until + certificates have been issued for each podCertificate projected volume + source in its spec. + + Kubelet will begin trying to rotate the certificate at the time indicated + by the signer using the PodCertificateRequest.Status.BeginRefreshAt + timestamp. + + Kubelet can write a single file, indicated by the credentialBundlePath + field, or separate files, indicated by the keyPath and + certificateChainPath fields. + + The credential bundle is a single file in PEM format. The first PEM + entry is the private key (in PKCS#8 format), and the remaining PEM + entries are the certificate chain issued by the signer (typically, + signers will return their certificate chain in leaf-to-root order). + + Prefer using the credential bundle format, since your application code + can read it atomically. If you use keyPath and certificateChainPath, + your application must make two separate file reads. If these coincide + with a certificate rotation, it is possible that the private key and leaf + certificate you read may not correspond to each other. Your application + will need to check for this condition, and re-read until they are + consistent. + + The named signer controls chooses the format of the certificate it + issues; consult the signer implementation's documentation to learn how to + use the certificates it issues. + properties: + certificateChainPath: + description: |- + Write the certificate chain at this path in the projected volume. + + Most applications should use credentialBundlePath. When using keyPath + and certificateChainPath, your application needs to check that the key + and leaf certificate are consistent, because it is possible to read the + files mid-rotation. + type: string + credentialBundlePath: + description: |- + Write the credential bundle at this path in the projected volume. + + The credential bundle is a single file that contains multiple PEM blocks. + The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private + key. + + The remaining blocks are CERTIFICATE blocks, containing the issued + certificate chain from the signer (leaf and any intermediates). + + Using credentialBundlePath lets your Pod's application code make a single + atomic read that retrieves a consistent key and certificate chain. If you + project them to separate files, your application code will need to + additionally check that the leaf certificate was issued to the key. + type: string + keyPath: + description: |- + Write the key at this path in the projected volume. + + Most applications should use credentialBundlePath. When using keyPath + and certificateChainPath, your application needs to check that the key + and leaf certificate are consistent, because it is possible to read the + files mid-rotation. + type: string + keyType: + description: |- + The type of keypair Kubelet will generate for the pod. + + Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384", + "ECDSAP521", and "ED25519". + type: string + maxExpirationSeconds: + description: |- + maxExpirationSeconds is the maximum lifetime permitted for the + certificate. + + Kubelet copies this value verbatim into the PodCertificateRequests it + generates for this projection. + + If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver + will reject values shorter than 3600 (1 hour). The maximum allowable + value is 7862400 (91 days). + + The signer implementation is then free to issue a certificate with any + lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 + seconds (1 hour). This constraint is enforced by kube-apiserver. + `kubernetes.io` signers will never issue certificates with a lifetime + longer than 24 hours. + format: int32 + type: integer + signerName: + description: Kubelet's generated CSRs will be + addressed to this signer. + type: string + userAnnotations: + additionalProperties: + type: string + description: |- + userAnnotations allow pod authors to pass additional information to + the signer implementation. Kubernetes does not restrict or validate this + metadata in any way. + + These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of + the PodCertificateRequest objects that Kubelet creates. + + Entries are subject to the same validation as object metadata annotations, + with the addition that all keys must be domain-prefixed. No restrictions + are placed on values, except an overall size limitation on the entire field. + + Signers should document the keys and values they support. Signers should + deny requests that contain keys they do not recognize. + type: object + required: + - keyType + - signerName + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + web: + description: web defines the web command line flags when starting + Alertmanager. + properties: + getConcurrency: + description: |- + getConcurrency defines the maximum number of GET requests processed concurrently. This corresponds to the + Alertmanager's `--web.get-concurrency` flag. + format: int32 + type: integer + httpConfig: + description: httpConfig defines HTTP parameters for web server. + properties: + headers: + description: headers defines a list of headers that can be + added to HTTP responses. + properties: + contentSecurityPolicy: + description: |- + contentSecurityPolicy defines the Content-Security-Policy header to HTTP responses. + Unset if blank. + type: string + strictTransportSecurity: + description: |- + strictTransportSecurity defines the Strict-Transport-Security header to HTTP responses. + Unset if blank. + Please make sure that you use this with care as this header might force + browsers to load Prometheus and the other applications hosted on the same + domain and subdomains over HTTPS. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + type: string + xContentTypeOptions: + description: |- + xContentTypeOptions defines the X-Content-Type-Options header to HTTP responses. + Unset if blank. Accepted value is nosniff. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + enum: + - "" + - NoSniff + type: string + xFrameOptions: + description: |- + xFrameOptions defines the X-Frame-Options header to HTTP responses. + Unset if blank. Accepted values are deny and sameorigin. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + enum: + - "" + - Deny + - SameOrigin + type: string + xXSSProtection: + description: |- + xXSSProtection defines the X-XSS-Protection header to all responses. + Unset if blank. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection + type: string + type: object + http2: + description: |- + http2 enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. + When TLSConfig is not configured, HTTP/2 will be disabled. + Whenever the value of the field changes, a rolling update will be triggered. + type: boolean + type: object + timeout: + description: |- + timeout for HTTP requests. This corresponds to the Alertmanager's + `--web.timeout` flag. + format: int32 + type: integer + tlsConfig: + description: tlsConfig defines the TLS parameters for HTTPS. + properties: + cert: + description: |- + cert defines the Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: |- + certFile defines the path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. + type: string + cipherSuites: + description: |- + cipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants + items: + type: string + type: array + client_ca: + description: |- + client_ca defines the Secret or ConfigMap containing the CA certificate for client certificate + authentication to the server. + + It is mutually exclusive with `clientCAFile`. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientAuthType: + description: |- + clientAuthType defines the server policy for client TLS authentication. + + For more detail on clientAuth options: + https://golang.org/pkg/crypto/tls/#ClientAuthType + type: string + clientCAFile: + description: |- + clientCAFile defines the path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. + type: string + curvePreferences: + description: |- + curvePreferences defines elliptic curves that will be used in an ECDHE handshake, in preference + order. + + Available curves are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#CurveID + items: + type: string + type: array + keyFile: + description: |- + keyFile defines the path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. + type: string + keySecret: + description: |- + keySecret defines the secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: maxVersion defines the Maximum TLS version that + is acceptable. + type: string + minVersion: + description: minVersion defines the minimum TLS version that + is acceptable. + type: string + preferServerCipherSuites: + description: |- + preferServerCipherSuites defines whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in + the order of elements in cipherSuites, is used. + type: boolean + type: object + type: object + type: object + status: + description: |- + status defines the most recent observed status of the Alertmanager cluster. Read-only. + More info: + https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + availableReplicas: + description: |- + availableReplicas defines the total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. + format: int32 + type: integer + conditions: + description: conditions defines the current state of the Alertmanager + object. + items: + description: |- + Condition represents the state of the resources associated with the + Prometheus, Alertmanager or ThanosRuler resource. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status property. + format: date-time + type: string + message: + description: message defines human-readable message indicating + details for the condition's last transition. + type: string + observedGeneration: + description: |- + observedGeneration defines the .metadata.generation that the + condition was set based upon. For instance, if `.metadata.generation` is + currently 12, but the `.status.conditions[].observedGeneration` is 9, the + condition is out of date with respect to the current state of the + instance. + format: int64 + type: integer + reason: + description: reason for the condition's last transition. + type: string + status: + description: status of the condition. + minLength: 1 + type: string + type: + description: type of the condition being reported. + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + paused: + description: |- + paused defines whether any actions on the underlying managed objects are + being performed. Only delete actions will be performed. + type: boolean + replicas: + description: |- + replicas defines the total number of non-terminated pods targeted by this Alertmanager + object (their labels match the selector). + format: int32 + type: integer + selector: + description: selector used to match the pods targeted by this Alertmanager + object. + type: string + unavailableReplicas: + description: unavailableReplicas defines the total number of unavailable + pods targeted by this Alertmanager object. + format: int32 + type: integer + updatedReplicas: + description: |- + updatedReplicas defines the total number of non-terminated pods targeted by this Alertmanager + object that have the desired version spec. + format: int32 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml new file mode 100644 index 0000000..2fdff7d --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml @@ -0,0 +1,1399 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + operator.prometheus.io/version: 0.90.1 + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + shortNames: + - pmon + singular: podmonitor + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + The `PodMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of pods. + Among other things, it allows to specify: + * The pods to scrape via label selectors. + * The container ports to scrape. + * Authentication credentials to use. + * Target and metric relabeling. + + `Prometheus` and `PrometheusAgent` objects select `PodMonitor` objects using label and namespace selectors. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec defines the specification of desired Pod selection for + target discovery by Prometheus. + properties: + attachMetadata: + description: |- + attachMetadata defines additional metadata which is added to the + discovered targets. + + It requires Prometheus >= v2.35.0. + properties: + node: + description: |- + node when set to true, Prometheus attaches node metadata to the discovered + targets. + + The Prometheus service account must have the `list` and `watch` + permissions on the `Nodes` objects. + type: boolean + type: object + bodySizeLimit: + description: |- + bodySizeLimit when defined specifies a job level limit on the size + of uncompressed response body that will be accepted by Prometheus. + + It requires Prometheus >= v2.28.0. + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string + convertClassicHistogramsToNHCB: + description: |- + convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native histogram with custom buckets. + It requires Prometheus >= v3.0.0. + type: boolean + fallbackScrapeProtocol: + description: |- + fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + jobLabel: + description: |- + jobLabel defines the label to use to retrieve the job name from. + `jobLabel` selects the label from the associated Kubernetes `Pod` + object which will be used as the `job` label for all metrics. + + For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` + object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` + label to all ingested metrics. + + If the value of this field is empty, the `job` label of the metrics + defaults to the namespace and name of the PodMonitor object (e.g. `/`). + type: string + keepDroppedTargets: + description: |- + keepDroppedTargets defines the per-scrape limit on the number of targets dropped by relabeling + that will be kept in memory. 0 means no limit. + + It requires Prometheus >= v2.47.0. + format: int64 + type: integer + labelLimit: + description: |- + labelLimit defines the per-scrape limit on number of labels that will be accepted for a sample. + + It requires Prometheus >= v2.27.0. + format: int64 + type: integer + labelNameLengthLimit: + description: |- + labelNameLengthLimit defines the per-scrape limit on length of labels name that will be accepted for a sample. + + It requires Prometheus >= v2.27.0. + format: int64 + type: integer + labelValueLengthLimit: + description: |- + labelValueLengthLimit defines the per-scrape limit on length of labels value that will be accepted for a sample. + + It requires Prometheus >= v2.27.0. + format: int64 + type: integer + namespaceSelector: + description: |- + namespaceSelector defines in which namespace(s) Prometheus should discover the pods. + By default, the pods are discovered in the same namespace as the `PodMonitor` object but it is possible to select pods across different/all namespaces. + properties: + any: + description: |- + any defines the boolean describing whether all namespaces are selected in contrast to a + list restricting them. + type: boolean + matchNames: + description: matchNames defines the list of namespace names to + select from. + items: + type: string + type: array + type: object + nativeHistogramBucketLimit: + description: |- + nativeHistogramBucketLimit defines ff there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + nativeHistogramMinBucketFactor defines if the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podMetricsEndpoints: + description: podMetricsEndpoints defines how to scrape metrics from + the selected pods. + items: + description: |- + PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by + Prometheus. + properties: + authorization: + description: |- + authorization configures the Authorization header credentials used by + the client. + + Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the Basic Authentication credentials used by the + client. + + Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + bearerTokenSecret defines a key of a Secret containing the bearer token + used by the client for authentication. The secret needs to be in the + same namespace as the custom resource and readable by the Prometheus + Operator. + + Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`. + + Deprecated: use `authorization` instead. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + filterRunning: + description: |- + filterRunning when true, the pods which are not running (e.g. either in Failed or + Succeeded state) are dropped during the target discovery. + + If unset, the filtering is enabled. + + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase + type: boolean + followRedirects: + description: |- + followRedirects defines whether the client should follow HTTP 3xx + redirects. + type: boolean + honorLabels: + description: |- + honorLabels when true preserves the metric's labels when they collide + with the target's labels. + type: boolean + honorTimestamps: + description: |- + honorTimestamps defines whether Prometheus preserves the timestamps + when exposed by the target. + type: boolean + interval: + description: |- + interval at which Prometheus scrapes the metrics from the target. + + If empty, Prometheus uses the global scrape interval. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + metricRelabelings: + description: |- + metricRelabelings defines the relabeling rules to apply to the + samples before ingestion. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression against + which the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + type: array + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the OAuth2 settings used by the client. + + It requires Prometheus >= 2.27.0. + + Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + params: + additionalProperties: + items: + type: string + type: array + description: params define optional HTTP URL parameters. + type: object + path: + description: |- + path defines the HTTP path from which to scrape for metrics. + + If empty, Prometheus uses the default value (e.g. `/metrics`). + type: string + port: + description: |- + port defines the `Pod` port name which exposes the endpoint. + + If the pod doesn't expose a port with the same name, it will result + in no targets being discovered. + + If a `Pod` has multiple `Port`s with the same name (which is not + recommended), one target instance per unique port number will be + generated. + + It takes precedence over the `portNumber` and `targetPort` fields. + type: string + portNumber: + description: |- + portNumber defines the `Pod` port number which exposes the endpoint. + + The `Pod` must declare the specified `Port` in its spec or the + target will be dropped by Prometheus. + + This cannot be used to enable scraping of an undeclared port. + To scrape targets on a port which isn't exposed, you need to use + relabeling to override the `__address__` label (but beware of + duplicate targets if the `Pod` has other declared ports). + + In practice Prometheus will select targets for which the + matches the target's __meta_kubernetes_pod_container_port_number. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + relabelings: + description: |- + relabelings defines the relabeling rules to apply the target's + metadata labels. + + The Operator automatically adds relabelings for a few standard Kubernetes fields. + + The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression against + which the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: scheme defines the HTTP scheme to use for scraping. + enum: + - http + - https + - HTTP + - HTTPS + type: string + scrapeTimeout: + description: |- + scrapeTimeout defines the timeout after which Prometheus considers the scrape to be failed. + + If empty, Prometheus uses the global scrape timeout unless it is less + than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: |- + targetPort defines the name or number of the target port of the `Pod` object behind the Service, the + port must be specified with container port property. + + Deprecated: use 'port' or 'portNumber' instead. + x-kubernetes-int-or-string: true + tlsConfig: + description: tlsConfig defines the TLS configuration used by + the client. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + trackTimestampsStaleness: + description: |- + trackTimestampsStaleness defines whether Prometheus tracks staleness of + the metrics that have an explicit timestamp present in scraped data. + Has no effect if `honorTimestamps` is false. + + It requires Prometheus >= v2.48.0. + type: boolean + type: object + type: array + podTargetLabels: + description: |- + podTargetLabels defines the labels which are transferred from the + associated Kubernetes `Pod` object onto the ingested metrics. + items: + type: string + type: array + sampleLimit: + description: |- + sampleLimit defines a per-scrape limit on the number of scraped samples + that will be accepted. + format: int64 + type: integer + scrapeClass: + description: scrapeClass defines the scrape class to apply. + minLength: 1 + type: string + scrapeClassicHistograms: + description: |- + scrapeClassicHistograms defines whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + + Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration. + type: boolean + scrapeNativeHistograms: + description: |- + scrapeNativeHistograms defines whether to enable scraping of native histograms. + It requires Prometheus >= v3.8.0. + type: boolean + scrapeProtocols: + description: |- + scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the + protocols supported by Prometheus in order of preference (from most to least preferred). + + If unset, Prometheus uses its default value. + + It requires Prometheus >= v2.49.0. + items: + description: |- + ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. + Supported values are: + * `OpenMetricsText0.0.1` + * `OpenMetricsText1.0.0` + * `PrometheusProto` + * `PrometheusText0.0.4` + * `PrometheusText1.0.0` + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + type: array + x-kubernetes-list-type: set + selector: + description: selector defines the label selector to select the Kubernetes + `Pod` objects to scrape metrics from. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selectorMechanism: + description: |- + selectorMechanism defines the mechanism used to select the endpoints to scrape. + By default, the selection process relies on relabel configurations to filter the discovered targets. + Alternatively, you can opt in for role selectors, which may offer better efficiency in large clusters. + Which strategy is best for your use case needs to be carefully evaluated. + + It requires Prometheus >= v2.17.0. + enum: + - RelabelConfig + - RoleSelector + type: string + targetLimit: + description: |- + targetLimit defines a limit on the number of scraped targets that will + be accepted. + format: int64 + type: integer + required: + - selector + type: object + status: + description: |- + status defines the status subresource. It is under active development and is updated only when the + "StatusForConfigurationResources" feature gate is enabled. + + Most recent observed status of the PodMonitor. Read-only. + More info: + https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + bindings: + description: bindings defines the list of workload resources (Prometheus, + PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration + resource. + items: + description: WorkloadBinding is a link between a configuration resource + and a workload resource. + properties: + conditions: + description: conditions defines the current state of the configuration + resource when bound to the referenced Workload object. + items: + description: ConfigResourceCondition describes the status + of configuration resources linked to Prometheus, PrometheusAgent, + Alertmanager or ThanosRuler. + properties: + lastTransitionTime: + description: lastTransitionTime defines the time of the + last update to the current status property. + format: date-time + type: string + message: + description: message defines the human-readable message + indicating details for the condition's last transition. + type: string + observedGeneration: + description: |- + observedGeneration defines the .metadata.generation that the + condition was set based upon. For instance, if `.metadata.generation` is + currently 12, but the `.status.conditions[].observedGeneration` is 9, the + condition is out of date with respect to the current state of the object. + format: int64 + type: integer + reason: + description: reason for the condition's last transition. + type: string + status: + description: status of the condition. + minLength: 1 + type: string + type: + description: |- + type of the condition being reported. + Currently, only "Accepted" is supported. + enum: + - Accepted + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + group: + description: group defines the group of the referenced resource. + enum: + - monitoring.coreos.com + type: string + name: + description: name defines the name of the referenced object. + minLength: 1 + type: string + namespace: + description: namespace defines the namespace of the referenced + object. + minLength: 1 + type: string + resource: + description: resource defines the type of resource being referenced + (e.g. Prometheus, PrometheusAgent, ThanosRuler or Alertmanager). + enum: + - prometheuses + - prometheusagents + - thanosrulers + - alertmanagers + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - name + - namespace + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml new file mode 100644 index 0000000..cea5598 --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml @@ -0,0 +1,1416 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + operator.prometheus.io/version: 0.90.1 + name: probes.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Probe + listKind: ProbeList + plural: probes + shortNames: + - prb + singular: probe + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + The `Probe` custom resource definition (CRD) defines how to scrape metrics from prober exporters such as the [blackbox exporter](https://github.com/prometheus/blackbox_exporter). + + The `Probe` resource needs 2 pieces of information: + * The list of probed addresses which can be defined statically or by discovering Kubernetes Ingress objects. + * The prober which exposes the availability of probed endpoints (over various protocols such HTTP, TCP, ICMP, ...) as Prometheus metrics. + + `Prometheus` and `PrometheusAgent` objects select `Probe` objects using label and namespace selectors. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec defines the specification of desired Ingress selection + for target discovery by Prometheus. + properties: + authorization: + description: |- + authorization configures the Authorization header credentials used by + the client. + + Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the Basic Authentication credentials used by the + client. + + Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + bearerTokenSecret defines a key of a Secret containing the bearer token + used by the client for authentication. The secret needs to be in the + same namespace as the custom resource and readable by the Prometheus + Operator. + + Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`. + + Deprecated: use `authorization` instead. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + convertClassicHistogramsToNHCB: + description: |- + convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native histogram with custom buckets. + It requires Prometheus >= v3.0.0. + type: boolean + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + fallbackScrapeProtocol: + description: |- + fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + followRedirects: + description: |- + followRedirects defines whether the client should follow HTTP 3xx + redirects. + type: boolean + interval: + description: |- + interval at which targets are probed using the configured prober. + If not specified Prometheus' global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + jobName: + description: jobName assigned to scraped metrics by default. + type: string + keepDroppedTargets: + description: |- + keepDroppedTargets defines the per-scrape limit on the number of targets dropped by relabeling + that will be kept in memory. 0 means no limit. + + It requires Prometheus >= v2.47.0. + format: int64 + type: integer + labelLimit: + description: |- + labelLimit defines the per-scrape limit on number of labels that will be accepted for a sample. + Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: |- + labelNameLengthLimit defines the per-scrape limit on length of labels name that will be accepted for a sample. + Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: |- + labelValueLengthLimit defines the per-scrape limit on length of labels value that will be accepted for a sample. + Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + metricRelabelings: + description: metricRelabelings defines the RelabelConfig to apply + to samples before ingestion. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression against which + the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + type: array + module: + description: |- + module to use for probing specifying how to probe the target. + Example module configuring in the blackbox exporter: + https://github.com/prometheus/blackbox_exporter/blob/master/example.yml + type: string + nativeHistogramBucketLimit: + description: |- + nativeHistogramBucketLimit defines ff there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + nativeHistogramMinBucketFactor defines if the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + oauth2: + description: |- + oauth2 defines the OAuth2 settings used by the client. + + It requires Prometheus >= 2.27.0. + + Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the token + request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + params: + description: |- + params defines the list of HTTP query parameters for the scrape. + Please note that the `.spec.module` field takes precedence over the `module` parameter from this list when both are defined. + The module name must be added using Module under ProbeSpec. + items: + description: ProbeParam defines specification of extra parameters + for a Probe. + properties: + name: + description: name defines the parameter name + minLength: 1 + type: string + values: + description: values defines the parameter values + items: + minLength: 1 + type: string + minItems: 1 + type: array + required: + - name + type: object + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + prober: + description: |- + prober defines the specification for the prober to use for probing targets. + The prober.URL parameter is required. Targets cannot be probed if left empty. + properties: + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + path: + default: /probe + description: |- + path to collect metrics from. + Defaults to `/probe`. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scheme: + description: scheme defines the HTTP scheme to use when scraping + the prober. + enum: + - http + - https + - HTTP + - HTTPS + type: string + url: + description: |- + url defines the address of the prober. + + Unlike what the name indicates, the value should be in the form of + `address:port` without any scheme which should be specified in the + `scheme` field. + minLength: 1 + type: string + required: + - url + type: object + sampleLimit: + description: sampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + scrapeClass: + description: scrapeClass defines the scrape class to apply. + minLength: 1 + type: string + scrapeClassicHistograms: + description: |- + scrapeClassicHistograms defines whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + + Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration. + type: boolean + scrapeNativeHistograms: + description: |- + scrapeNativeHistograms defines whether to enable scraping of native histograms. + It requires Prometheus >= v3.8.0. + type: boolean + scrapeProtocols: + description: |- + scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the + protocols supported by Prometheus in order of preference (from most to least preferred). + + If unset, Prometheus uses its default value. + + It requires Prometheus >= v2.49.0. + items: + description: |- + ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. + Supported values are: + * `OpenMetricsText0.0.1` + * `OpenMetricsText1.0.0` + * `PrometheusProto` + * `PrometheusText0.0.4` + * `PrometheusText1.0.0` + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + type: array + x-kubernetes-list-type: set + scrapeTimeout: + description: |- + scrapeTimeout defines the timeout for scraping metrics from the Prometheus exporter. + If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + targetLimit: + description: targetLimit defines a limit on the number of scraped + targets that will be accepted. + format: int64 + type: integer + targets: + description: targets defines a set of static or dynamically discovered + targets to probe. + properties: + ingress: + description: |- + ingress defines the Ingress objects to probe and the relabeling + configuration. + If `staticConfig` is also defined, `staticConfig` takes precedence. + properties: + namespaceSelector: + description: namespaceSelector defines from which namespaces + to select Ingress objects. + properties: + any: + description: |- + any defines the boolean describing whether all namespaces are selected in contrast to a + list restricting them. + type: boolean + matchNames: + description: matchNames defines the list of namespace + names to select from. + items: + type: string + type: array + type: object + relabelingConfigs: + description: |- + relabelingConfigs to apply to the label set of the target before it gets + scraped. + The original ingress address is available via the + `__tmp_prometheus_ingress_address` label. It can be used to customize the + probed URL. + The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression against + which the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + type: array + selector: + description: selector to select the Ingress objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + staticConfig: + description: |- + staticConfig defines the static list of targets to probe and the + relabeling configuration. + If `ingress` is also defined, `staticConfig` takes precedence. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config. + properties: + labels: + additionalProperties: + type: string + description: labels defines all labels assigned to all metrics + scraped from the targets. + type: object + relabelingConfigs: + description: |- + relabelingConfigs defines relabelings to be apply to the label set of the targets before it gets + scraped. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression against + which the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + type: array + static: + description: static defines the list of hosts to probe. + items: + type: string + type: array + type: object + type: object + tlsConfig: + description: tlsConfig defines the TLS configuration used by the client. + properties: + ca: + description: ca defines the Certificate authority used when verifying + server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present when + doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for the + targets. + type: string + type: object + type: object + status: + description: |- + status defines the status subresource. It is under active development and is updated only when the + "StatusForConfigurationResources" feature gate is enabled. + + Most recent observed status of the Probe. Read-only. + More info: + https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + bindings: + description: bindings defines the list of workload resources (Prometheus, + PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration + resource. + items: + description: WorkloadBinding is a link between a configuration resource + and a workload resource. + properties: + conditions: + description: conditions defines the current state of the configuration + resource when bound to the referenced Workload object. + items: + description: ConfigResourceCondition describes the status + of configuration resources linked to Prometheus, PrometheusAgent, + Alertmanager or ThanosRuler. + properties: + lastTransitionTime: + description: lastTransitionTime defines the time of the + last update to the current status property. + format: date-time + type: string + message: + description: message defines the human-readable message + indicating details for the condition's last transition. + type: string + observedGeneration: + description: |- + observedGeneration defines the .metadata.generation that the + condition was set based upon. For instance, if `.metadata.generation` is + currently 12, but the `.status.conditions[].observedGeneration` is 9, the + condition is out of date with respect to the current state of the object. + format: int64 + type: integer + reason: + description: reason for the condition's last transition. + type: string + status: + description: status of the condition. + minLength: 1 + type: string + type: + description: |- + type of the condition being reported. + Currently, only "Accepted" is supported. + enum: + - Accepted + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + group: + description: group defines the group of the referenced resource. + enum: + - monitoring.coreos.com + type: string + name: + description: name defines the name of the referenced object. + minLength: 1 + type: string + namespace: + description: namespace defines the namespace of the referenced + object. + minLength: 1 + type: string + resource: + description: resource defines the type of resource being referenced + (e.g. Prometheus, PrometheusAgent, ThanosRuler or Alertmanager). + enum: + - prometheuses + - prometheusagents + - thanosrulers + - alertmanagers + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - name + - namespace + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml new file mode 100644 index 0000000..1a58269 --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml @@ -0,0 +1,11449 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + operator.prometheus.io/version: 0.90.1 + name: prometheusagents.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: PrometheusAgent + listKind: PrometheusAgentList + plural: prometheusagents + shortNames: + - promagent + singular: prometheusagent + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Prometheus agent + jsonPath: .spec.version + name: Version + type: string + - description: The number of desired replicas + jsonPath: .spec.replicas + name: Desired + type: integer + - description: The number of ready replicas + jsonPath: .status.availableReplicas + name: Ready + type: integer + - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status + name: Reconciled + type: string + - jsonPath: .status.conditions[?(@.type == 'Available')].status + name: Available + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Whether the resource reconciliation is paused or not + jsonPath: .status.paused + name: Paused + priority: 1 + type: boolean + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + The `PrometheusAgent` custom resource definition (CRD) defines a desired [Prometheus Agent](https://prometheus.io/blog/2021/11/16/agent/) setup to run in a Kubernetes cluster. + + The CRD is very similar to the `Prometheus` CRD except for features which aren't available in agent mode like rule evaluation, persistent storage and Thanos sidecar. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + spec defines the specification of the desired behavior of the Prometheus agent. More info: + https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + additionalArgs: + description: |- + additionalArgs allows setting additional arguments for the 'prometheus' container. + + It is intended for e.g. activating hidden flags which are not supported by + the dedicated configuration options yet. The arguments are passed as-is to the + Prometheus container which may cause issues if they are invalid or not supported + by the given Prometheus version. + + In case of an argument conflict (e.g. an argument which is already set by the + operator itself) or when providing an invalid argument, the reconciliation will + fail and an error will be logged. + items: + description: Argument as part of the AdditionalArgs list. + properties: + name: + description: name of the argument, e.g. "scrape.discovery-reload-interval". + minLength: 1 + type: string + value: + description: value defines the argument value, e.g. 30s. Can + be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile) + type: string + required: + - name + type: object + type: array + additionalScrapeConfigs: + description: |- + additionalScrapeConfigs allows specifying a key of a Secret containing + additional Prometheus scrape configurations. Scrape configurations + specified are appended to the configurations generated by the Prometheus + Operator. Job configurations specified must have the form as specified + in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make sure it + is valid. Note that using this feature may expose the possibility to + break upgrades of Prometheus. It is advised to review Prometheus release + notes to ensure that no incompatible scrape configs are going to break + Prometheus after the upgrade. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + affinity: + description: affinity defines the Pods' affinity scheduling rules + if specified. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and subtracting + "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + apiserverConfig: + description: |- + apiserverConfig allows specifying a host and auth methods to access the + Kuberntees API server. + If null, Prometheus is assumed to run inside of the cluster: it will + discover the API servers automatically and use the Pod's CA certificate + and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + authorization: + description: |- + authorization section for the API server. + + Cannot be set at the same time as `basicAuth`, `bearerToken`, or + `bearerTokenFile`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: credentialsFile defines the file to read a secret + from, mutually exclusive with `credentials`. + type: string + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth configuration for the API server. + + Cannot be set at the same time as `authorization`, `bearerToken`, or + `bearerTokenFile`. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerToken: + description: |- + bearerToken is deprecated: this will be removed in a future release. + *Warning: this field shouldn't be used because the token value appears + in clear-text. Prefer using `authorization`.* + type: string + bearerTokenFile: + description: |- + bearerTokenFile defines the file to read bearer token for accessing apiserver. + + Cannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`. + + Deprecated: this will be removed in a future release. Prefer using `authorization`. + type: string + host: + description: |- + host defines the Kubernetes API address consisting of a hostname or IP address followed + by an optional port number. + type: string + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + tlsConfig: + description: tlsConfig to use for the API server. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: caFile defines the path to the CA cert in the + Prometheus container to use for the targets. + type: string + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: certFile defines the path to the client cert + file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keyFile: + description: keyFile defines the path to the client key file + in the Prometheus container for the targets. + type: string + keySecret: + description: keySecret defines the Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: |- + arbitraryFSAccessThroughSMs when true, ServiceMonitor, PodMonitor and Probe object are forbidden to + reference arbitrary files on the file system of the 'prometheus' + container. + When a ServiceMonitor's endpoint specifies a `bearerTokenFile` value + (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), a + malicious target can get access to the Prometheus service account's + token in the Prometheus' scrape request. Setting + `spec.arbitraryFSAccessThroughSM` to 'true' would prevent the attack. + Users should instead provide the credentials using the + `spec.bearerTokenSecret` field. + properties: + deny: + description: |- + deny prevents service monitors from accessing arbitrary files on the file system. + When true, service monitors cannot use file-based configurations like BearerTokenFile + that could potentially access sensitive files. When false (default), such access is allowed. + Setting this to true enhances security by preventing potential credential theft attacks. + type: boolean + type: object + automountServiceAccountToken: + description: |- + automountServiceAccountToken defines whether a service account token should be automatically mounted in the pod. + If the field isn't set, the operator mounts the service account token by default. + + **Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. + It is possible to use strategic merge patch to project the service account token into the 'prometheus' container. + type: boolean + bodySizeLimit: + description: |- + bodySizeLimit defines per-scrape on response body size. + Only valid in Prometheus versions 2.45.0 and newer. + + Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit. + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string + configMaps: + description: |- + configMaps defines a list of ConfigMaps in the same namespace as the Prometheus + object, which shall be mounted into the Prometheus Pods. + Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. + The ConfigMaps are mounted into /etc/prometheus/configmaps/ in the 'prometheus' container. + items: + type: string + type: array + containers: + description: |- + containers allows injecting additional containers or modifying operator + generated containers. This can be used to allow adding an authentication + proxy to the Pods or to change the behavior of an operator generated + container. Containers described here modify an operator generated + container if they share the same name and modifications are done via a + strategic merge patch. + + The names of containers managed by the operator are: + * `prometheus` + * `config-reloader` + * `thanos-sidecar` + + Overriding containers which are managed by the operator require careful + testing, especially when upgrading to a new version of the operator. + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps or Secrets + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies a command to execute in + the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents a duration that the container + should sleep. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies a command to execute in + the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents a duration that the container + should sleep. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + description: |- + StopSignal defines which signal will be sent to a container when it is being stopped. + If not specified, the default is defined by the container runtime in use. + StopSignal can only be set for Pods with a non-empty .spec.os.name + type: string + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This overrides the pod-level restart policy. When this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Additionally, setting the RestartPolicy as "Always" for the init container will + have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + restartPolicyRules: + description: |- + Represents a list of rules to be checked to determine if the + container should be restarted on exit. The rules are evaluated in + order. Once a rule matches a container exit condition, the remaining + rules are ignored. If no rule matches the container exit condition, + the Container-level restart policy determines the whether the container + is restarted or not. Constraints on the rules: + - At most 20 rules are allowed. + - Rules can have the same action. + - Identical rules are not forbidden in validations. + When rules are specified, container MUST set RestartPolicy explicitly + even it if matches the Pod's RestartPolicy. + items: + description: ContainerRestartRule describes how a container + exit is handled. + properties: + action: + description: |- + Specifies the action taken on a container exit if the requirements + are satisfied. The only possible value is "Restart" to restart the + container. + type: string + exitCodes: + description: Represents the exit codes to check on container + exits. + properties: + operator: + description: |- + Represents the relationship between the container exit code(s) and the + specified values. Possible values are: + - In: the requirement is satisfied if the container exit code is in the + set of specified values. + - NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + type: string + values: + description: |- + Specifies the set of values to check for container exit codes. + At most 255 elements are allowed. + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + type: object + required: + - action + type: object + type: array + x-kubernetes-list-type: atomic + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + convertClassicHistogramsToNHCB: + description: |- + convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native + histogram with custom buckets. + + It requires Prometheus >= v3.4.0. + type: boolean + dnsConfig: + description: dnsConfig defines the DNS configuration for the pods. + properties: + nameservers: + description: |- + nameservers defines the list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + options: + description: |- + options defines the list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. + properties: + name: + description: name is required and must be unique. + minLength: 1 + type: string + value: + description: value is optional. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + searches: + description: |- + searches defines the list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + type: object + dnsPolicy: + description: dnsPolicy defines the DNS policy for the pods. + enum: + - ClusterFirstWithHostNet + - ClusterFirst + - Default + - None + type: string + enableFeatures: + description: |- + enableFeatures enables access to Prometheus feature flags. By default, no features are enabled. + + Enabling features which are disabled by default is entirely outside the + scope of what the maintainers will support and by doing so, you accept + that this behaviour may break at any time without notice. + + For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + enableOTLPReceiver: + description: |- + enableOTLPReceiver defines the Prometheus to be used as a receiver for the OTLP Metrics protocol. + + Note that the OTLP receiver endpoint is automatically enabled if `.spec.otlpConfig` is defined. + + It requires Prometheus >= v2.47.0. + type: boolean + enableRemoteWriteReceiver: + description: |- + enableRemoteWriteReceiver defines the Prometheus to be used as a receiver for the Prometheus remote + write protocol. + + WARNING: This is not considered an efficient way of ingesting samples. + Use it with caution for specific low-volume use cases. + It is not suitable for replacing the ingestion via scraping and turning + Prometheus into a push-based metrics collection system. + For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver + + It requires Prometheus >= v2.33.0. + type: boolean + enableServiceLinks: + description: enableServiceLinks defines whether information about + services should be injected into pod's environment variables + type: boolean + enforcedBodySizeLimit: + description: |- + enforcedBodySizeLimit when defined specifies a global limit on the size + of uncompressed response body that will be accepted by Prometheus. + Targets responding with a body larger than this many bytes will cause + the scrape to fail. + + It requires Prometheus >= v2.28.0. + + When both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply: + * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`. + * Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value. + * Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit. + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string + enforcedKeepDroppedTargets: + description: |- + enforcedKeepDroppedTargets when defined specifies a global limit on the number of targets + dropped by relabeling that will be kept in memory. The value overrides + any `spec.keepDroppedTargets` set by + ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is + greater than zero and less than `spec.enforcedKeepDroppedTargets`. + + It requires Prometheus >= v2.47.0. + + When both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply: + * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`. + * Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value. + * Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets. + format: int64 + type: integer + enforcedLabelLimit: + description: |- + enforcedLabelLimit when defined specifies a global limit on the number + of labels per sample. The value overrides any `spec.labelLimit` set by + ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is + greater than zero and less than `spec.enforcedLabelLimit`. + + It requires Prometheus >= v2.27.0. + + When both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply: + * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`. + * Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value. + * Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit. + format: int64 + type: integer + enforcedLabelNameLengthLimit: + description: |- + enforcedLabelNameLengthLimit when defined specifies a global limit on the length + of labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by + ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is + greater than zero and less than `spec.enforcedLabelNameLengthLimit`. + + It requires Prometheus >= v2.27.0. + + When both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply: + * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`. + * Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value. + * Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit. + format: int64 + type: integer + enforcedLabelValueLengthLimit: + description: |- + enforcedLabelValueLengthLimit when not null defines a global limit on the length + of labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by + ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is + greater than zero and less than `spec.enforcedLabelValueLengthLimit`. + + It requires Prometheus >= v2.27.0. + + When both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply: + * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`. + * Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value. + * Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit. + format: int64 + type: integer + enforcedNamespaceLabel: + description: |- + enforcedNamespaceLabel when not empty, a label will be added to: + + 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects. + 2. All metrics generated from recording rules defined in `PrometheusRule` objects. + 3. All alerts generated from alerting rules defined in `PrometheusRule` objects. + 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects. + + The label will not added for objects referenced in `spec.excludedFromEnforcement`. + + The label's name is this field's value. + The label's value is the namespace of the `ServiceMonitor`, + `PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object. + type: string + enforcedSampleLimit: + description: |- + enforcedSampleLimit when defined specifies a global limit on the number + of scraped samples that will be accepted. This overrides any + `spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects + unless `spec.sampleLimit` is greater than zero and less than + `spec.enforcedSampleLimit`. + + It is meant to be used by admins to keep the overall number of + samples/series under a desired limit. + + When both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply: + * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`. + * Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value. + * Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit. + format: int64 + type: integer + enforcedTargetLimit: + description: |- + enforcedTargetLimit when defined specifies a global limit on the number + of scraped targets. The value overrides any `spec.targetLimit` set by + ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is + greater than zero and less than `spec.enforcedTargetLimit`. + + It is meant to be used by admins to to keep the overall number of + targets under a desired limit. + + When both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply: + * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`. + * Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value. + * Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit. + format: int64 + type: integer + excludedFromEnforcement: + description: |- + excludedFromEnforcement defines the list of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects + to be excluded from enforcing a namespace label of origin. + + It is only applicable if `spec.enforcedNamespaceLabel` set to true. + items: + description: ObjectReference references a PodMonitor, ServiceMonitor, + Probe or PrometheusRule object. + properties: + group: + default: monitoring.coreos.com + description: group of the referent. When not specified, it defaults + to `monitoring.coreos.com` + enum: + - monitoring.coreos.com + type: string + name: + description: name of the referent. When not set, all resources + in the namespace are matched. + type: string + namespace: + description: |- + namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + minLength: 1 + type: string + resource: + description: resource of the referent. + enum: + - prometheusrules + - servicemonitors + - podmonitors + - probes + - scrapeconfigs + type: string + required: + - namespace + - resource + type: object + type: array + externalLabels: + additionalProperties: + type: string + description: |- + externalLabels defines the labels to add to any time series or alerts when communicating with + external systems (federation, remote storage, Alertmanager). + Labels defined by `spec.replicaExternalLabelName` and + `spec.prometheusExternalLabelName` take precedence over this list. + type: object + externalUrl: + description: |- + externalUrl defines the external URL under which the Prometheus service is externally + available. This is necessary to generate correct URLs (for instance if + Prometheus is accessible behind an Ingress resource). + type: string + hostAliases: + description: |- + hostAliases defines the optional list of hosts and IPs that will be injected into the Pod's + hosts file if specified. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: hostnames defines hostnames for the above IP address. + items: + type: string + type: array + ip: + description: ip defines the IP address of the host file entry. + type: string + required: + - hostnames + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostNetwork: + description: |- + hostNetwork defines the host's network namespace if true. + + Make sure to understand the security implications if you want to enable + it (https://kubernetes.io/docs/concepts/configuration/overview/ ). + + When hostNetwork is enabled, this will set the DNS policy to + `ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set + to a different value). + type: boolean + hostUsers: + description: |- + hostUsers supports the user space in Kubernetes. + + More info: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/ + + The feature requires at least Kubernetes 1.28 with the `UserNamespacesSupport` feature gate enabled. + Starting Kubernetes 1.33, the feature is enabled by default. + type: boolean + ignoreNamespaceSelectors: + description: |- + ignoreNamespaceSelectors when true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor + and Probe objects will be ignored. They will only discover targets + within the namespace of the PodMonitor, ServiceMonitor and Probe + object. + type: boolean + image: + description: |- + image defines the container image name for Prometheus. If specified, it takes precedence + over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. + + Specifying `spec.version` is still necessary to ensure the Prometheus + Operator knows which version of Prometheus is being configured. + + If neither `spec.image` nor `spec.baseImage` are defined, the operator + will use the latest upstream version of Prometheus available at the time + when the operator was released. + type: string + imagePullPolicy: + description: |- + imagePullPolicy defines the image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers. + See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. + enum: + - "" + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: |- + imagePullSecrets defines an optional list of references to Secrets in the same namespace + to use for pulling images from registries. + See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + initContainers allows injecting initContainers to the Pod definition. Those + can be used to e.g. fetch secrets for injection into the Prometheus + configuration from external sources. Any errors during the execution of + an initContainer will lead to a restart of the Pod. More info: + https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + InitContainers described here modify an operator generated init + containers if they share the same name and modifications are done via a + strategic merge patch. + + The names of init container name managed by the operator are: + * `init-config-reloader`. + + Overriding init containers which are managed by the operator require + careful testing, especially when upgrading to a new version of the + operator. + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps or Secrets + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies a command to execute in + the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents a duration that the container + should sleep. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies a command to execute in + the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents a duration that the container + should sleep. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + description: |- + StopSignal defines which signal will be sent to a container when it is being stopped. + If not specified, the default is defined by the container runtime in use. + StopSignal can only be set for Pods with a non-empty .spec.os.name + type: string + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This overrides the pod-level restart policy. When this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Additionally, setting the RestartPolicy as "Always" for the init container will + have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + restartPolicyRules: + description: |- + Represents a list of rules to be checked to determine if the + container should be restarted on exit. The rules are evaluated in + order. Once a rule matches a container exit condition, the remaining + rules are ignored. If no rule matches the container exit condition, + the Container-level restart policy determines the whether the container + is restarted or not. Constraints on the rules: + - At most 20 rules are allowed. + - Rules can have the same action. + - Identical rules are not forbidden in validations. + When rules are specified, container MUST set RestartPolicy explicitly + even it if matches the Pod's RestartPolicy. + items: + description: ContainerRestartRule describes how a container + exit is handled. + properties: + action: + description: |- + Specifies the action taken on a container exit if the requirements + are satisfied. The only possible value is "Restart" to restart the + container. + type: string + exitCodes: + description: Represents the exit codes to check on container + exits. + properties: + operator: + description: |- + Represents the relationship between the container exit code(s) and the + specified values. Possible values are: + - In: the requirement is satisfied if the container exit code is in the + set of specified values. + - NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + type: string + values: + description: |- + Specifies the set of values to check for container exit codes. + At most 255 elements are allowed. + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + type: object + required: + - action + type: object + type: array + x-kubernetes-list-type: atomic + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + keepDroppedTargets: + description: |- + keepDroppedTargets defines the per-scrape limit on the number of targets dropped by relabeling + that will be kept in memory. 0 means no limit. + + It requires Prometheus >= v2.47.0. + + Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets. + format: int64 + type: integer + labelLimit: + description: |- + labelLimit defines per-scrape limit on number of labels that will be accepted for a sample. + Only valid in Prometheus versions 2.45.0 and newer. + + Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit. + format: int64 + type: integer + labelNameLengthLimit: + description: |- + labelNameLengthLimit defines the per-scrape limit on length of labels name that will be accepted for a sample. + Only valid in Prometheus versions 2.45.0 and newer. + + Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit. + format: int64 + type: integer + labelValueLengthLimit: + description: |- + labelValueLengthLimit defines the per-scrape limit on length of labels value that will be accepted for a sample. + Only valid in Prometheus versions 2.45.0 and newer. + + Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit. + format: int64 + type: integer + listenLocal: + description: |- + listenLocal when true, the Prometheus server listens on the loopback address + instead of the Pod IP's address. + type: boolean + logFormat: + description: logFormat for Log level for Prometheus and the config-reloader + sidecar. + enum: + - "" + - logfmt + - json + type: string + logLevel: + description: logLevel for Prometheus and the config-reloader sidecar. + enum: + - "" + - debug + - info + - warn + - error + type: string + maximumStartupDurationSeconds: + description: |- + maximumStartupDurationSeconds defines the maximum time that the `prometheus` container's startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete. + If set, the value should be greater than 60 (seconds). Otherwise it will be equal to 900 seconds (15 minutes). + format: int32 + minimum: 60 + type: integer + minReadySeconds: + description: |- + minReadySeconds defines the minimum number of seconds for which a newly created Pod should be ready + without any of its container crashing for it to be considered available. + + If unset, pods will be considered available as soon as they are ready. + format: int32 + minimum: 0 + type: integer + mode: + description: |- + mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). + + (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. + enum: + - StatefulSet + - DaemonSet + type: string + nameEscapingScheme: + description: |- + nameEscapingScheme defines the character escaping scheme that will be requested when scraping + for metric and label names that do not conform to the legacy Prometheus + character set. + + It requires Prometheus >= v3.4.0. + enum: + - AllowUTF8 + - Underscores + - Dots + - Values + type: string + nameValidationScheme: + description: |- + nameValidationScheme defines the validation scheme for metric and label names. + + It requires Prometheus >= v2.55.0. + enum: + - UTF8 + - Legacy + type: string + nodeSelector: + additionalProperties: + type: string + description: nodeSelector defines on which Nodes the Pods are scheduled. + type: object + otlp: + description: |- + otlp defines the settings related to the OTLP receiver feature. + It requires Prometheus >= v2.55.0. + properties: + convertHistogramsToNHCB: + description: |- + convertHistogramsToNHCB defines optional translation of OTLP explicit bucket histograms into native histograms with custom buckets. + It requires Prometheus >= v3.4.0. + type: boolean + ignoreResourceAttributes: + description: |- + ignoreResourceAttributes defines the list of OpenTelemetry resource attributes to ignore when `promoteAllResourceAttributes` is true. + + It requires `promoteAllResourceAttributes` to be true. + It requires Prometheus >= v3.5.0. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + keepIdentifyingResourceAttributes: + description: |- + keepIdentifyingResourceAttributes enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean + promoteAllResourceAttributes: + description: |- + promoteAllResourceAttributes promotes all resource attributes to metric labels except the ones defined in `ignoreResourceAttributes`. + + Cannot be true when `promoteResourceAttributes` is defined. + It requires Prometheus >= v3.5.0. + type: boolean + promoteResourceAttributes: + description: |- + promoteResourceAttributes defines the list of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. + Cannot be defined when `promoteAllResourceAttributes` is true. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + promoteScopeMetadata: + description: |- + promoteScopeMetadata controls whether to promote OpenTelemetry scope metadata (i.e. name, version, schema URL, and attributes) to metric labels. + As per the OpenTelemetry specification, the aforementioned scope metadata should be identifying, i.e. made into metric labels. + It requires Prometheus >= v3.6.0. + type: boolean + translationStrategy: + description: |- + translationStrategy defines how the OTLP receiver endpoint translates the incoming metrics. + + It requires Prometheus >= v3.0.0. + enum: + - NoUTF8EscapingWithSuffixes + - UnderscoreEscapingWithSuffixes + - NoTranslation + - UnderscoreEscapingWithoutSuffixes + type: string + type: object + overrideHonorLabels: + description: |- + overrideHonorLabels when true, Prometheus resolves label conflicts by renaming the labels in the scraped data + to “exported_” for all targets created from ServiceMonitor, PodMonitor and + ScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies. + In practice,`OverrideHonorLabels:true` enforces `honorLabels:false` + for all ServiceMonitor, PodMonitor and ScrapeConfig objects. + type: boolean + overrideHonorTimestamps: + description: |- + overrideHonorTimestamps when true, Prometheus ignores the timestamps for all the targets created + from service and pod monitors. + Otherwise the HonorTimestamps field of the service or pod monitor applies. + type: boolean + paused: + description: |- + paused defines when a Prometheus deployment is paused, no actions except for deletion + will be performed on the underlying objects. + type: boolean + persistentVolumeClaimRetentionPolicy: + description: |- + persistentVolumeClaimRetentionPolicy defines the field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. + The default behavior is all PVCs are retained. + This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. + It requires enabling the StatefulSetAutoDeletePVC feature gate. + properties: + whenDeleted: + description: |- + WhenDeleted specifies what happens to PVCs created from StatefulSet + VolumeClaimTemplates when the StatefulSet is deleted. The default policy + of `Retain` causes PVCs to not be affected by StatefulSet deletion. The + `Delete` policy causes those PVCs to be deleted. + type: string + whenScaled: + description: |- + WhenScaled specifies what happens to PVCs created from StatefulSet + VolumeClaimTemplates when the StatefulSet is scaled down. The default + policy of `Retain` causes PVCs to not be affected by a scaledown. The + `Delete` policy causes the associated PVCs for any excess pods above + the replica count to be deleted. + type: string + type: object + podManagementPolicy: + description: |- + podManagementPolicy defines the policy for creating/deleting pods when + scaling up and down. + + Unlike the default StatefulSet behavior, the default policy is + `Parallel` to avoid manual intervention in case a pod gets stuck during + a rollout. + + Note that updating this value implies the recreation of the StatefulSet + which incurs a service outage. + enum: + - OrderedReady + - Parallel + type: string + podMetadata: + description: |- + podMetadata defines labels and annotations which are propagated to the Prometheus pods. + + The following items are reserved and cannot be overridden: + * "prometheus" label, set to the name of the Prometheus object. + * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. + * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". + * "app.kubernetes.io/name" label, set to "prometheus". + * "app.kubernetes.io/version" label, set to the Prometheus version. + * "operator.prometheus.io/name" label, set to the name of the Prometheus object. + * "operator.prometheus.io/shard" label, set to the shard number of the Prometheus object. + * "kubectl.kubernetes.io/default-container" annotation, set to "prometheus". + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations defines an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + type: object + labels: + additionalProperties: + type: string + description: |- + labels define the map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + name: + description: |- + name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/ + type: string + type: object + podMonitorNamespaceSelector: + description: |- + podMonitorNamespaceSelector defines the namespaces to match for PodMonitors discovery. An empty label selector + matches all namespaces. A null label selector (default value) matches the current + namespace only. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + podMonitorSelector: + description: |- + podMonitorSelector defines the podMonitors to be selected for target discovery. An empty label selector + matches all objects. A null label selector matches no objects. + + If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` + and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. + The Prometheus operator will ensure that the Prometheus configuration's + Secret exists, but it is the responsibility of the user to provide the raw + gzipped Prometheus configuration under the `prometheus.yaml.gz` key. + This behavior is *deprecated* and will be removed in the next major version + of the custom resource definition. It is recommended to use + `spec.additionalScrapeConfigs` instead. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + podTargetLabels: + description: |- + podTargetLabels are appended to the `spec.podTargetLabels` field of all + PodMonitor and ServiceMonitor objects. + items: + type: string + type: array + portName: + default: web + description: |- + portName used for the pods and governing service. + Default: "web" + type: string + priorityClassName: + description: priorityClassName assigned to the Pods. + type: string + probeNamespaceSelector: + description: |- + probeNamespaceSelector defines the namespaces to match for Probe discovery. An empty label + selector matches all namespaces. A null label selector matches the + current namespace only. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + probeSelector: + description: |- + probeSelector defines the probes to be selected for target discovery. An empty label selector + matches all objects. A null label selector matches no objects. + + If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` + and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. + The Prometheus operator will ensure that the Prometheus configuration's + Secret exists, but it is the responsibility of the user to provide the raw + gzipped Prometheus configuration under the `prometheus.yaml.gz` key. + This behavior is *deprecated* and will be removed in the next major version + of the custom resource definition. It is recommended to use + `spec.additionalScrapeConfigs` instead. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + prometheusExternalLabelName: + description: |- + prometheusExternalLabelName defines the name of Prometheus external label used to denote the Prometheus instance + name. The external label will _not_ be added when the field is set to + the empty string (`""`). + + Default: "prometheus" + type: string + reloadStrategy: + description: |- + reloadStrategy defines the strategy used to reload the Prometheus configuration. + If not specified, the configuration is reloaded using the /-/reload HTTP endpoint. + enum: + - HTTP + - ProcessSignal + type: string + remoteWrite: + description: remoteWrite defines the list of remote write configurations. + items: + description: |- + RemoteWriteSpec defines the configuration to write samples from Prometheus + to a remote endpoint. + properties: + authorization: + description: |- + authorization section for the URL. + + It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. + + Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: credentialsFile defines the file to read a + secret from, mutually exclusive with `credentials`. + type: string + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + azureAd: + description: |- + azureAd for the URL. + + It requires Prometheus >= v2.45.0 or Thanos >= v0.31.0. + + Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`. + properties: + cloud: + description: cloud defines the Azure Cloud. Options are + 'AzurePublic', 'AzureChina', or 'AzureGovernment'. + enum: + - AzureChina + - AzureGovernment + - AzurePublic + type: string + managedIdentity: + description: |- + managedIdentity defines the Azure User-assigned Managed identity. + Cannot be set at the same time as `oauth`, `sdk` or `workloadIdentity`. + properties: + clientId: + description: |- + clientId defines the Azure User-assigned Managed identity. + + For Prometheus >= 3.5.0 and Thanos >= 0.40.0, this field is allowed to be empty to support system-assigned managed identities. + minLength: 1 + type: string + type: object + oauth: + description: |- + oauth defines the oauth config that is being used to authenticate. + Cannot be set at the same time as `managedIdentity`, `sdk` or `workloadIdentity`. + + It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0. + properties: + clientId: + description: clientId defines the clientId of the Azure + Active Directory application that is being used to + authenticate. + minLength: 1 + type: string + clientSecret: + description: clientSecret specifies a key of a Secret + containing the client secret of the Azure Active Directory + application that is being used to authenticate. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tenantId: + description: tenantId is the tenant ID of the Azure + Active Directory application that is being used to + authenticate. + minLength: 1 + pattern: ^[0-9a-zA-Z-.]+$ + type: string + required: + - clientId + - clientSecret + - tenantId + type: object + scope: + description: |- + scope is the custom OAuth 2.0 scope to request when acquiring tokens. + It requires Prometheus >= 3.9.0. Currently not supported by Thanos. + pattern: ^[\w\s:/.\\-]+$ + type: string + sdk: + description: |- + sdk defines the Azure SDK config that is being used to authenticate. + See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication + Cannot be set at the same time as `oauth`, `managedIdentity` or `workloadIdentity`. + + It requires Prometheus >= v2.52.0 or Thanos >= v0.36.0. + properties: + tenantId: + description: tenantId defines the tenant ID of the azure + active directory application that is being used to + authenticate. + pattern: ^[0-9a-zA-Z-.]+$ + type: string + type: object + workloadIdentity: + description: |- + workloadIdentity defines the Azure Workload Identity authentication. + Cannot be set at the same time as `oauth`, `managedIdentity`, or `sdk`. + + It requires Prometheus >= 3.7.0. Currently not supported by Thanos. + properties: + clientId: + description: clientId is the clientID of the Azure Active + Directory application. + minLength: 1 + type: string + tenantId: + description: tenantId is the tenant ID of the Azure + Active Directory application. + minLength: 1 + type: string + required: + - clientId + - tenantId + type: object + type: object + basicAuth: + description: |- + basicAuth configuration for the URL. + + Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerToken: + description: |- + bearerToken is deprecated: this will be removed in a future release. + *Warning: this field shouldn't be used because the token value appears + in clear-text. Prefer using `authorization`.* + type: string + bearerTokenFile: + description: |- + bearerTokenFile defines the file from which to read bearer token for the URL. + + Deprecated: this will be removed in a future release. Prefer using `authorization`. + type: string + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects defines whether HTTP requests follow HTTP 3xx redirects. + + It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. + type: boolean + headers: + additionalProperties: + type: string + description: |- + headers defines the custom HTTP headers to be sent along with each remote write request. + Be aware that headers that are set by Prometheus itself can't be overwritten. + + It requires Prometheus >= v2.25.0 or Thanos >= v0.24.0. + type: object + messageVersion: + description: |- + messageVersion defines the Remote Write message's version to use when writing to the endpoint. + + `Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0. + `Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0. + + When `Version2.0` is selected, Prometheus will automatically be + configured to append the metadata of scraped metrics to the WAL. + + Before setting this field, consult with your remote storage provider + what message version it supports. + + It requires Prometheus >= v2.54.0 or Thanos >= v0.37.0. + enum: + - V1.0 + - V2.0 + type: string + metadataConfig: + description: |- + metadataConfig defines how to send a series metadata to the remote storage. + + When the field is empty, **no metadata** is sent. But when the field is + null, metadata is sent. + properties: + maxSamplesPerSend: + description: |- + maxSamplesPerSend defines the maximum number of metadata samples per send. + + It requires Prometheus >= v2.29.0. + format: int32 + minimum: -1 + type: integer + send: + description: send defines whether metric metadata is sent + to the remote storage or not. + type: boolean + sendInterval: + description: sendInterval defines how frequently metric + metadata is sent to the remote storage. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + name: + description: |- + name of the remote write queue, it must be unique if specified. The + name is used in metrics and logging in order to differentiate queues. + + It requires Prometheus >= v2.15.0 or Thanos >= 0.24.0. + type: string + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 configuration for the URL. + + It requires Prometheus >= v2.27.0 or Thanos >= v0.24.0. + + Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + queueConfig: + description: queueConfig allows tuning of the remote write queue + parameters. + properties: + batchSendDeadline: + description: batchSendDeadline defines the maximum time + a sample will wait in buffer. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + capacity: + description: |- + capacity defines the number of samples to buffer per shard before we start + dropping them. + type: integer + maxBackoff: + description: maxBackoff defines the maximum retry delay. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + maxRetries: + description: maxRetries defines the maximum number of times + to retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: maxSamplesPerSend defines the maximum number + of samples per send. + type: integer + maxShards: + description: maxShards defines the maximum number of shards, + i.e. amount of concurrency. + type: integer + minBackoff: + description: minBackoff defines the initial retry delay. + Gets doubled for every retry. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + minShards: + description: minShards defines the minimum number of shards, + i.e. amount of concurrency. + type: integer + retryOnRateLimit: + description: |- + retryOnRateLimit defines the retry upon receiving a 429 status code from the remote-write storage. + + This is an *experimental feature*, it may change in any upcoming release + in a breaking way. + type: boolean + sampleAgeLimit: + description: |- + sampleAgeLimit drops samples older than the limit. + It requires Prometheus >= v2.50.0 or Thanos >= v0.32.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + remoteTimeout: + description: remoteTimeout defines the timeout for requests + to the remote write endpoint. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + roundRobinDNS: + description: "roundRobinDNS controls the DNS resolution behavior + for remote-write connections.\nWhen enabled:\n - The remote-write + mechanism will resolve the hostname via DNS.\n - It will + randomly select one of the resolved IP addresses and connect + to it.\n\nWhen disabled (default behavior):\n - The Go standard + library will handle hostname resolution.\n - It will attempt + connections to each resolved IP address sequentially.\n\nNote: + The connection timeout applies to the entire resolution and + connection process.\n\n\tIf disabled, the timeout is distributed + across all connection attempts.\n\nIt requires Prometheus + >= v3.1.0 or Thanos >= v0.38.0." + type: boolean + sendExemplars: + description: |- + sendExemplars enables sending of exemplars over remote write. Note that + exemplar-storage itself must be enabled using the `spec.enableFeatures` + option for exemplars to be scraped in the first place. + + It requires Prometheus >= v2.27.0 or Thanos >= v0.24.0. + type: boolean + sendNativeHistograms: + description: |- + sendNativeHistograms enables sending of native histograms, also known as sparse histograms + over remote write. + + It requires Prometheus >= v2.40.0 or Thanos >= v0.30.0. + type: boolean + sigv4: + description: |- + sigv4 defines the AWS's Signature Verification 4 for the URL. + + It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. + + Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`. + properties: + accessKey: + description: |- + accessKey defines the AWS API key. If not specified, the environment variable + `AWS_ACCESS_KEY_ID` is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: profile defines the named AWS profile used + to authenticate. + type: string + region: + description: region defines the AWS region. If blank, the + region from the default credentials chain used. + type: string + roleArn: + description: roleArn defines the named AWS profile used + to authenticate. + type: string + secretKey: + description: |- + secretKey defines the AWS API secret. If not specified, the environment + variable `AWS_SECRET_ACCESS_KEY` is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines the FIPS mode for the AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean + type: object + tlsConfig: + description: tlsConfig to use for the URL. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: caFile defines the path to the CA cert in the + Prometheus container to use for the targets. + type: string + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: certFile defines the path to the client cert + file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keyFile: + description: keyFile defines the path to the client key + file in the Prometheus container for the targets. + type: string + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + url: + description: |- + url defines the URL of the endpoint to send samples to. + + It must use the HTTP or HTTPS scheme. + pattern: ^(http|https)://.+$ + type: string + writeRelabelConfigs: + description: writeRelabelConfigs defines the list of remote + write relabel configurations. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression against + which the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + remoteWriteReceiverMessageVersions: + description: |- + remoteWriteReceiverMessageVersions list of the protobuf message versions to accept when receiving the + remote writes. + + It requires Prometheus >= v2.54.0. + items: + enum: + - V1.0 + - V2.0 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + replicaExternalLabelName: + description: |- + replicaExternalLabelName defines the name of Prometheus external label used to denote the replica name. + The external label will _not_ be added when the field is set to the + empty string (`""`). + + Default: "prometheus_replica" + type: string + replicas: + description: |- + replicas defines the number of replicas of each shard to deploy for a Prometheus deployment. + `spec.replicas` multiplied by `spec.shards` is the total number of Pods + created. + + Default: 1 + format: int32 + type: integer + resources: + description: resources defines the resources requests and limits of + the 'prometheus' container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + routePrefix: + description: |- + routePrefix defines the route prefix Prometheus registers HTTP handlers for. + + This is useful when using `spec.externalURL`, and a proxy is rewriting + HTTP routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + runtime: + description: runtime defines the values for the Prometheus process + behavior + properties: + goGC: + description: |- + goGC defines the Go garbage collection target percentage. Lowering this number may increase the CPU usage. + See: https://tip.golang.org/doc/gc-guide#GOGC + format: int32 + minimum: -1 + type: integer + type: object + sampleLimit: + description: |- + sampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + Only valid in Prometheus versions 2.45.0 and newer. + + Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit. + format: int64 + type: integer + schedulerName: + description: schedulerName defines the scheduler to use for Pod scheduling. + If not specified, the default scheduler is used. + minLength: 1 + type: string + scrapeClasses: + description: |- + scrapeClasses defines the list of scrape classes to expose to scraping objects such as + PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. + + This is an *experimental feature*, it may change in any upcoming release + in a breaking way. + items: + properties: + attachMetadata: + description: |- + attachMetadata defines additional metadata to the discovered targets. + When the scrape object defines its own configuration, it takes + precedence over the scrape class configuration. + properties: + node: + description: |- + node when set to true, Prometheus attaches node metadata to the discovered + targets. + + The Prometheus service account must have the `list` and `watch` + permissions on the `Nodes` objects. + type: boolean + type: object + authorization: + description: |- + authorization section for the ScrapeClass. + It will only apply if the scrape resource doesn't specify any Authorization. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: credentialsFile defines the file to read a + secret from, mutually exclusive with `credentials`. + type: string + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + default: + description: |- + default defines that the scrape applies to all scrape objects that + don't configure an explicit scrape class name. + + Only one scrape class can be set as the default. + type: boolean + fallbackScrapeProtocol: + description: |- + fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + metricRelabelings: + description: |- + metricRelabelings defines the relabeling rules to apply to all samples before ingestion. + + The Operator adds the scrape class metric relabelings defined here. + Then the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs. + Then the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression against + which the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + type: array + name: + description: name of the scrape class. + minLength: 1 + type: string + relabelings: + description: |- + relabelings defines the relabeling rules to apply to all scrape targets. + + The Operator automatically adds relabelings for a few standard Kubernetes fields + like `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`. + Then the Operator adds the scrape class relabelings defined here. + Then the Operator adds the target-specific relabelings defined in the scrape object. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression against + which the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for the scrape. When the + scrape objects define their own CA, certificate and/or key, they take + precedence over the corresponding scrape class fields. + + For now only the `caFile`, `certFile` and `keyFile` fields are supported. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: caFile defines the path to the CA cert in the + Prometheus container to use for the targets. + type: string + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: certFile defines the path to the client cert + file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keyFile: + description: keyFile defines the path to the client key + file in the Prometheus container for the targets. + type: string + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + scrapeClassicHistograms: + description: |- + scrapeClassicHistograms defines whether to scrape a classic histogram that is also exposed as a native histogram. + + Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration. + + It requires Prometheus >= v3.5.0. + type: boolean + scrapeConfigNamespaceSelector: + description: |- + scrapeConfigNamespaceSelector defines the namespaces to match for ScrapeConfig discovery. An empty label selector + matches all namespaces. A null label selector matches the current + namespace only. + + Note that the ScrapeConfig custom resource definition is currently at Alpha level. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + scrapeConfigSelector: + description: |- + scrapeConfigSelector defines the scrapeConfigs to be selected for target discovery. An empty label + selector matches all objects. A null label selector matches no objects. + + If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` + and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. + The Prometheus operator will ensure that the Prometheus configuration's + Secret exists, but it is the responsibility of the user to provide the raw + gzipped Prometheus configuration under the `prometheus.yaml.gz` key. + This behavior is *deprecated* and will be removed in the next major version + of the custom resource definition. It is recommended to use + `spec.additionalScrapeConfigs` instead. + + Note that the ScrapeConfig custom resource definition is currently at Alpha level. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + scrapeFailureLogFile defines the file to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string + scrapeInterval: + default: 30s + description: |- + scrapeInterval defines interval between consecutive scrapes. + + Default: "30s" + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + scrapeNativeHistograms: + description: |- + scrapeNativeHistograms defines whether to enable scraping of native histograms. + It requires Prometheus >= v3.8.0. + type: boolean + scrapeProtocols: + description: |- + scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the + protocols supported by Prometheus in order of preference (from most to least preferred). + + If unset, Prometheus uses its default value. + + It requires Prometheus >= v2.49.0. + + `PrometheusText1.0.0` requires Prometheus >= v3.0.0. + items: + description: |- + ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. + Supported values are: + * `OpenMetricsText0.0.1` + * `OpenMetricsText1.0.0` + * `PrometheusProto` + * `PrometheusText0.0.4` + * `PrometheusText1.0.0` + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + type: array + x-kubernetes-list-type: set + scrapeTimeout: + description: |- + scrapeTimeout defines the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + secrets: + description: |- + secrets defines a list of Secrets in the same namespace as the Prometheus + object, which shall be mounted into the Prometheus Pods. + Each Secret is added to the StatefulSet definition as a volume named `secret-`. + The Secrets are mounted into /etc/prometheus/secrets/ in the 'prometheus' container. + items: + type: string + type: array + x-kubernetes-list-type: set + securityContext: + description: |- + securityContext holds pod-level security attributes and common container settings. + This defaults to the default PodSecurityContext. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxChangePolicy: + description: |- + seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. + It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. + Valid values are "MountOption" and "Recursive". + + "Recursive" means relabeling of all files on all Pod volumes by the container runtime. + This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + This requires all Pods that share the same volume to use the same SELinux label. + It is not possible to share the same volume among privileged and unprivileged Pods. + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes + whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their + CSIDriver instance. Other volumes are always re-labelled recursively. + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. + If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes + and "Recursive" for all other volumes. + + This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. + + All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. + Note that this field cannot be set when spec.os.name is windows. + type: string + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: |- + serviceAccountName is the name of the ServiceAccount to use to run the + Prometheus Pods. + type: string + serviceDiscoveryRole: + description: |- + serviceDiscoveryRole defines the service discovery role used to discover targets from + `ServiceMonitor` objects and Alertmanager endpoints. + + If set, the value should be either "Endpoints" or "EndpointSlice". + If unset, the operator assumes the "Endpoints" role. + enum: + - Endpoints + - EndpointSlice + type: string + serviceMonitorNamespaceSelector: + description: |- + serviceMonitorNamespaceSelector defines the namespaces to match for ServicedMonitors discovery. An empty label selector + matches all namespaces. A null label selector (default value) matches the current + namespace only. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + serviceMonitorSelector: + description: |- + serviceMonitorSelector defines the serviceMonitors to be selected for target discovery. An empty label + selector matches all objects. A null label selector matches no objects. + + If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` + and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. + The Prometheus operator will ensure that the Prometheus configuration's + Secret exists, but it is the responsibility of the user to provide the raw + gzipped Prometheus configuration under the `prometheus.yaml.gz` key. + This behavior is *deprecated* and will be removed in the next major version + of the custom resource definition. It is recommended to use + `spec.additionalScrapeConfigs` instead. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + serviceName: + description: |- + serviceName defines the name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string + shards: + description: |- + shards defines the number of shards to distribute the scraped targets onto. + + `spec.replicas` multiplied by `spec.shards` is the total number of Pods + being created. + + When not defined, the operator assumes only one shard. + + Note that scaling down shards will not reshard data onto the remaining + instances, it must be manually moved. Increasing shards will not reshard + data either but it will continue to be available from the same + instances. To query globally, use either + * Thanos sidecar + querier for query federation and Thanos Ruler for rules. + * Remote-write to send metrics to a central location. + + By default, the sharding of targets is performed on: + * The `__address__` target's metadata label for PodMonitor, + ServiceMonitor and ScrapeConfig resources. + * The `__param_target__` label for Probe resources. + + Users can define their own sharding implementation by setting the + `__tmp_hash` label during the target discovery with relabeling + configuration (either in the monitoring resources or via scrape class). + + You can also disable sharding on a specific target by setting the + `__tmp_disable_sharding` label with relabeling configuration. When + the label value isn't empty, all Prometheus shards will scrape the target. + format: int32 + type: integer + storage: + description: storage defines the storage used by Prometheus. + properties: + disableMountSubPath: + description: 'disableMountSubPath deprecated: subPath usage will + be removed in a future release.' + type: boolean + emptyDir: + description: |- + emptyDir to be used by the StatefulSet. + If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral to be used by the StatefulSet. + This is a beta field in k8s 1.21 and GA in 1.15. + For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. + More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + Users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines the PVC spec to be used by the Prometheus StatefulSets. + The easiest way to use a volume that cannot be automatically provisioned + is to use a label selector alongside manually created PersistentVolumes. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: metadata defines EmbeddedMetadata contains metadata + relevant to an EmbeddedResource. + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations defines an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + type: object + labels: + additionalProperties: + type: string + description: |- + labels define the map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + name: + description: |- + name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/ + type: string + type: object + spec: + description: |- + spec defines the specification of the characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + Users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'status is deprecated: this field is never set.' + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the volume + in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller with + a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing the + volume but further resizing of\n\t\tvolume is needed + on the node.\n\t- NodeResizeInProgress:\n\t\tState set + when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState + set when resizing has failed in kubelet with a terminal + error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor + example: if expanding a PVC for more capacity - this + field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not set, + it means that no resize operation is in progress for + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion + capacity request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress and + if the actual volume capacity\nis equal or lower than + the requested capacity.\n\nA controller that receives + PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'Resizing'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "Resizing" that means the underlying + persistent volume is being resized. + type: string + status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required + type: string + type: + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as\n the specified VolumeAttributesClass not existing.\n + - InProgress\n InProgress indicates that the volume + is being modified.\n - Infeasible\n Infeasible + indicates that the request has been rejected as + invalid by the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be specified.\nNote: + New statuses can be added in the future. Consumers + should check for unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + targetLimit: + description: |- + targetLimit defines a limit on the number of scraped targets that will be accepted. + Only valid in Prometheus versions 2.45.0 and newer. + + Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit. + format: int64 + type: integer + terminationGracePeriodSeconds: + description: |- + terminationGracePeriodSeconds defines the optional duration in seconds the pod needs to terminate gracefully. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down) which may lead to data corruption. + + Defaults to 600 seconds. + format: int64 + minimum: 0 + type: integer + tolerations: + description: tolerations defines the Pods' tolerations if specified. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints defines the pod's topology + spread constraints if specified. + items: + properties: + additionalLabelSelectors: + description: additionalLabelSelectors Defines what Prometheus + Operator managed labels should be added to labelSelector on + the topologySpreadConstraint. + enum: + - OnResource + - OnShard + type: string + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + tracingConfig: + description: |- + tracingConfig defines tracing in Prometheus. + + This is an *experimental feature*, it may change in any upcoming release + in a breaking way. + properties: + clientType: + description: clientType defines the client used to export the + traces. Supported values are `HTTP` and `GRPC`. + enum: + - http + - grpc + - HTTP + - GRPC + type: string + compression: + description: compression key for supported compression types. + The only supported value is `Gzip`. + enum: + - gzip + - Gzip + type: string + endpoint: + description: endpoint to send the traces to. Should be provided + in format :. + minLength: 1 + type: string + headers: + additionalProperties: + type: string + description: headers defines the key-value pairs to be used as + headers associated with gRPC or HTTP requests. + type: object + insecure: + description: insecure if disabled, the client will use a secure + connection. + type: boolean + samplingFraction: + anyOf: + - type: integer + - type: string + description: samplingFraction defines the probability a given + trace will be sampled. Must be a float from 0 through 1. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + timeout: + description: timeout defines the maximum time the exporter will + wait for each batch export. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tlsConfig: + description: tlsConfig to use when sending traces. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: caFile defines the path to the CA cert in the + Prometheus container to use for the targets. + type: string + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: certFile defines the path to the client cert + file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keyFile: + description: keyFile defines the path to the client key file + in the Prometheus container for the targets. + type: string + keySecret: + description: keySecret defines the Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + required: + - endpoint + type: object + tsdb: + description: |- + tsdb defines the runtime reloadable configuration of the timeseries database(TSDB). + It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. + properties: + outOfOrderTimeWindow: + description: |- + outOfOrderTimeWindow defines how old an out-of-order/out-of-bounds sample can be with + respect to the TSDB max time. + + An out-of-order/out-of-bounds sample is ingested into the TSDB as long as + the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). + + This is an *experimental feature*, it may change in any upcoming release + in a breaking way. + + It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + updateStrategy: + description: |- + updateStrategy indicates the strategy that will be employed to update + Pods in the StatefulSet when a revision is made to statefulset's Pod + Template. + + The default strategy is RollingUpdate. + properties: + rollingUpdate: + description: rollingUpdate is used to communicate parameters when + type is RollingUpdate. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + maxUnavailable is the maximum number of pods that can be unavailable + during the update. The value can be an absolute number (ex: 5) or a + percentage of desired pods (ex: 10%). Absolute number is calculated from + percentage by rounding up. This can not be 0. Defaults to 1. This field + is alpha-level and is only honored by servers that enable the + MaxUnavailableStatefulSet feature. The field applies to all pods in the + range 0 to Replicas-1. That means if there is any unavailable pod in + the range 0 to Replicas-1, it will be counted towards MaxUnavailable. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + type indicates the type of the StatefulSetUpdateStrategy. + + Default is RollingUpdate. + enum: + - OnDelete + - RollingUpdate + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: rollingUpdate requires type to be RollingUpdate + rule: '!(self.type != ''RollingUpdate'' && has(self.rollingUpdate))' + version: + description: |- + version of Prometheus being deployed. The operator uses this information + to generate the Prometheus StatefulSet + configuration files. + + If not specified, the operator assumes the latest upstream version of + Prometheus available at the time when the version of the operator was + released. + type: string + volumeMounts: + description: |- + volumeMounts allows the configuration of additional VolumeMounts. + + VolumeMounts will be appended to other VolumeMounts in the 'prometheus' + container, that are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: |- + volumes allows the configuration of additional volumes on the output + StatefulSet definition. Volumes specified will be appended to other + volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree + awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers. + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name, namespace and uid + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + Users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. + properties: + endpoints: + description: endpoints is the endpoint name that details + Glusterfs topology. + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate + is on. + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podCertificate: + description: |- + Projects an auto-rotating credential bundle (private key and certificate + chain) that the pod can use either as a TLS client or server. + + Kubelet generates a private key and uses it to send a + PodCertificateRequest to the named signer. Once the signer approves the + request and issues a certificate chain, Kubelet writes the key and + certificate chain to the pod filesystem. The pod does not start until + certificates have been issued for each podCertificate projected volume + source in its spec. + + Kubelet will begin trying to rotate the certificate at the time indicated + by the signer using the PodCertificateRequest.Status.BeginRefreshAt + timestamp. + + Kubelet can write a single file, indicated by the credentialBundlePath + field, or separate files, indicated by the keyPath and + certificateChainPath fields. + + The credential bundle is a single file in PEM format. The first PEM + entry is the private key (in PKCS#8 format), and the remaining PEM + entries are the certificate chain issued by the signer (typically, + signers will return their certificate chain in leaf-to-root order). + + Prefer using the credential bundle format, since your application code + can read it atomically. If you use keyPath and certificateChainPath, + your application must make two separate file reads. If these coincide + with a certificate rotation, it is possible that the private key and leaf + certificate you read may not correspond to each other. Your application + will need to check for this condition, and re-read until they are + consistent. + + The named signer controls chooses the format of the certificate it + issues; consult the signer implementation's documentation to learn how to + use the certificates it issues. + properties: + certificateChainPath: + description: |- + Write the certificate chain at this path in the projected volume. + + Most applications should use credentialBundlePath. When using keyPath + and certificateChainPath, your application needs to check that the key + and leaf certificate are consistent, because it is possible to read the + files mid-rotation. + type: string + credentialBundlePath: + description: |- + Write the credential bundle at this path in the projected volume. + + The credential bundle is a single file that contains multiple PEM blocks. + The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private + key. + + The remaining blocks are CERTIFICATE blocks, containing the issued + certificate chain from the signer (leaf and any intermediates). + + Using credentialBundlePath lets your Pod's application code make a single + atomic read that retrieves a consistent key and certificate chain. If you + project them to separate files, your application code will need to + additionally check that the leaf certificate was issued to the key. + type: string + keyPath: + description: |- + Write the key at this path in the projected volume. + + Most applications should use credentialBundlePath. When using keyPath + and certificateChainPath, your application needs to check that the key + and leaf certificate are consistent, because it is possible to read the + files mid-rotation. + type: string + keyType: + description: |- + The type of keypair Kubelet will generate for the pod. + + Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384", + "ECDSAP521", and "ED25519". + type: string + maxExpirationSeconds: + description: |- + maxExpirationSeconds is the maximum lifetime permitted for the + certificate. + + Kubelet copies this value verbatim into the PodCertificateRequests it + generates for this projection. + + If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver + will reject values shorter than 3600 (1 hour). The maximum allowable + value is 7862400 (91 days). + + The signer implementation is then free to issue a certificate with any + lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 + seconds (1 hour). This constraint is enforced by kube-apiserver. + `kubernetes.io` signers will never issue certificates with a lifetime + longer than 24 hours. + format: int32 + type: integer + signerName: + description: Kubelet's generated CSRs will be + addressed to this signer. + type: string + userAnnotations: + additionalProperties: + type: string + description: |- + userAnnotations allow pod authors to pass additional information to + the signer implementation. Kubernetes does not restrict or validate this + metadata in any way. + + These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of + the PodCertificateRequest objects that Kubelet creates. + + Entries are subject to the same validation as object metadata annotations, + with the addition that all keys must be domain-prefixed. No restrictions + are placed on values, except an overall size limitation on the entire field. + + Signers should document the keys and values they support. Signers should + deny requests that contain keys they do not recognize. + type: object + required: + - keyType + - signerName + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + walCompression: + description: |- + walCompression defines the compression of the write-ahead log (WAL) using Snappy. + + WAL compression is enabled by default for Prometheus >= 2.20.0 + + Requires Prometheus v2.11.0 and above. + type: boolean + web: + description: web defines the configuration of the Prometheus web server. + properties: + httpConfig: + description: httpConfig defines HTTP parameters for web server. + properties: + headers: + description: headers defines a list of headers that can be + added to HTTP responses. + properties: + contentSecurityPolicy: + description: |- + contentSecurityPolicy defines the Content-Security-Policy header to HTTP responses. + Unset if blank. + type: string + strictTransportSecurity: + description: |- + strictTransportSecurity defines the Strict-Transport-Security header to HTTP responses. + Unset if blank. + Please make sure that you use this with care as this header might force + browsers to load Prometheus and the other applications hosted on the same + domain and subdomains over HTTPS. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + type: string + xContentTypeOptions: + description: |- + xContentTypeOptions defines the X-Content-Type-Options header to HTTP responses. + Unset if blank. Accepted value is nosniff. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + enum: + - "" + - NoSniff + type: string + xFrameOptions: + description: |- + xFrameOptions defines the X-Frame-Options header to HTTP responses. + Unset if blank. Accepted values are deny and sameorigin. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + enum: + - "" + - Deny + - SameOrigin + type: string + xXSSProtection: + description: |- + xXSSProtection defines the X-XSS-Protection header to all responses. + Unset if blank. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection + type: string + type: object + http2: + description: |- + http2 enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. + When TLSConfig is not configured, HTTP/2 will be disabled. + Whenever the value of the field changes, a rolling update will be triggered. + type: boolean + type: object + maxConnections: + description: |- + maxConnections defines the maximum number of simultaneous connections + A zero value means that Prometheus doesn't accept any incoming connection. + format: int32 + minimum: 0 + type: integer + pageTitle: + description: pageTitle defines the prometheus web page title. + type: string + tlsConfig: + description: tlsConfig defines the TLS parameters for HTTPS. + properties: + cert: + description: |- + cert defines the Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: |- + certFile defines the path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. + type: string + cipherSuites: + description: |- + cipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants + items: + type: string + type: array + client_ca: + description: |- + client_ca defines the Secret or ConfigMap containing the CA certificate for client certificate + authentication to the server. + + It is mutually exclusive with `clientCAFile`. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientAuthType: + description: |- + clientAuthType defines the server policy for client TLS authentication. + + For more detail on clientAuth options: + https://golang.org/pkg/crypto/tls/#ClientAuthType + type: string + clientCAFile: + description: |- + clientCAFile defines the path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. + type: string + curvePreferences: + description: |- + curvePreferences defines elliptic curves that will be used in an ECDHE handshake, in preference + order. + + Available curves are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#CurveID + items: + type: string + type: array + keyFile: + description: |- + keyFile defines the path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. + type: string + keySecret: + description: |- + keySecret defines the secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: maxVersion defines the Maximum TLS version that + is acceptable. + type: string + minVersion: + description: minVersion defines the minimum TLS version that + is acceptable. + type: string + preferServerCipherSuites: + description: |- + preferServerCipherSuites defines whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in + the order of elements in cipherSuites, is used. + type: boolean + type: object + type: object + type: object + x-kubernetes-validations: + - message: replicas cannot be set when mode is DaemonSet + rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.replicas))' + - message: storage cannot be set when mode is DaemonSet + rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.storage))' + - message: shards cannot be greater than 1 when mode is DaemonSet + rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.shards) + && self.shards > 1)' + - message: persistentVolumeClaimRetentionPolicy cannot be set when mode + is DaemonSet + rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.persistentVolumeClaimRetentionPolicy))' + - message: scrapeConfigSelector cannot be set when mode is DaemonSet + rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.scrapeConfigSelector))' + - message: probeSelector cannot be set when mode is DaemonSet + rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.probeSelector))' + - message: scrapeConfigNamespaceSelector cannot be set when mode is DaemonSet + rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.scrapeConfigNamespaceSelector))' + - message: probeNamespaceSelector cannot be set when mode is DaemonSet + rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.probeNamespaceSelector))' + - message: serviceMonitorSelector cannot be set when mode is DaemonSet + rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.serviceMonitorSelector))' + - message: serviceMonitorNamespaceSelector cannot be set when mode is + DaemonSet + rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.serviceMonitorNamespaceSelector))' + - message: additionalScrapeConfigs cannot be set when mode is DaemonSet + rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.additionalScrapeConfigs))' + status: + description: |- + status defines the most recent observed status of the Prometheus cluster. Read-only. + More info: + https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + availableReplicas: + description: |- + availableReplicas defines the total number of available pods (ready for at least minReadySeconds) + targeted by this Prometheus deployment. + format: int32 + type: integer + conditions: + description: conditions defines the current state of the Prometheus + deployment. + items: + description: |- + Condition represents the state of the resources associated with the + Prometheus, Alertmanager or ThanosRuler resource. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status property. + format: date-time + type: string + message: + description: message defines human-readable message indicating + details for the condition's last transition. + type: string + observedGeneration: + description: |- + observedGeneration defines the .metadata.generation that the + condition was set based upon. For instance, if `.metadata.generation` is + currently 12, but the `.status.conditions[].observedGeneration` is 9, the + condition is out of date with respect to the current state of the + instance. + format: int64 + type: integer + reason: + description: reason for the condition's last transition. + type: string + status: + description: status of the condition. + minLength: 1 + type: string + type: + description: type of the condition being reported. + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + paused: + description: |- + paused defines whether any actions on the underlying managed objects are + being performed. Only delete actions will be performed. + type: boolean + replicas: + description: |- + replicas defines the total number of non-terminated pods targeted by this Prometheus deployment + (their labels match the selector). + format: int32 + type: integer + selector: + description: selector used to match the pods targeted by this Prometheus + resource. + type: string + shardStatuses: + description: shardStatuses defines the list has one entry per shard. + Each entry provides a summary of the shard status. + items: + properties: + availableReplicas: + description: |- + availableReplicas defines the total number of available pods (ready for at least minReadySeconds) + targeted by this shard. + format: int32 + type: integer + replicas: + description: replicas defines the total number of pods targeted + by this shard. + format: int32 + type: integer + shardID: + description: shardID defines the identifier of the shard. + type: string + unavailableReplicas: + description: unavailableReplicas defines the Total number of + unavailable pods targeted by this shard. + format: int32 + type: integer + updatedReplicas: + description: |- + updatedReplicas defines the total number of non-terminated pods targeted by this shard + that have the desired spec. + format: int32 + type: integer + required: + - availableReplicas + - replicas + - shardID + - unavailableReplicas + - updatedReplicas + type: object + type: array + x-kubernetes-list-map-keys: + - shardID + x-kubernetes-list-type: map + shards: + description: shards defines the most recently observed number of shards. + format: int32 + type: integer + unavailableReplicas: + description: unavailableReplicas defines the total number of unavailable + pods targeted by this Prometheus deployment. + format: int32 + type: integer + updatedReplicas: + description: |- + updatedReplicas defines the total number of non-terminated pods targeted by this Prometheus deployment + that have the desired version spec. + format: int32 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.shards + statusReplicasPath: .status.shards + status: {} diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml new file mode 100644 index 0000000..7a6a832 --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml @@ -0,0 +1,13720 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + operator.prometheus.io/version: 0.90.1 + name: prometheuses.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Prometheus + listKind: PrometheusList + plural: prometheuses + shortNames: + - prom + singular: prometheus + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Prometheus + jsonPath: .spec.version + name: Version + type: string + - description: The number of desired replicas + jsonPath: .spec.replicas + name: Desired + type: integer + - description: The number of ready replicas + jsonPath: .status.availableReplicas + name: Ready + type: integer + - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status + name: Reconciled + type: string + - jsonPath: .status.conditions[?(@.type == 'Available')].status + name: Available + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Whether the resource reconciliation is paused or not + jsonPath: .status.paused + name: Paused + priority: 1 + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: |- + The `Prometheus` custom resource definition (CRD) defines a desired [Prometheus](https://prometheus.io/docs/prometheus) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage, and Alertmanagers where firing alerts should be sent and many more. + + For each `Prometheus` resource, the Operator deploys one or several `StatefulSet` objects in the same namespace. The number of StatefulSets is equal to the number of shards which is 1 by default. + + The resource defines via label and namespace selectors which `ServiceMonitor`, `PodMonitor`, `Probe` and `PrometheusRule` objects should be associated to the deployed Prometheus instances. + + The Operator continuously reconciles the scrape and rules configuration and a sidecar container running in the Prometheus pods triggers a reload of the configuration when needed. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + spec defines the specification of the desired behavior of the Prometheus cluster. More info: + https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + additionalAlertManagerConfigs: + description: |- + additionalAlertManagerConfigs defines a key of a Secret containing + additional Prometheus Alertmanager configurations. The Alertmanager + configurations are appended to the configuration generated by the + Prometheus Operator. They must be formatted according to the official + Prometheus documentation: + + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config + + The user is responsible for making sure that the configurations are valid + + Note that using this feature may expose the possibility to break + upgrades of Prometheus. It is advised to review Prometheus release notes + to ensure that no incompatible AlertManager configs are going to break + Prometheus after the upgrade. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + additionalAlertRelabelConfigs: + description: |- + additionalAlertRelabelConfigs defines a key of a Secret containing + additional Prometheus alert relabel configurations. The alert relabel + configurations are appended to the configuration generated by the + Prometheus Operator. They must be formatted according to the official + Prometheus documentation: + + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs + + The user is responsible for making sure that the configurations are valid + + Note that using this feature may expose the possibility to break + upgrades of Prometheus. It is advised to review Prometheus release notes + to ensure that no incompatible alert relabel configs are going to break + Prometheus after the upgrade. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + additionalArgs: + description: |- + additionalArgs allows setting additional arguments for the 'prometheus' container. + + It is intended for e.g. activating hidden flags which are not supported by + the dedicated configuration options yet. The arguments are passed as-is to the + Prometheus container which may cause issues if they are invalid or not supported + by the given Prometheus version. + + In case of an argument conflict (e.g. an argument which is already set by the + operator itself) or when providing an invalid argument, the reconciliation will + fail and an error will be logged. + items: + description: Argument as part of the AdditionalArgs list. + properties: + name: + description: name of the argument, e.g. "scrape.discovery-reload-interval". + minLength: 1 + type: string + value: + description: value defines the argument value, e.g. 30s. Can + be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile) + type: string + required: + - name + type: object + type: array + additionalScrapeConfigs: + description: |- + additionalScrapeConfigs allows specifying a key of a Secret containing + additional Prometheus scrape configurations. Scrape configurations + specified are appended to the configurations generated by the Prometheus + Operator. Job configurations specified must have the form as specified + in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make sure it + is valid. Note that using this feature may expose the possibility to + break upgrades of Prometheus. It is advised to review Prometheus release + notes to ensure that no incompatible scrape configs are going to break + Prometheus after the upgrade. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + affinity: + description: affinity defines the Pods' affinity scheduling rules + if specified. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and subtracting + "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + alerting: + description: alerting defines the settings related to Alertmanager. + properties: + alertmanagers: + description: alertmanagers endpoints where Prometheus should send + alerts to. + items: + description: |- + AlertmanagerEndpoints defines a selection of a single Endpoints object + containing Alertmanager IPs to fire alerts against. + properties: + alertRelabelings: + description: |- + alertRelabelings defines the relabeling configs applied before sending alerts to a specific Alertmanager. + It requires Prometheus >= v2.51.0. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression + against which the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between + concatenated SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + type: array + apiVersion: + description: |- + apiVersion defines the version of the Alertmanager API that Prometheus uses to send alerts. + It can be "V1" or "V2". + The field has no effect for Prometheus >= v3.0.0 because only the v2 API is supported. + enum: + - v1 + - V1 + - v2 + - V2 + type: string + authorization: + description: |- + authorization section for Alertmanager. + + Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`. + properties: + credentials: + description: credentials defines a key of a Secret in + the namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth configuration for Alertmanager. + + Cannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenFile: + description: |- + bearerTokenFile defines the file to read bearer token for Alertmanager. + + Cannot be set at the same time as `basicAuth`, `authorization`, or `sigv4`. + + Deprecated: this will be removed in a future release. Prefer using `authorization`. + type: string + enableHttp2: + description: enableHttp2 defines whether to enable HTTP2. + type: boolean + name: + description: name of the Endpoints object in the namespace. + minLength: 1 + type: string + namespace: + description: |- + namespace of the Endpoints object. + + If not set, the object will be discovered in the namespace of the + Prometheus object. + minLength: 1 + type: string + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + pathPrefix: + description: pathPrefix defines the prefix for the HTTP + path alerts are pushed to. + minLength: 1 + type: string + port: + anyOf: + - type: integer + - type: string + description: port on which the Alertmanager API is exposed. + x-kubernetes-int-or-string: true + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + relabelings: + description: relabelings defines the relabel configuration + applied to the discovered Alertmanagers. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression + against which the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between + concatenated SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: scheme defines the HTTP scheme to use when + sending alerts. + enum: + - http + - https + - HTTP + - HTTPS + type: string + sigv4: + description: |- + sigv4 defines AWS's Signature Verification 4 for the URL. + + It requires Prometheus >= v2.48.0. + + Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`. + properties: + accessKey: + description: |- + accessKey defines the AWS API key. If not specified, the environment variable + `AWS_ACCESS_KEY_ID` is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: profile defines the named AWS profile used + to authenticate. + type: string + region: + description: region defines the AWS region. If blank, + the region from the default credentials chain used. + type: string + roleArn: + description: roleArn defines the named AWS profile used + to authenticate. + type: string + secretKey: + description: |- + secretKey defines the AWS API secret. If not specified, the environment + variable `AWS_SECRET_ACCESS_KEY` is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines the FIPS mode for the AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean + type: object + timeout: + description: timeout defines a per-target Alertmanager timeout + when pushing alerts. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tlsConfig: + description: tlsConfig to use for Alertmanager. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: caFile defines the path to the CA cert + in the Prometheus container to use for the targets. + type: string + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: certFile defines the path to the client + cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keyFile: + description: keyFile defines the path to the client + key file in the Prometheus container for the targets. + type: string + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + required: + - name + - port + type: object + type: array + required: + - alertmanagers + type: object + allowOverlappingBlocks: + description: |- + allowOverlappingBlocks enables vertical compaction and vertical query + merge in Prometheus. + + Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default. + type: boolean + apiserverConfig: + description: |- + apiserverConfig allows specifying a host and auth methods to access the + Kuberntees API server. + If null, Prometheus is assumed to run inside of the cluster: it will + discover the API servers automatically and use the Pod's CA certificate + and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + authorization: + description: |- + authorization section for the API server. + + Cannot be set at the same time as `basicAuth`, `bearerToken`, or + `bearerTokenFile`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: credentialsFile defines the file to read a secret + from, mutually exclusive with `credentials`. + type: string + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth configuration for the API server. + + Cannot be set at the same time as `authorization`, `bearerToken`, or + `bearerTokenFile`. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerToken: + description: |- + bearerToken is deprecated: this will be removed in a future release. + *Warning: this field shouldn't be used because the token value appears + in clear-text. Prefer using `authorization`.* + type: string + bearerTokenFile: + description: |- + bearerTokenFile defines the file to read bearer token for accessing apiserver. + + Cannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`. + + Deprecated: this will be removed in a future release. Prefer using `authorization`. + type: string + host: + description: |- + host defines the Kubernetes API address consisting of a hostname or IP address followed + by an optional port number. + type: string + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + tlsConfig: + description: tlsConfig to use for the API server. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: caFile defines the path to the CA cert in the + Prometheus container to use for the targets. + type: string + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: certFile defines the path to the client cert + file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keyFile: + description: keyFile defines the path to the client key file + in the Prometheus container for the targets. + type: string + keySecret: + description: keySecret defines the Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: |- + arbitraryFSAccessThroughSMs when true, ServiceMonitor, PodMonitor and Probe object are forbidden to + reference arbitrary files on the file system of the 'prometheus' + container. + When a ServiceMonitor's endpoint specifies a `bearerTokenFile` value + (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), a + malicious target can get access to the Prometheus service account's + token in the Prometheus' scrape request. Setting + `spec.arbitraryFSAccessThroughSM` to 'true' would prevent the attack. + Users should instead provide the credentials using the + `spec.bearerTokenSecret` field. + properties: + deny: + description: |- + deny prevents service monitors from accessing arbitrary files on the file system. + When true, service monitors cannot use file-based configurations like BearerTokenFile + that could potentially access sensitive files. When false (default), such access is allowed. + Setting this to true enhances security by preventing potential credential theft attacks. + type: boolean + type: object + automountServiceAccountToken: + description: |- + automountServiceAccountToken defines whether a service account token should be automatically mounted in the pod. + If the field isn't set, the operator mounts the service account token by default. + + **Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. + It is possible to use strategic merge patch to project the service account token into the 'prometheus' container. + type: boolean + baseImage: + description: 'baseImage is deprecated: use ''spec.image'' instead.' + type: string + bodySizeLimit: + description: |- + bodySizeLimit defines per-scrape on response body size. + Only valid in Prometheus versions 2.45.0 and newer. + + Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit. + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string + configMaps: + description: |- + configMaps defines a list of ConfigMaps in the same namespace as the Prometheus + object, which shall be mounted into the Prometheus Pods. + Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. + The ConfigMaps are mounted into /etc/prometheus/configmaps/ in the 'prometheus' container. + items: + type: string + type: array + containers: + description: |- + containers allows injecting additional containers or modifying operator + generated containers. This can be used to allow adding an authentication + proxy to the Pods or to change the behavior of an operator generated + container. Containers described here modify an operator generated + container if they share the same name and modifications are done via a + strategic merge patch. + + The names of containers managed by the operator are: + * `prometheus` + * `config-reloader` + * `thanos-sidecar` + + Overriding containers which are managed by the operator require careful + testing, especially when upgrading to a new version of the operator. + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps or Secrets + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies a command to execute in + the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents a duration that the container + should sleep. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies a command to execute in + the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents a duration that the container + should sleep. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + description: |- + StopSignal defines which signal will be sent to a container when it is being stopped. + If not specified, the default is defined by the container runtime in use. + StopSignal can only be set for Pods with a non-empty .spec.os.name + type: string + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This overrides the pod-level restart policy. When this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Additionally, setting the RestartPolicy as "Always" for the init container will + have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + restartPolicyRules: + description: |- + Represents a list of rules to be checked to determine if the + container should be restarted on exit. The rules are evaluated in + order. Once a rule matches a container exit condition, the remaining + rules are ignored. If no rule matches the container exit condition, + the Container-level restart policy determines the whether the container + is restarted or not. Constraints on the rules: + - At most 20 rules are allowed. + - Rules can have the same action. + - Identical rules are not forbidden in validations. + When rules are specified, container MUST set RestartPolicy explicitly + even it if matches the Pod's RestartPolicy. + items: + description: ContainerRestartRule describes how a container + exit is handled. + properties: + action: + description: |- + Specifies the action taken on a container exit if the requirements + are satisfied. The only possible value is "Restart" to restart the + container. + type: string + exitCodes: + description: Represents the exit codes to check on container + exits. + properties: + operator: + description: |- + Represents the relationship between the container exit code(s) and the + specified values. Possible values are: + - In: the requirement is satisfied if the container exit code is in the + set of specified values. + - NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + type: string + values: + description: |- + Specifies the set of values to check for container exit codes. + At most 255 elements are allowed. + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + type: object + required: + - action + type: object + type: array + x-kubernetes-list-type: atomic + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + convertClassicHistogramsToNHCB: + description: |- + convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native + histogram with custom buckets. + + It requires Prometheus >= v3.4.0. + type: boolean + disableCompaction: + description: |- + disableCompaction when true, the Prometheus compaction is disabled. + When `spec.thanos.objectStorageConfig` or `spec.objectStorageConfigFile` are defined, the operator automatically + disables block compaction to avoid race conditions during block uploads (as the Thanos documentation recommends). + type: boolean + dnsConfig: + description: dnsConfig defines the DNS configuration for the pods. + properties: + nameservers: + description: |- + nameservers defines the list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + options: + description: |- + options defines the list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. + properties: + name: + description: name is required and must be unique. + minLength: 1 + type: string + value: + description: value is optional. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + searches: + description: |- + searches defines the list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + type: object + dnsPolicy: + description: dnsPolicy defines the DNS policy for the pods. + enum: + - ClusterFirstWithHostNet + - ClusterFirst + - Default + - None + type: string + enableAdminAPI: + description: |- + enableAdminAPI defines access to the Prometheus web admin API. + + WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, + shutdown Prometheus, and more. Enabling this should be done with care and the + user is advised to add additional authentication authorization via a proxy to + ensure only clients authorized to perform these actions can do so. + + For more information: + https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis + type: boolean + enableFeatures: + description: |- + enableFeatures enables access to Prometheus feature flags. By default, no features are enabled. + + Enabling features which are disabled by default is entirely outside the + scope of what the maintainers will support and by doing so, you accept + that this behaviour may break at any time without notice. + + For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + enableOTLPReceiver: + description: |- + enableOTLPReceiver defines the Prometheus to be used as a receiver for the OTLP Metrics protocol. + + Note that the OTLP receiver endpoint is automatically enabled if `.spec.otlpConfig` is defined. + + It requires Prometheus >= v2.47.0. + type: boolean + enableRemoteWriteReceiver: + description: |- + enableRemoteWriteReceiver defines the Prometheus to be used as a receiver for the Prometheus remote + write protocol. + + WARNING: This is not considered an efficient way of ingesting samples. + Use it with caution for specific low-volume use cases. + It is not suitable for replacing the ingestion via scraping and turning + Prometheus into a push-based metrics collection system. + For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver + + It requires Prometheus >= v2.33.0. + type: boolean + enableServiceLinks: + description: enableServiceLinks defines whether information about + services should be injected into pod's environment variables + type: boolean + enforcedBodySizeLimit: + description: |- + enforcedBodySizeLimit when defined specifies a global limit on the size + of uncompressed response body that will be accepted by Prometheus. + Targets responding with a body larger than this many bytes will cause + the scrape to fail. + + It requires Prometheus >= v2.28.0. + + When both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply: + * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`. + * Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value. + * Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit. + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string + enforcedKeepDroppedTargets: + description: |- + enforcedKeepDroppedTargets when defined specifies a global limit on the number of targets + dropped by relabeling that will be kept in memory. The value overrides + any `spec.keepDroppedTargets` set by + ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is + greater than zero and less than `spec.enforcedKeepDroppedTargets`. + + It requires Prometheus >= v2.47.0. + + When both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply: + * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`. + * Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value. + * Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets. + format: int64 + type: integer + enforcedLabelLimit: + description: |- + enforcedLabelLimit when defined specifies a global limit on the number + of labels per sample. The value overrides any `spec.labelLimit` set by + ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is + greater than zero and less than `spec.enforcedLabelLimit`. + + It requires Prometheus >= v2.27.0. + + When both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply: + * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`. + * Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value. + * Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit. + format: int64 + type: integer + enforcedLabelNameLengthLimit: + description: |- + enforcedLabelNameLengthLimit when defined specifies a global limit on the length + of labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by + ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is + greater than zero and less than `spec.enforcedLabelNameLengthLimit`. + + It requires Prometheus >= v2.27.0. + + When both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply: + * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`. + * Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value. + * Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit. + format: int64 + type: integer + enforcedLabelValueLengthLimit: + description: |- + enforcedLabelValueLengthLimit when not null defines a global limit on the length + of labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by + ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is + greater than zero and less than `spec.enforcedLabelValueLengthLimit`. + + It requires Prometheus >= v2.27.0. + + When both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply: + * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`. + * Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value. + * Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit. + format: int64 + type: integer + enforcedNamespaceLabel: + description: |- + enforcedNamespaceLabel when not empty, a label will be added to: + + 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects. + 2. All metrics generated from recording rules defined in `PrometheusRule` objects. + 3. All alerts generated from alerting rules defined in `PrometheusRule` objects. + 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects. + + The label will not added for objects referenced in `spec.excludedFromEnforcement`. + + The label's name is this field's value. + The label's value is the namespace of the `ServiceMonitor`, + `PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object. + type: string + enforcedSampleLimit: + description: |- + enforcedSampleLimit when defined specifies a global limit on the number + of scraped samples that will be accepted. This overrides any + `spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects + unless `spec.sampleLimit` is greater than zero and less than + `spec.enforcedSampleLimit`. + + It is meant to be used by admins to keep the overall number of + samples/series under a desired limit. + + When both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply: + * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`. + * Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value. + * Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit. + format: int64 + type: integer + enforcedTargetLimit: + description: |- + enforcedTargetLimit when defined specifies a global limit on the number + of scraped targets. The value overrides any `spec.targetLimit` set by + ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is + greater than zero and less than `spec.enforcedTargetLimit`. + + It is meant to be used by admins to to keep the overall number of + targets under a desired limit. + + When both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply: + * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`. + * Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value. + * Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit. + format: int64 + type: integer + evaluationInterval: + default: 30s + description: |- + evaluationInterval defines the interval between rule evaluations. + Default: "30s" + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + excludedFromEnforcement: + description: |- + excludedFromEnforcement defines the list of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects + to be excluded from enforcing a namespace label of origin. + + It is only applicable if `spec.enforcedNamespaceLabel` set to true. + items: + description: ObjectReference references a PodMonitor, ServiceMonitor, + Probe or PrometheusRule object. + properties: + group: + default: monitoring.coreos.com + description: group of the referent. When not specified, it defaults + to `monitoring.coreos.com` + enum: + - monitoring.coreos.com + type: string + name: + description: name of the referent. When not set, all resources + in the namespace are matched. + type: string + namespace: + description: |- + namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + minLength: 1 + type: string + resource: + description: resource of the referent. + enum: + - prometheusrules + - servicemonitors + - podmonitors + - probes + - scrapeconfigs + type: string + required: + - namespace + - resource + type: object + type: array + exemplars: + description: |- + exemplars related settings that are runtime reloadable. + It requires to enable the `exemplar-storage` feature flag to be effective. + properties: + maxSize: + description: |- + maxSize defines the maximum number of exemplars stored in memory for all series. + + exemplar-storage itself must be enabled using the `spec.enableFeature` + option for exemplars to be scraped in the first place. + + If not set, Prometheus uses its default value. A value of zero or less + than zero disables the storage. + format: int64 + type: integer + type: object + externalLabels: + additionalProperties: + type: string + description: |- + externalLabels defines the labels to add to any time series or alerts when communicating with + external systems (federation, remote storage, Alertmanager). + Labels defined by `spec.replicaExternalLabelName` and + `spec.prometheusExternalLabelName` take precedence over this list. + type: object + externalUrl: + description: |- + externalUrl defines the external URL under which the Prometheus service is externally + available. This is necessary to generate correct URLs (for instance if + Prometheus is accessible behind an Ingress resource). + type: string + hostAliases: + description: |- + hostAliases defines the optional list of hosts and IPs that will be injected into the Pod's + hosts file if specified. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: hostnames defines hostnames for the above IP address. + items: + type: string + type: array + ip: + description: ip defines the IP address of the host file entry. + type: string + required: + - hostnames + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostNetwork: + description: |- + hostNetwork defines the host's network namespace if true. + + Make sure to understand the security implications if you want to enable + it (https://kubernetes.io/docs/concepts/configuration/overview/ ). + + When hostNetwork is enabled, this will set the DNS policy to + `ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set + to a different value). + type: boolean + hostUsers: + description: |- + hostUsers supports the user space in Kubernetes. + + More info: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/ + + The feature requires at least Kubernetes 1.28 with the `UserNamespacesSupport` feature gate enabled. + Starting Kubernetes 1.33, the feature is enabled by default. + type: boolean + ignoreNamespaceSelectors: + description: |- + ignoreNamespaceSelectors when true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor + and Probe objects will be ignored. They will only discover targets + within the namespace of the PodMonitor, ServiceMonitor and Probe + object. + type: boolean + image: + description: |- + image defines the container image name for Prometheus. If specified, it takes precedence + over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. + + Specifying `spec.version` is still necessary to ensure the Prometheus + Operator knows which version of Prometheus is being configured. + + If neither `spec.image` nor `spec.baseImage` are defined, the operator + will use the latest upstream version of Prometheus available at the time + when the operator was released. + type: string + imagePullPolicy: + description: |- + imagePullPolicy defines the image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers. + See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. + enum: + - "" + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: |- + imagePullSecrets defines an optional list of references to Secrets in the same namespace + to use for pulling images from registries. + See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + initContainers allows injecting initContainers to the Pod definition. Those + can be used to e.g. fetch secrets for injection into the Prometheus + configuration from external sources. Any errors during the execution of + an initContainer will lead to a restart of the Pod. More info: + https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + InitContainers described here modify an operator generated init + containers if they share the same name and modifications are done via a + strategic merge patch. + + The names of init container name managed by the operator are: + * `init-config-reloader`. + + Overriding init containers which are managed by the operator require + careful testing, especially when upgrading to a new version of the + operator. + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps or Secrets + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies a command to execute in + the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents a duration that the container + should sleep. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies a command to execute in + the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents a duration that the container + should sleep. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + description: |- + StopSignal defines which signal will be sent to a container when it is being stopped. + If not specified, the default is defined by the container runtime in use. + StopSignal can only be set for Pods with a non-empty .spec.os.name + type: string + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This overrides the pod-level restart policy. When this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Additionally, setting the RestartPolicy as "Always" for the init container will + have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + restartPolicyRules: + description: |- + Represents a list of rules to be checked to determine if the + container should be restarted on exit. The rules are evaluated in + order. Once a rule matches a container exit condition, the remaining + rules are ignored. If no rule matches the container exit condition, + the Container-level restart policy determines the whether the container + is restarted or not. Constraints on the rules: + - At most 20 rules are allowed. + - Rules can have the same action. + - Identical rules are not forbidden in validations. + When rules are specified, container MUST set RestartPolicy explicitly + even it if matches the Pod's RestartPolicy. + items: + description: ContainerRestartRule describes how a container + exit is handled. + properties: + action: + description: |- + Specifies the action taken on a container exit if the requirements + are satisfied. The only possible value is "Restart" to restart the + container. + type: string + exitCodes: + description: Represents the exit codes to check on container + exits. + properties: + operator: + description: |- + Represents the relationship between the container exit code(s) and the + specified values. Possible values are: + - In: the requirement is satisfied if the container exit code is in the + set of specified values. + - NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + type: string + values: + description: |- + Specifies the set of values to check for container exit codes. + At most 255 elements are allowed. + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + type: object + required: + - action + type: object + type: array + x-kubernetes-list-type: atomic + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + keepDroppedTargets: + description: |- + keepDroppedTargets defines the per-scrape limit on the number of targets dropped by relabeling + that will be kept in memory. 0 means no limit. + + It requires Prometheus >= v2.47.0. + + Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets. + format: int64 + type: integer + labelLimit: + description: |- + labelLimit defines per-scrape limit on number of labels that will be accepted for a sample. + Only valid in Prometheus versions 2.45.0 and newer. + + Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit. + format: int64 + type: integer + labelNameLengthLimit: + description: |- + labelNameLengthLimit defines the per-scrape limit on length of labels name that will be accepted for a sample. + Only valid in Prometheus versions 2.45.0 and newer. + + Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit. + format: int64 + type: integer + labelValueLengthLimit: + description: |- + labelValueLengthLimit defines the per-scrape limit on length of labels value that will be accepted for a sample. + Only valid in Prometheus versions 2.45.0 and newer. + + Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit. + format: int64 + type: integer + listenLocal: + description: |- + listenLocal when true, the Prometheus server listens on the loopback address + instead of the Pod IP's address. + type: boolean + logFormat: + description: logFormat for Log level for Prometheus and the config-reloader + sidecar. + enum: + - "" + - logfmt + - json + type: string + logLevel: + description: logLevel for Prometheus and the config-reloader sidecar. + enum: + - "" + - debug + - info + - warn + - error + type: string + maximumStartupDurationSeconds: + description: |- + maximumStartupDurationSeconds defines the maximum time that the `prometheus` container's startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete. + If set, the value should be greater than 60 (seconds). Otherwise it will be equal to 900 seconds (15 minutes). + format: int32 + minimum: 60 + type: integer + minReadySeconds: + description: |- + minReadySeconds defines the minimum number of seconds for which a newly created Pod should be ready + without any of its container crashing for it to be considered available. + + If unset, pods will be considered available as soon as they are ready. + format: int32 + minimum: 0 + type: integer + nameEscapingScheme: + description: |- + nameEscapingScheme defines the character escaping scheme that will be requested when scraping + for metric and label names that do not conform to the legacy Prometheus + character set. + + It requires Prometheus >= v3.4.0. + enum: + - AllowUTF8 + - Underscores + - Dots + - Values + type: string + nameValidationScheme: + description: |- + nameValidationScheme defines the validation scheme for metric and label names. + + It requires Prometheus >= v2.55.0. + enum: + - UTF8 + - Legacy + type: string + nodeSelector: + additionalProperties: + type: string + description: nodeSelector defines on which Nodes the Pods are scheduled. + type: object + otlp: + description: |- + otlp defines the settings related to the OTLP receiver feature. + It requires Prometheus >= v2.55.0. + properties: + convertHistogramsToNHCB: + description: |- + convertHistogramsToNHCB defines optional translation of OTLP explicit bucket histograms into native histograms with custom buckets. + It requires Prometheus >= v3.4.0. + type: boolean + ignoreResourceAttributes: + description: |- + ignoreResourceAttributes defines the list of OpenTelemetry resource attributes to ignore when `promoteAllResourceAttributes` is true. + + It requires `promoteAllResourceAttributes` to be true. + It requires Prometheus >= v3.5.0. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + keepIdentifyingResourceAttributes: + description: |- + keepIdentifyingResourceAttributes enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean + promoteAllResourceAttributes: + description: |- + promoteAllResourceAttributes promotes all resource attributes to metric labels except the ones defined in `ignoreResourceAttributes`. + + Cannot be true when `promoteResourceAttributes` is defined. + It requires Prometheus >= v3.5.0. + type: boolean + promoteResourceAttributes: + description: |- + promoteResourceAttributes defines the list of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. + Cannot be defined when `promoteAllResourceAttributes` is true. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + promoteScopeMetadata: + description: |- + promoteScopeMetadata controls whether to promote OpenTelemetry scope metadata (i.e. name, version, schema URL, and attributes) to metric labels. + As per the OpenTelemetry specification, the aforementioned scope metadata should be identifying, i.e. made into metric labels. + It requires Prometheus >= v3.6.0. + type: boolean + translationStrategy: + description: |- + translationStrategy defines how the OTLP receiver endpoint translates the incoming metrics. + + It requires Prometheus >= v3.0.0. + enum: + - NoUTF8EscapingWithSuffixes + - UnderscoreEscapingWithSuffixes + - NoTranslation + - UnderscoreEscapingWithoutSuffixes + type: string + type: object + overrideHonorLabels: + description: |- + overrideHonorLabels when true, Prometheus resolves label conflicts by renaming the labels in the scraped data + to “exported_” for all targets created from ServiceMonitor, PodMonitor and + ScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies. + In practice,`OverrideHonorLabels:true` enforces `honorLabels:false` + for all ServiceMonitor, PodMonitor and ScrapeConfig objects. + type: boolean + overrideHonorTimestamps: + description: |- + overrideHonorTimestamps when true, Prometheus ignores the timestamps for all the targets created + from service and pod monitors. + Otherwise the HonorTimestamps field of the service or pod monitor applies. + type: boolean + paused: + description: |- + paused defines when a Prometheus deployment is paused, no actions except for deletion + will be performed on the underlying objects. + type: boolean + persistentVolumeClaimRetentionPolicy: + description: |- + persistentVolumeClaimRetentionPolicy defines the field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. + The default behavior is all PVCs are retained. + This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. + It requires enabling the StatefulSetAutoDeletePVC feature gate. + properties: + whenDeleted: + description: |- + WhenDeleted specifies what happens to PVCs created from StatefulSet + VolumeClaimTemplates when the StatefulSet is deleted. The default policy + of `Retain` causes PVCs to not be affected by StatefulSet deletion. The + `Delete` policy causes those PVCs to be deleted. + type: string + whenScaled: + description: |- + WhenScaled specifies what happens to PVCs created from StatefulSet + VolumeClaimTemplates when the StatefulSet is scaled down. The default + policy of `Retain` causes PVCs to not be affected by a scaledown. The + `Delete` policy causes the associated PVCs for any excess pods above + the replica count to be deleted. + type: string + type: object + podManagementPolicy: + description: |- + podManagementPolicy defines the policy for creating/deleting pods when + scaling up and down. + + Unlike the default StatefulSet behavior, the default policy is + `Parallel` to avoid manual intervention in case a pod gets stuck during + a rollout. + + Note that updating this value implies the recreation of the StatefulSet + which incurs a service outage. + enum: + - OrderedReady + - Parallel + type: string + podMetadata: + description: |- + podMetadata defines labels and annotations which are propagated to the Prometheus pods. + + The following items are reserved and cannot be overridden: + * "prometheus" label, set to the name of the Prometheus object. + * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. + * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". + * "app.kubernetes.io/name" label, set to "prometheus". + * "app.kubernetes.io/version" label, set to the Prometheus version. + * "operator.prometheus.io/name" label, set to the name of the Prometheus object. + * "operator.prometheus.io/shard" label, set to the shard number of the Prometheus object. + * "kubectl.kubernetes.io/default-container" annotation, set to "prometheus". + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations defines an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + type: object + labels: + additionalProperties: + type: string + description: |- + labels define the map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + name: + description: |- + name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/ + type: string + type: object + podMonitorNamespaceSelector: + description: |- + podMonitorNamespaceSelector defines the namespaces to match for PodMonitors discovery. An empty label selector + matches all namespaces. A null label selector (default value) matches the current + namespace only. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + podMonitorSelector: + description: |- + podMonitorSelector defines the podMonitors to be selected for target discovery. An empty label selector + matches all objects. A null label selector matches no objects. + + If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` + and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. + The Prometheus operator will ensure that the Prometheus configuration's + Secret exists, but it is the responsibility of the user to provide the raw + gzipped Prometheus configuration under the `prometheus.yaml.gz` key. + This behavior is *deprecated* and will be removed in the next major version + of the custom resource definition. It is recommended to use + `spec.additionalScrapeConfigs` instead. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + podTargetLabels: + description: |- + podTargetLabels are appended to the `spec.podTargetLabels` field of all + PodMonitor and ServiceMonitor objects. + items: + type: string + type: array + portName: + default: web + description: |- + portName used for the pods and governing service. + Default: "web" + type: string + priorityClassName: + description: priorityClassName assigned to the Pods. + type: string + probeNamespaceSelector: + description: |- + probeNamespaceSelector defines the namespaces to match for Probe discovery. An empty label + selector matches all namespaces. A null label selector matches the + current namespace only. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + probeSelector: + description: |- + probeSelector defines the probes to be selected for target discovery. An empty label selector + matches all objects. A null label selector matches no objects. + + If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` + and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. + The Prometheus operator will ensure that the Prometheus configuration's + Secret exists, but it is the responsibility of the user to provide the raw + gzipped Prometheus configuration under the `prometheus.yaml.gz` key. + This behavior is *deprecated* and will be removed in the next major version + of the custom resource definition. It is recommended to use + `spec.additionalScrapeConfigs` instead. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + prometheusExternalLabelName: + description: |- + prometheusExternalLabelName defines the name of Prometheus external label used to denote the Prometheus instance + name. The external label will _not_ be added when the field is set to + the empty string (`""`). + + Default: "prometheus" + type: string + prometheusRulesExcludedFromEnforce: + description: |- + prometheusRulesExcludedFromEnforce defines the list of PrometheusRule objects to which the namespace label + enforcement doesn't apply. + This is only relevant when `spec.enforcedNamespaceLabel` is set to true. + Deprecated: use `spec.excludedFromEnforcement` instead. + items: + description: |- + PrometheusRuleExcludeConfig enables users to configure excluded + PrometheusRule names and their namespaces to be ignored while enforcing + namespace label for alerts and metrics. + properties: + ruleName: + description: ruleName defines the name of the excluded PrometheusRule + object. + type: string + ruleNamespace: + description: ruleNamespace defines the namespace of the excluded + PrometheusRule object. + type: string + required: + - ruleName + - ruleNamespace + type: object + type: array + query: + description: query defines the configuration of the Prometheus query + service. + properties: + lookbackDelta: + description: lookbackDelta defines the delta difference allowed + for retrieving metrics during expression evaluations. + type: string + maxConcurrency: + description: maxConcurrency defines the number of concurrent queries + that can be run at once. + format: int32 + minimum: 1 + type: integer + maxSamples: + description: |- + maxSamples defines the maximum number of samples a single query can load into memory. Note that + queries will fail if they would load more samples than this into memory, + so this also limits the number of samples a query can return. + format: int32 + type: integer + timeout: + description: timeout defines the maximum time a query may take + before being aborted. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + queryLogFile: + description: |- + queryLogFile specifies where the file to which PromQL queries are logged. + + If the filename has an empty path, e.g. 'query.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/query.log', you + must mount a volume in the specified directory and it must be writable. + This is because the prometheus container runs with a read-only root + filesystem for security reasons. + Alternatively, the location can be set to a standard I/O stream, e.g. + `/dev/stdout`, to log query information to the default Prometheus log + stream. + type: string + reloadStrategy: + description: |- + reloadStrategy defines the strategy used to reload the Prometheus configuration. + If not specified, the configuration is reloaded using the /-/reload HTTP endpoint. + enum: + - HTTP + - ProcessSignal + type: string + remoteRead: + description: remoteRead defines the list of remote read configurations. + items: + description: |- + RemoteReadSpec defines the configuration for Prometheus to read back samples + from a remote endpoint. + properties: + authorization: + description: |- + authorization section for the URL. + + It requires Prometheus >= v2.26.0. + + Cannot be set at the same time as `basicAuth`, or `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: credentialsFile defines the file to read a + secret from, mutually exclusive with `credentials`. + type: string + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth configuration for the URL. + + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerToken: + description: |- + bearerToken is deprecated: this will be removed in a future release. + *Warning: this field shouldn't be used because the token value appears + in clear-text. Prefer using `authorization`.* + type: string + bearerTokenFile: + description: |- + bearerTokenFile defines the file from which to read the bearer token for the URL. + + Deprecated: this will be removed in a future release. Prefer using `authorization`. + type: string + filterExternalLabels: + description: |- + filterExternalLabels defines whether to use the external labels as selectors for the remote read endpoint. + + It requires Prometheus >= v2.34.0. + type: boolean + followRedirects: + description: |- + followRedirects defines whether HTTP requests follow HTTP 3xx redirects. + + It requires Prometheus >= v2.26.0. + type: boolean + headers: + additionalProperties: + type: string + description: |- + headers defines the custom HTTP headers to be sent along with each remote read request. + Be aware that headers that are set by Prometheus itself can't be overwritten. + Only valid in Prometheus versions 2.26.0 and newer. + type: object + name: + description: |- + name of the remote read queue, it must be unique if specified. The + name is used in metrics and logging in order to differentiate read + configurations. + + It requires Prometheus >= v2.15.0. + type: string + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 configuration for the URL. + + It requires Prometheus >= v2.27.0. + + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + readRecent: + description: |- + readRecent defines whether reads should be made for queries for time ranges that + the local storage should have complete data for. + type: boolean + remoteTimeout: + description: remoteTimeout defines the timeout for requests + to the remote read endpoint. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + requiredMatchers: + additionalProperties: + type: string + description: |- + requiredMatchers defines an optional list of equality matchers which have to be present + in a selector to query the remote read endpoint. + type: object + tlsConfig: + description: tlsConfig to use for the URL. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: caFile defines the path to the CA cert in the + Prometheus container to use for the targets. + type: string + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: certFile defines the path to the client cert + file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keyFile: + description: keyFile defines the path to the client key + file in the Prometheus container for the targets. + type: string + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + url: + description: url defines the URL of the endpoint to query from. + type: string + required: + - url + type: object + type: array + remoteWrite: + description: remoteWrite defines the list of remote write configurations. + items: + description: |- + RemoteWriteSpec defines the configuration to write samples from Prometheus + to a remote endpoint. + properties: + authorization: + description: |- + authorization section for the URL. + + It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. + + Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: credentialsFile defines the file to read a + secret from, mutually exclusive with `credentials`. + type: string + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + azureAd: + description: |- + azureAd for the URL. + + It requires Prometheus >= v2.45.0 or Thanos >= v0.31.0. + + Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`. + properties: + cloud: + description: cloud defines the Azure Cloud. Options are + 'AzurePublic', 'AzureChina', or 'AzureGovernment'. + enum: + - AzureChina + - AzureGovernment + - AzurePublic + type: string + managedIdentity: + description: |- + managedIdentity defines the Azure User-assigned Managed identity. + Cannot be set at the same time as `oauth`, `sdk` or `workloadIdentity`. + properties: + clientId: + description: |- + clientId defines the Azure User-assigned Managed identity. + + For Prometheus >= 3.5.0 and Thanos >= 0.40.0, this field is allowed to be empty to support system-assigned managed identities. + minLength: 1 + type: string + type: object + oauth: + description: |- + oauth defines the oauth config that is being used to authenticate. + Cannot be set at the same time as `managedIdentity`, `sdk` or `workloadIdentity`. + + It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0. + properties: + clientId: + description: clientId defines the clientId of the Azure + Active Directory application that is being used to + authenticate. + minLength: 1 + type: string + clientSecret: + description: clientSecret specifies a key of a Secret + containing the client secret of the Azure Active Directory + application that is being used to authenticate. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tenantId: + description: tenantId is the tenant ID of the Azure + Active Directory application that is being used to + authenticate. + minLength: 1 + pattern: ^[0-9a-zA-Z-.]+$ + type: string + required: + - clientId + - clientSecret + - tenantId + type: object + scope: + description: |- + scope is the custom OAuth 2.0 scope to request when acquiring tokens. + It requires Prometheus >= 3.9.0. Currently not supported by Thanos. + pattern: ^[\w\s:/.\\-]+$ + type: string + sdk: + description: |- + sdk defines the Azure SDK config that is being used to authenticate. + See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication + Cannot be set at the same time as `oauth`, `managedIdentity` or `workloadIdentity`. + + It requires Prometheus >= v2.52.0 or Thanos >= v0.36.0. + properties: + tenantId: + description: tenantId defines the tenant ID of the azure + active directory application that is being used to + authenticate. + pattern: ^[0-9a-zA-Z-.]+$ + type: string + type: object + workloadIdentity: + description: |- + workloadIdentity defines the Azure Workload Identity authentication. + Cannot be set at the same time as `oauth`, `managedIdentity`, or `sdk`. + + It requires Prometheus >= 3.7.0. Currently not supported by Thanos. + properties: + clientId: + description: clientId is the clientID of the Azure Active + Directory application. + minLength: 1 + type: string + tenantId: + description: tenantId is the tenant ID of the Azure + Active Directory application. + minLength: 1 + type: string + required: + - clientId + - tenantId + type: object + type: object + basicAuth: + description: |- + basicAuth configuration for the URL. + + Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerToken: + description: |- + bearerToken is deprecated: this will be removed in a future release. + *Warning: this field shouldn't be used because the token value appears + in clear-text. Prefer using `authorization`.* + type: string + bearerTokenFile: + description: |- + bearerTokenFile defines the file from which to read bearer token for the URL. + + Deprecated: this will be removed in a future release. Prefer using `authorization`. + type: string + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects defines whether HTTP requests follow HTTP 3xx redirects. + + It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. + type: boolean + headers: + additionalProperties: + type: string + description: |- + headers defines the custom HTTP headers to be sent along with each remote write request. + Be aware that headers that are set by Prometheus itself can't be overwritten. + + It requires Prometheus >= v2.25.0 or Thanos >= v0.24.0. + type: object + messageVersion: + description: |- + messageVersion defines the Remote Write message's version to use when writing to the endpoint. + + `Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0. + `Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0. + + When `Version2.0` is selected, Prometheus will automatically be + configured to append the metadata of scraped metrics to the WAL. + + Before setting this field, consult with your remote storage provider + what message version it supports. + + It requires Prometheus >= v2.54.0 or Thanos >= v0.37.0. + enum: + - V1.0 + - V2.0 + type: string + metadataConfig: + description: |- + metadataConfig defines how to send a series metadata to the remote storage. + + When the field is empty, **no metadata** is sent. But when the field is + null, metadata is sent. + properties: + maxSamplesPerSend: + description: |- + maxSamplesPerSend defines the maximum number of metadata samples per send. + + It requires Prometheus >= v2.29.0. + format: int32 + minimum: -1 + type: integer + send: + description: send defines whether metric metadata is sent + to the remote storage or not. + type: boolean + sendInterval: + description: sendInterval defines how frequently metric + metadata is sent to the remote storage. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + name: + description: |- + name of the remote write queue, it must be unique if specified. The + name is used in metrics and logging in order to differentiate queues. + + It requires Prometheus >= v2.15.0 or Thanos >= 0.24.0. + type: string + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 configuration for the URL. + + It requires Prometheus >= v2.27.0 or Thanos >= v0.24.0. + + Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + queueConfig: + description: queueConfig allows tuning of the remote write queue + parameters. + properties: + batchSendDeadline: + description: batchSendDeadline defines the maximum time + a sample will wait in buffer. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + capacity: + description: |- + capacity defines the number of samples to buffer per shard before we start + dropping them. + type: integer + maxBackoff: + description: maxBackoff defines the maximum retry delay. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + maxRetries: + description: maxRetries defines the maximum number of times + to retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: maxSamplesPerSend defines the maximum number + of samples per send. + type: integer + maxShards: + description: maxShards defines the maximum number of shards, + i.e. amount of concurrency. + type: integer + minBackoff: + description: minBackoff defines the initial retry delay. + Gets doubled for every retry. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + minShards: + description: minShards defines the minimum number of shards, + i.e. amount of concurrency. + type: integer + retryOnRateLimit: + description: |- + retryOnRateLimit defines the retry upon receiving a 429 status code from the remote-write storage. + + This is an *experimental feature*, it may change in any upcoming release + in a breaking way. + type: boolean + sampleAgeLimit: + description: |- + sampleAgeLimit drops samples older than the limit. + It requires Prometheus >= v2.50.0 or Thanos >= v0.32.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + remoteTimeout: + description: remoteTimeout defines the timeout for requests + to the remote write endpoint. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + roundRobinDNS: + description: "roundRobinDNS controls the DNS resolution behavior + for remote-write connections.\nWhen enabled:\n - The remote-write + mechanism will resolve the hostname via DNS.\n - It will + randomly select one of the resolved IP addresses and connect + to it.\n\nWhen disabled (default behavior):\n - The Go standard + library will handle hostname resolution.\n - It will attempt + connections to each resolved IP address sequentially.\n\nNote: + The connection timeout applies to the entire resolution and + connection process.\n\n\tIf disabled, the timeout is distributed + across all connection attempts.\n\nIt requires Prometheus + >= v3.1.0 or Thanos >= v0.38.0." + type: boolean + sendExemplars: + description: |- + sendExemplars enables sending of exemplars over remote write. Note that + exemplar-storage itself must be enabled using the `spec.enableFeatures` + option for exemplars to be scraped in the first place. + + It requires Prometheus >= v2.27.0 or Thanos >= v0.24.0. + type: boolean + sendNativeHistograms: + description: |- + sendNativeHistograms enables sending of native histograms, also known as sparse histograms + over remote write. + + It requires Prometheus >= v2.40.0 or Thanos >= v0.30.0. + type: boolean + sigv4: + description: |- + sigv4 defines the AWS's Signature Verification 4 for the URL. + + It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. + + Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`. + properties: + accessKey: + description: |- + accessKey defines the AWS API key. If not specified, the environment variable + `AWS_ACCESS_KEY_ID` is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: profile defines the named AWS profile used + to authenticate. + type: string + region: + description: region defines the AWS region. If blank, the + region from the default credentials chain used. + type: string + roleArn: + description: roleArn defines the named AWS profile used + to authenticate. + type: string + secretKey: + description: |- + secretKey defines the AWS API secret. If not specified, the environment + variable `AWS_SECRET_ACCESS_KEY` is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines the FIPS mode for the AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean + type: object + tlsConfig: + description: tlsConfig to use for the URL. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: caFile defines the path to the CA cert in the + Prometheus container to use for the targets. + type: string + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: certFile defines the path to the client cert + file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keyFile: + description: keyFile defines the path to the client key + file in the Prometheus container for the targets. + type: string + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + url: + description: |- + url defines the URL of the endpoint to send samples to. + + It must use the HTTP or HTTPS scheme. + pattern: ^(http|https)://.+$ + type: string + writeRelabelConfigs: + description: writeRelabelConfigs defines the list of remote + write relabel configurations. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression against + which the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + remoteWriteReceiverMessageVersions: + description: |- + remoteWriteReceiverMessageVersions list of the protobuf message versions to accept when receiving the + remote writes. + + It requires Prometheus >= v2.54.0. + items: + enum: + - V1.0 + - V2.0 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + replicaExternalLabelName: + description: |- + replicaExternalLabelName defines the name of Prometheus external label used to denote the replica name. + The external label will _not_ be added when the field is set to the + empty string (`""`). + + Default: "prometheus_replica" + type: string + replicas: + description: |- + replicas defines the number of replicas of each shard to deploy for a Prometheus deployment. + `spec.replicas` multiplied by `spec.shards` is the total number of Pods + created. + + Default: 1 + format: int32 + type: integer + resources: + description: resources defines the resources requests and limits of + the 'prometheus' container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + retention: + description: |- + retention defines how long to retain the Prometheus data. + + Default: "24h" if `spec.retention` and `spec.retentionSize` are empty. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + retentionSize: + description: retentionSize defines the maximum number of bytes used + by the Prometheus data. + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string + routePrefix: + description: |- + routePrefix defines the route prefix Prometheus registers HTTP handlers for. + + This is useful when using `spec.externalURL`, and a proxy is rewriting + HTTP routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + ruleNamespaceSelector: + description: |- + ruleNamespaceSelector defines the namespaces to match for PrometheusRule discovery. An empty label selector + matches all namespaces. A null label selector matches the current + namespace only. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + ruleQueryOffset: + description: |- + ruleQueryOffset defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. + It requires Prometheus >= v2.53.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + ruleSelector: + description: |- + ruleSelector defines the prometheusRule objects to be selected for rule evaluation. An empty + label selector matches all objects. A null label selector matches no + objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + rules: + description: rules defines the configuration of the Prometheus rules' + engine. + properties: + alert: + description: |- + alert defines the parameters of the Prometheus rules' engine. + + Any update to these parameters trigger a restart of the pods. + properties: + forGracePeriod: + description: |- + forGracePeriod defines the minimum duration between alert and restored 'for' state. + + This is maintained only for alerts with a configured 'for' time greater + than the grace period. + type: string + forOutageTolerance: + description: |- + forOutageTolerance defines the max time to tolerate prometheus outage for restoring 'for' state of + alert. + type: string + resendDelay: + description: |- + resendDelay defines the minimum amount of time to wait before resending an alert to + Alertmanager. + type: string + type: object + type: object + runtime: + description: runtime defines the values for the Prometheus process + behavior + properties: + goGC: + description: |- + goGC defines the Go garbage collection target percentage. Lowering this number may increase the CPU usage. + See: https://tip.golang.org/doc/gc-guide#GOGC + format: int32 + minimum: -1 + type: integer + type: object + sampleLimit: + description: |- + sampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + Only valid in Prometheus versions 2.45.0 and newer. + + Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit. + format: int64 + type: integer + schedulerName: + description: schedulerName defines the scheduler to use for Pod scheduling. + If not specified, the default scheduler is used. + minLength: 1 + type: string + scrapeClasses: + description: |- + scrapeClasses defines the list of scrape classes to expose to scraping objects such as + PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. + + This is an *experimental feature*, it may change in any upcoming release + in a breaking way. + items: + properties: + attachMetadata: + description: |- + attachMetadata defines additional metadata to the discovered targets. + When the scrape object defines its own configuration, it takes + precedence over the scrape class configuration. + properties: + node: + description: |- + node when set to true, Prometheus attaches node metadata to the discovered + targets. + + The Prometheus service account must have the `list` and `watch` + permissions on the `Nodes` objects. + type: boolean + type: object + authorization: + description: |- + authorization section for the ScrapeClass. + It will only apply if the scrape resource doesn't specify any Authorization. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: credentialsFile defines the file to read a + secret from, mutually exclusive with `credentials`. + type: string + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + default: + description: |- + default defines that the scrape applies to all scrape objects that + don't configure an explicit scrape class name. + + Only one scrape class can be set as the default. + type: boolean + fallbackScrapeProtocol: + description: |- + fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + metricRelabelings: + description: |- + metricRelabelings defines the relabeling rules to apply to all samples before ingestion. + + The Operator adds the scrape class metric relabelings defined here. + Then the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs. + Then the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression against + which the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + type: array + name: + description: name of the scrape class. + minLength: 1 + type: string + relabelings: + description: |- + relabelings defines the relabeling rules to apply to all scrape targets. + + The Operator automatically adds relabelings for a few standard Kubernetes fields + like `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`. + Then the Operator adds the scrape class relabelings defined here. + Then the Operator adds the target-specific relabelings defined in the scrape object. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression against + which the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for the scrape. When the + scrape objects define their own CA, certificate and/or key, they take + precedence over the corresponding scrape class fields. + + For now only the `caFile`, `certFile` and `keyFile` fields are supported. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: caFile defines the path to the CA cert in the + Prometheus container to use for the targets. + type: string + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: certFile defines the path to the client cert + file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keyFile: + description: keyFile defines the path to the client key + file in the Prometheus container for the targets. + type: string + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + scrapeClassicHistograms: + description: |- + scrapeClassicHistograms defines whether to scrape a classic histogram that is also exposed as a native histogram. + + Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration. + + It requires Prometheus >= v3.5.0. + type: boolean + scrapeConfigNamespaceSelector: + description: |- + scrapeConfigNamespaceSelector defines the namespaces to match for ScrapeConfig discovery. An empty label selector + matches all namespaces. A null label selector matches the current + namespace only. + + Note that the ScrapeConfig custom resource definition is currently at Alpha level. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + scrapeConfigSelector: + description: |- + scrapeConfigSelector defines the scrapeConfigs to be selected for target discovery. An empty label + selector matches all objects. A null label selector matches no objects. + + If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` + and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. + The Prometheus operator will ensure that the Prometheus configuration's + Secret exists, but it is the responsibility of the user to provide the raw + gzipped Prometheus configuration under the `prometheus.yaml.gz` key. + This behavior is *deprecated* and will be removed in the next major version + of the custom resource definition. It is recommended to use + `spec.additionalScrapeConfigs` instead. + + Note that the ScrapeConfig custom resource definition is currently at Alpha level. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + scrapeFailureLogFile defines the file to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string + scrapeInterval: + default: 30s + description: |- + scrapeInterval defines interval between consecutive scrapes. + + Default: "30s" + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + scrapeNativeHistograms: + description: |- + scrapeNativeHistograms defines whether to enable scraping of native histograms. + It requires Prometheus >= v3.8.0. + type: boolean + scrapeProtocols: + description: |- + scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the + protocols supported by Prometheus in order of preference (from most to least preferred). + + If unset, Prometheus uses its default value. + + It requires Prometheus >= v2.49.0. + + `PrometheusText1.0.0` requires Prometheus >= v3.0.0. + items: + description: |- + ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. + Supported values are: + * `OpenMetricsText0.0.1` + * `OpenMetricsText1.0.0` + * `PrometheusProto` + * `PrometheusText0.0.4` + * `PrometheusText1.0.0` + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + type: array + x-kubernetes-list-type: set + scrapeTimeout: + description: |- + scrapeTimeout defines the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + secrets: + description: |- + secrets defines a list of Secrets in the same namespace as the Prometheus + object, which shall be mounted into the Prometheus Pods. + Each Secret is added to the StatefulSet definition as a volume named `secret-`. + The Secrets are mounted into /etc/prometheus/secrets/ in the 'prometheus' container. + items: + type: string + type: array + x-kubernetes-list-type: set + securityContext: + description: |- + securityContext holds pod-level security attributes and common container settings. + This defaults to the default PodSecurityContext. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxChangePolicy: + description: |- + seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. + It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. + Valid values are "MountOption" and "Recursive". + + "Recursive" means relabeling of all files on all Pod volumes by the container runtime. + This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + This requires all Pods that share the same volume to use the same SELinux label. + It is not possible to share the same volume among privileged and unprivileged Pods. + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes + whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their + CSIDriver instance. Other volumes are always re-labelled recursively. + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. + If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes + and "Recursive" for all other volumes. + + This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. + + All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. + Note that this field cannot be set when spec.os.name is windows. + type: string + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: |- + serviceAccountName is the name of the ServiceAccount to use to run the + Prometheus Pods. + type: string + serviceDiscoveryRole: + description: |- + serviceDiscoveryRole defines the service discovery role used to discover targets from + `ServiceMonitor` objects and Alertmanager endpoints. + + If set, the value should be either "Endpoints" or "EndpointSlice". + If unset, the operator assumes the "Endpoints" role. + enum: + - Endpoints + - EndpointSlice + type: string + serviceMonitorNamespaceSelector: + description: |- + serviceMonitorNamespaceSelector defines the namespaces to match for ServicedMonitors discovery. An empty label selector + matches all namespaces. A null label selector (default value) matches the current + namespace only. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + serviceMonitorSelector: + description: |- + serviceMonitorSelector defines the serviceMonitors to be selected for target discovery. An empty label + selector matches all objects. A null label selector matches no objects. + + If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` + and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. + The Prometheus operator will ensure that the Prometheus configuration's + Secret exists, but it is the responsibility of the user to provide the raw + gzipped Prometheus configuration under the `prometheus.yaml.gz` key. + This behavior is *deprecated* and will be removed in the next major version + of the custom resource definition. It is recommended to use + `spec.additionalScrapeConfigs` instead. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + serviceName: + description: |- + serviceName defines the name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string + sha: + description: 'sha is deprecated: use ''spec.image'' instead. The image''s + digest can be specified as part of the image name.' + type: string + shardRetentionPolicy: + description: |- + shardRetentionPolicy defines the retention policy for the Prometheus shards. + (Alpha) Using this field requires the 'PrometheusShardRetentionPolicy' feature gate to be enabled. + + The final goals for this feature can be seen at https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/proposals/202310-shard-autoscaling.md#graceful-scale-down-of-prometheus-servers, + however, the feature is not yet fully implemented in this PR. The limitation being: + * Retention duration is not settable, for now, shards are retained forever. + properties: + retain: + description: |- + retain defines the config for retention when the retention policy is set to `Retain`. + This field is ineffective as of now. + properties: + retentionPeriod: + description: retentionPeriod defines the retentionPeriod for + shard retention policy. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - retentionPeriod + type: object + whenScaled: + description: |- + whenScaled defines the retention policy when the Prometheus shards are scaled down. + * `Delete`, the operator will delete the pods from the scaled-down shard(s). + * `Retain`, the operator will keep the pods from the scaled-down shard(s), so the data can still be queried. + + If not defined, the operator assumes the `Delete` value. + enum: + - Retain + - Delete + type: string + type: object + shards: + description: |- + shards defines the number of shards to distribute the scraped targets onto. + + `spec.replicas` multiplied by `spec.shards` is the total number of Pods + being created. + + When not defined, the operator assumes only one shard. + + Note that scaling down shards will not reshard data onto the remaining + instances, it must be manually moved. Increasing shards will not reshard + data either but it will continue to be available from the same + instances. To query globally, use either + * Thanos sidecar + querier for query federation and Thanos Ruler for rules. + * Remote-write to send metrics to a central location. + + By default, the sharding of targets is performed on: + * The `__address__` target's metadata label for PodMonitor, + ServiceMonitor and ScrapeConfig resources. + * The `__param_target__` label for Probe resources. + + Users can define their own sharding implementation by setting the + `__tmp_hash` label during the target discovery with relabeling + configuration (either in the monitoring resources or via scrape class). + + You can also disable sharding on a specific target by setting the + `__tmp_disable_sharding` label with relabeling configuration. When + the label value isn't empty, all Prometheus shards will scrape the target. + format: int32 + type: integer + storage: + description: storage defines the storage used by Prometheus. + properties: + disableMountSubPath: + description: 'disableMountSubPath deprecated: subPath usage will + be removed in a future release.' + type: boolean + emptyDir: + description: |- + emptyDir to be used by the StatefulSet. + If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral to be used by the StatefulSet. + This is a beta field in k8s 1.21 and GA in 1.15. + For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. + More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + Users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines the PVC spec to be used by the Prometheus StatefulSets. + The easiest way to use a volume that cannot be automatically provisioned + is to use a label selector alongside manually created PersistentVolumes. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: metadata defines EmbeddedMetadata contains metadata + relevant to an EmbeddedResource. + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations defines an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + type: object + labels: + additionalProperties: + type: string + description: |- + labels define the map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + name: + description: |- + name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/ + type: string + type: object + spec: + description: |- + spec defines the specification of the characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + Users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'status is deprecated: this field is never set.' + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the volume + in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller with + a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing the + volume but further resizing of\n\t\tvolume is needed + on the node.\n\t- NodeResizeInProgress:\n\t\tState set + when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState + set when resizing has failed in kubelet with a terminal + error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor + example: if expanding a PVC for more capacity - this + field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not set, + it means that no resize operation is in progress for + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion + capacity request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress and + if the actual volume capacity\nis equal or lower than + the requested capacity.\n\nA controller that receives + PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'Resizing'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "Resizing" that means the underlying + persistent volume is being resized. + type: string + status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required + type: string + type: + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as\n the specified VolumeAttributesClass not existing.\n + - InProgress\n InProgress indicates that the volume + is being modified.\n - Infeasible\n Infeasible + indicates that the request has been rejected as + invalid by the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be specified.\nNote: + New statuses can be added in the future. Consumers + should check for unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: 'tag is deprecated: use ''spec.image'' instead. The image''s + tag can be specified as part of the image name.' + type: string + targetLimit: + description: |- + targetLimit defines a limit on the number of scraped targets that will be accepted. + Only valid in Prometheus versions 2.45.0 and newer. + + Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit. + format: int64 + type: integer + terminationGracePeriodSeconds: + description: |- + terminationGracePeriodSeconds defines the optional duration in seconds the pod needs to terminate gracefully. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down) which may lead to data corruption. + + Defaults to 600 seconds. + format: int64 + minimum: 0 + type: integer + thanos: + description: thanos defines the configuration of the optional Thanos + sidecar. + properties: + additionalArgs: + description: |- + additionalArgs allows setting additional arguments for the Thanos container. + The arguments are passed as-is to the Thanos container which may cause issues + if they are invalid or not supported the given Thanos version. + In case of an argument conflict (e.g. an argument which is already set by the + operator itself) or when providing an invalid argument, the reconciliation will + fail and an error will be logged. + items: + description: Argument as part of the AdditionalArgs list. + properties: + name: + description: name of the argument, e.g. "scrape.discovery-reload-interval". + minLength: 1 + type: string + value: + description: value defines the argument value, e.g. 30s. + Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile) + type: string + required: + - name + type: object + type: array + baseImage: + description: 'baseImage is deprecated: use ''image'' instead.' + type: string + blockSize: + default: 2h + description: |- + blockSize controls the size of TSDB blocks produced by Prometheus. + The default value is 2h to match the upstream Prometheus defaults. + + WARNING: Changing the block duration can impact the performance and + efficiency of the entire Prometheus/Thanos stack due to how it interacts + with memory and Thanos compactors. It is recommended to keep this value + set to a multiple of 120 times your longest scrape or rule interval. For + example, 30s * 120 = 1h. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + getConfigInterval: + description: getConfigInterval defines how often to retrieve the + Prometheus configuration. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + getConfigTimeout: + description: getConfigTimeout defines the maximum time to wait + when retrieving the Prometheus configuration. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + grpcListenLocal: + description: |- + grpcListenLocal defines when true, the Thanos sidecar listens on the loopback interface instead + of the Pod IP's address for the gRPC endpoints. + + It has no effect if `listenLocal` is true. + type: boolean + grpcServerTlsConfig: + description: |- + grpcServerTlsConfig defines the TLS parameters for the gRPC server providing the StoreAPI. + + Note: Currently only the `minVersion`, `caFile`, `certFile`, and `keyFile` fields are supported. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: caFile defines the path to the CA cert in the + Prometheus container to use for the targets. + type: string + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: certFile defines the path to the client cert + file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keyFile: + description: keyFile defines the path to the client key file + in the Prometheus container for the targets. + type: string + keySecret: + description: keySecret defines the Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + httpListenLocal: + description: |- + httpListenLocal when true, the Thanos sidecar listens on the loopback interface instead + of the Pod IP's address for the HTTP endpoints. + + It has no effect if `listenLocal` is true. + type: boolean + image: + description: |- + image defines the container image name for Thanos. If specified, it takes precedence over + the `spec.thanos.baseImage`, `spec.thanos.tag` and `spec.thanos.sha` + fields. + + Specifying `spec.thanos.version` is still necessary to ensure the + Prometheus Operator knows which version of Thanos is being configured. + + If neither `spec.thanos.image` nor `spec.thanos.baseImage` are defined, + the operator will use the latest upstream version of Thanos available at + the time when the operator was released. + type: string + listenLocal: + description: 'listenLocal is deprecated: use `grpcListenLocal` + and `httpListenLocal` instead.' + type: boolean + logFormat: + description: logFormat for the Thanos sidecar. + enum: + - "" + - logfmt + - json + type: string + logLevel: + description: logLevel for the Thanos sidecar. + enum: + - "" + - debug + - info + - warn + - error + type: string + minTime: + description: |- + minTime defines the start of time range limit served by the Thanos sidecar's StoreAPI. + The field's value should be a constant time in RFC3339 format or a time + duration relative to current time, such as -1d or 2h45m. Valid duration + units are ms, s, m, h, d, w, y. + type: string + objectStorageConfig: + description: |- + objectStorageConfig defines the Thanos sidecar's configuration to upload TSDB blocks to object storage. + + More info: https://thanos.io/tip/thanos/storage.md/ + + objectStorageConfigFile takes precedence over this field. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + objectStorageConfigFile: + description: |- + objectStorageConfigFile defines the Thanos sidecar's configuration file to upload TSDB blocks to object storage. + + More info: https://thanos.io/tip/thanos/storage.md/ + + This field takes precedence over objectStorageConfig. + type: string + readyTimeout: + description: |- + readyTimeout defines the maximum time that the Thanos sidecar will wait for + Prometheus to start. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + resources: + description: resources defines the resources requests and limits + of the Thanos sidecar. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + sha: + description: 'sha is deprecated: use ''image'' instead. The image + digest can be specified as part of the image name.' + type: string + tag: + description: 'tag is deprecated: use ''image'' instead. The image''s + tag can be specified as as part of the image name.' + type: string + tracingConfig: + description: |- + tracingConfig defines the tracing configuration for the Thanos sidecar. + + `tracingConfigFile` takes precedence over this field. + + More info: https://thanos.io/tip/thanos/tracing.md/ + + This is an *experimental feature*, it may change in any upcoming release + in a breaking way. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tracingConfigFile: + description: |- + tracingConfigFile defines the tracing configuration file for the Thanos sidecar. + + This field takes precedence over `tracingConfig`. + + More info: https://thanos.io/tip/thanos/tracing.md/ + + This is an *experimental feature*, it may change in any upcoming release + in a breaking way. + type: string + version: + description: |- + version of Thanos being deployed. The operator uses this information + to generate the Prometheus StatefulSet + configuration files. + + If not specified, the operator assumes the latest upstream release of + Thanos available at the time when the version of the operator was + released. + type: string + volumeMounts: + description: |- + volumeMounts allows configuration of additional VolumeMounts for Thanos. + VolumeMounts specified will be appended to other VolumeMounts in the + 'thanos-sidecar' container. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + type: object + tolerations: + description: tolerations defines the Pods' tolerations if specified. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints defines the pod's topology + spread constraints if specified. + items: + properties: + additionalLabelSelectors: + description: additionalLabelSelectors Defines what Prometheus + Operator managed labels should be added to labelSelector on + the topologySpreadConstraint. + enum: + - OnResource + - OnShard + type: string + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + tracingConfig: + description: |- + tracingConfig defines tracing in Prometheus. + + This is an *experimental feature*, it may change in any upcoming release + in a breaking way. + properties: + clientType: + description: clientType defines the client used to export the + traces. Supported values are `HTTP` and `GRPC`. + enum: + - http + - grpc + - HTTP + - GRPC + type: string + compression: + description: compression key for supported compression types. + The only supported value is `Gzip`. + enum: + - gzip + - Gzip + type: string + endpoint: + description: endpoint to send the traces to. Should be provided + in format :. + minLength: 1 + type: string + headers: + additionalProperties: + type: string + description: headers defines the key-value pairs to be used as + headers associated with gRPC or HTTP requests. + type: object + insecure: + description: insecure if disabled, the client will use a secure + connection. + type: boolean + samplingFraction: + anyOf: + - type: integer + - type: string + description: samplingFraction defines the probability a given + trace will be sampled. Must be a float from 0 through 1. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + timeout: + description: timeout defines the maximum time the exporter will + wait for each batch export. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tlsConfig: + description: tlsConfig to use when sending traces. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: caFile defines the path to the CA cert in the + Prometheus container to use for the targets. + type: string + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: certFile defines the path to the client cert + file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keyFile: + description: keyFile defines the path to the client key file + in the Prometheus container for the targets. + type: string + keySecret: + description: keySecret defines the Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + required: + - endpoint + type: object + tsdb: + description: |- + tsdb defines the runtime reloadable configuration of the timeseries database(TSDB). + It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. + properties: + outOfOrderTimeWindow: + description: |- + outOfOrderTimeWindow defines how old an out-of-order/out-of-bounds sample can be with + respect to the TSDB max time. + + An out-of-order/out-of-bounds sample is ingested into the TSDB as long as + the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). + + This is an *experimental feature*, it may change in any upcoming release + in a breaking way. + + It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + updateStrategy: + description: |- + updateStrategy indicates the strategy that will be employed to update + Pods in the StatefulSet when a revision is made to statefulset's Pod + Template. + + The default strategy is RollingUpdate. + properties: + rollingUpdate: + description: rollingUpdate is used to communicate parameters when + type is RollingUpdate. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + maxUnavailable is the maximum number of pods that can be unavailable + during the update. The value can be an absolute number (ex: 5) or a + percentage of desired pods (ex: 10%). Absolute number is calculated from + percentage by rounding up. This can not be 0. Defaults to 1. This field + is alpha-level and is only honored by servers that enable the + MaxUnavailableStatefulSet feature. The field applies to all pods in the + range 0 to Replicas-1. That means if there is any unavailable pod in + the range 0 to Replicas-1, it will be counted towards MaxUnavailable. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + type indicates the type of the StatefulSetUpdateStrategy. + + Default is RollingUpdate. + enum: + - OnDelete + - RollingUpdate + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: rollingUpdate requires type to be RollingUpdate + rule: '!(self.type != ''RollingUpdate'' && has(self.rollingUpdate))' + version: + description: |- + version of Prometheus being deployed. The operator uses this information + to generate the Prometheus StatefulSet + configuration files. + + If not specified, the operator assumes the latest upstream version of + Prometheus available at the time when the version of the operator was + released. + type: string + volumeMounts: + description: |- + volumeMounts allows the configuration of additional VolumeMounts. + + VolumeMounts will be appended to other VolumeMounts in the 'prometheus' + container, that are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: |- + volumes allows the configuration of additional volumes on the output + StatefulSet definition. Volumes specified will be appended to other + volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree + awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers. + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name, namespace and uid + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + Users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. + properties: + endpoints: + description: endpoints is the endpoint name that details + Glusterfs topology. + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate + is on. + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podCertificate: + description: |- + Projects an auto-rotating credential bundle (private key and certificate + chain) that the pod can use either as a TLS client or server. + + Kubelet generates a private key and uses it to send a + PodCertificateRequest to the named signer. Once the signer approves the + request and issues a certificate chain, Kubelet writes the key and + certificate chain to the pod filesystem. The pod does not start until + certificates have been issued for each podCertificate projected volume + source in its spec. + + Kubelet will begin trying to rotate the certificate at the time indicated + by the signer using the PodCertificateRequest.Status.BeginRefreshAt + timestamp. + + Kubelet can write a single file, indicated by the credentialBundlePath + field, or separate files, indicated by the keyPath and + certificateChainPath fields. + + The credential bundle is a single file in PEM format. The first PEM + entry is the private key (in PKCS#8 format), and the remaining PEM + entries are the certificate chain issued by the signer (typically, + signers will return their certificate chain in leaf-to-root order). + + Prefer using the credential bundle format, since your application code + can read it atomically. If you use keyPath and certificateChainPath, + your application must make two separate file reads. If these coincide + with a certificate rotation, it is possible that the private key and leaf + certificate you read may not correspond to each other. Your application + will need to check for this condition, and re-read until they are + consistent. + + The named signer controls chooses the format of the certificate it + issues; consult the signer implementation's documentation to learn how to + use the certificates it issues. + properties: + certificateChainPath: + description: |- + Write the certificate chain at this path in the projected volume. + + Most applications should use credentialBundlePath. When using keyPath + and certificateChainPath, your application needs to check that the key + and leaf certificate are consistent, because it is possible to read the + files mid-rotation. + type: string + credentialBundlePath: + description: |- + Write the credential bundle at this path in the projected volume. + + The credential bundle is a single file that contains multiple PEM blocks. + The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private + key. + + The remaining blocks are CERTIFICATE blocks, containing the issued + certificate chain from the signer (leaf and any intermediates). + + Using credentialBundlePath lets your Pod's application code make a single + atomic read that retrieves a consistent key and certificate chain. If you + project them to separate files, your application code will need to + additionally check that the leaf certificate was issued to the key. + type: string + keyPath: + description: |- + Write the key at this path in the projected volume. + + Most applications should use credentialBundlePath. When using keyPath + and certificateChainPath, your application needs to check that the key + and leaf certificate are consistent, because it is possible to read the + files mid-rotation. + type: string + keyType: + description: |- + The type of keypair Kubelet will generate for the pod. + + Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384", + "ECDSAP521", and "ED25519". + type: string + maxExpirationSeconds: + description: |- + maxExpirationSeconds is the maximum lifetime permitted for the + certificate. + + Kubelet copies this value verbatim into the PodCertificateRequests it + generates for this projection. + + If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver + will reject values shorter than 3600 (1 hour). The maximum allowable + value is 7862400 (91 days). + + The signer implementation is then free to issue a certificate with any + lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 + seconds (1 hour). This constraint is enforced by kube-apiserver. + `kubernetes.io` signers will never issue certificates with a lifetime + longer than 24 hours. + format: int32 + type: integer + signerName: + description: Kubelet's generated CSRs will be + addressed to this signer. + type: string + userAnnotations: + additionalProperties: + type: string + description: |- + userAnnotations allow pod authors to pass additional information to + the signer implementation. Kubernetes does not restrict or validate this + metadata in any way. + + These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of + the PodCertificateRequest objects that Kubelet creates. + + Entries are subject to the same validation as object metadata annotations, + with the addition that all keys must be domain-prefixed. No restrictions + are placed on values, except an overall size limitation on the entire field. + + Signers should document the keys and values they support. Signers should + deny requests that contain keys they do not recognize. + type: object + required: + - keyType + - signerName + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + walCompression: + description: |- + walCompression defines the compression of the write-ahead log (WAL) using Snappy. + + WAL compression is enabled by default for Prometheus >= 2.20.0 + + Requires Prometheus v2.11.0 and above. + type: boolean + web: + description: web defines the configuration of the Prometheus web server. + properties: + httpConfig: + description: httpConfig defines HTTP parameters for web server. + properties: + headers: + description: headers defines a list of headers that can be + added to HTTP responses. + properties: + contentSecurityPolicy: + description: |- + contentSecurityPolicy defines the Content-Security-Policy header to HTTP responses. + Unset if blank. + type: string + strictTransportSecurity: + description: |- + strictTransportSecurity defines the Strict-Transport-Security header to HTTP responses. + Unset if blank. + Please make sure that you use this with care as this header might force + browsers to load Prometheus and the other applications hosted on the same + domain and subdomains over HTTPS. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + type: string + xContentTypeOptions: + description: |- + xContentTypeOptions defines the X-Content-Type-Options header to HTTP responses. + Unset if blank. Accepted value is nosniff. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + enum: + - "" + - NoSniff + type: string + xFrameOptions: + description: |- + xFrameOptions defines the X-Frame-Options header to HTTP responses. + Unset if blank. Accepted values are deny and sameorigin. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + enum: + - "" + - Deny + - SameOrigin + type: string + xXSSProtection: + description: |- + xXSSProtection defines the X-XSS-Protection header to all responses. + Unset if blank. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection + type: string + type: object + http2: + description: |- + http2 enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. + When TLSConfig is not configured, HTTP/2 will be disabled. + Whenever the value of the field changes, a rolling update will be triggered. + type: boolean + type: object + maxConnections: + description: |- + maxConnections defines the maximum number of simultaneous connections + A zero value means that Prometheus doesn't accept any incoming connection. + format: int32 + minimum: 0 + type: integer + pageTitle: + description: pageTitle defines the prometheus web page title. + type: string + tlsConfig: + description: tlsConfig defines the TLS parameters for HTTPS. + properties: + cert: + description: |- + cert defines the Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: |- + certFile defines the path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. + type: string + cipherSuites: + description: |- + cipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants + items: + type: string + type: array + client_ca: + description: |- + client_ca defines the Secret or ConfigMap containing the CA certificate for client certificate + authentication to the server. + + It is mutually exclusive with `clientCAFile`. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientAuthType: + description: |- + clientAuthType defines the server policy for client TLS authentication. + + For more detail on clientAuth options: + https://golang.org/pkg/crypto/tls/#ClientAuthType + type: string + clientCAFile: + description: |- + clientCAFile defines the path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. + type: string + curvePreferences: + description: |- + curvePreferences defines elliptic curves that will be used in an ECDHE handshake, in preference + order. + + Available curves are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#CurveID + items: + type: string + type: array + keyFile: + description: |- + keyFile defines the path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. + type: string + keySecret: + description: |- + keySecret defines the secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: maxVersion defines the Maximum TLS version that + is acceptable. + type: string + minVersion: + description: minVersion defines the minimum TLS version that + is acceptable. + type: string + preferServerCipherSuites: + description: |- + preferServerCipherSuites defines whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in + the order of elements in cipherSuites, is used. + type: boolean + type: object + type: object + type: object + status: + description: |- + status defines the most recent observed status of the Prometheus cluster. Read-only. + More info: + https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + availableReplicas: + description: |- + availableReplicas defines the total number of available pods (ready for at least minReadySeconds) + targeted by this Prometheus deployment. + format: int32 + type: integer + conditions: + description: conditions defines the current state of the Prometheus + deployment. + items: + description: |- + Condition represents the state of the resources associated with the + Prometheus, Alertmanager or ThanosRuler resource. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status property. + format: date-time + type: string + message: + description: message defines human-readable message indicating + details for the condition's last transition. + type: string + observedGeneration: + description: |- + observedGeneration defines the .metadata.generation that the + condition was set based upon. For instance, if `.metadata.generation` is + currently 12, but the `.status.conditions[].observedGeneration` is 9, the + condition is out of date with respect to the current state of the + instance. + format: int64 + type: integer + reason: + description: reason for the condition's last transition. + type: string + status: + description: status of the condition. + minLength: 1 + type: string + type: + description: type of the condition being reported. + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + paused: + description: |- + paused defines whether any actions on the underlying managed objects are + being performed. Only delete actions will be performed. + type: boolean + replicas: + description: |- + replicas defines the total number of non-terminated pods targeted by this Prometheus deployment + (their labels match the selector). + format: int32 + type: integer + selector: + description: selector used to match the pods targeted by this Prometheus + resource. + type: string + shardStatuses: + description: shardStatuses defines the list has one entry per shard. + Each entry provides a summary of the shard status. + items: + properties: + availableReplicas: + description: |- + availableReplicas defines the total number of available pods (ready for at least minReadySeconds) + targeted by this shard. + format: int32 + type: integer + replicas: + description: replicas defines the total number of pods targeted + by this shard. + format: int32 + type: integer + shardID: + description: shardID defines the identifier of the shard. + type: string + unavailableReplicas: + description: unavailableReplicas defines the Total number of + unavailable pods targeted by this shard. + format: int32 + type: integer + updatedReplicas: + description: |- + updatedReplicas defines the total number of non-terminated pods targeted by this shard + that have the desired spec. + format: int32 + type: integer + required: + - availableReplicas + - replicas + - shardID + - unavailableReplicas + - updatedReplicas + type: object + type: array + x-kubernetes-list-map-keys: + - shardID + x-kubernetes-list-type: map + shards: + description: shards defines the most recently observed number of shards. + format: int32 + type: integer + unavailableReplicas: + description: unavailableReplicas defines the total number of unavailable + pods targeted by this Prometheus deployment. + format: int32 + type: integer + updatedReplicas: + description: |- + updatedReplicas defines the total number of non-terminated pods targeted by this Prometheus deployment + that have the desired version spec. + format: int32 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.shards + statusReplicasPath: .status.shards + status: {} diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml new file mode 100644 index 0000000..57e00c3 --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml @@ -0,0 +1,267 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + operator.prometheus.io/version: 0.90.1 + name: prometheusrules.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: PrometheusRule + listKind: PrometheusRuleList + plural: prometheusrules + shortNames: + - promrule + singular: prometheusrule + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + The `PrometheusRule` custom resource definition (CRD) defines [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) and [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules to be evaluated by `Prometheus` or `ThanosRuler` objects. + + `Prometheus` and `ThanosRuler` objects select `PrometheusRule` objects using label and namespace selectors. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec defines the specification of desired alerting rule definitions + for Prometheus. + properties: + groups: + description: groups defines the content of Prometheus rule file + items: + description: RuleGroup is a list of sequentially evaluated recording + and alerting rules. + properties: + interval: + description: interval defines how often rules in the group are + evaluated. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + labels: + additionalProperties: + type: string + description: |- + labels define the labels to add or overwrite before storing the result for its rules. + The labels defined at the rule level take precedence. + + It requires Prometheus >= 3.0.0. + The field is ignored for Thanos Ruler. + type: object + limit: + description: |- + limit defines the number of alerts an alerting rule and series a recording + rule can produce. + Limit is supported starting with Prometheus >= 2.31 and Thanos Ruler >= 0.24. + type: integer + name: + description: name defines the name of the rule group. + minLength: 1 + type: string + partial_response_strategy: + description: |- + partial_response_strategy is only used by ThanosRuler and will + be ignored by Prometheus instances. + More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response + pattern: ^(?i)(abort|warn)?$ + type: string + query_offset: + description: |- + query_offset defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. + + It requires Prometheus >= v2.53.0. + It is not supported for ThanosRuler. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + rules: + description: rules defines the list of alerting and recording + rules. + items: + description: |- + Rule describes an alerting or recording rule + See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules) rule + properties: + alert: + description: |- + alert defines the name of the alert. Must be a valid label value. + Only one of `record` and `alert` must be set. + type: string + annotations: + additionalProperties: + type: string + description: |- + annotations defines annotations to add to each alert. + Only valid for alerting rules. + type: object + expr: + anyOf: + - type: integer + - type: string + description: expr defines the PromQL expression to evaluate. + x-kubernetes-int-or-string: true + for: + description: for defines how alerts are considered firing + once they have been returned for this long. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + keep_firing_for: + description: keep_firing_for defines how long an alert + will continue firing after the condition that triggered + it has cleared. + minLength: 1 + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + labels: + additionalProperties: + type: string + description: labels defines labels to add or overwrite. + type: object + record: + description: |- + record defines the name of the time series to output to. Must be a valid metric name. + Only one of `record` and `alert` must be set. + type: string + required: + - expr + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: |- + status defines the status subresource. It is under active development and is updated only when the + "StatusForConfigurationResources" feature gate is enabled. + + Most recent observed status of the PrometheusRule. Read-only. + More info: + https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + bindings: + description: bindings defines the list of workload resources (Prometheus, + PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration + resource. + items: + description: WorkloadBinding is a link between a configuration resource + and a workload resource. + properties: + conditions: + description: conditions defines the current state of the configuration + resource when bound to the referenced Workload object. + items: + description: ConfigResourceCondition describes the status + of configuration resources linked to Prometheus, PrometheusAgent, + Alertmanager or ThanosRuler. + properties: + lastTransitionTime: + description: lastTransitionTime defines the time of the + last update to the current status property. + format: date-time + type: string + message: + description: message defines the human-readable message + indicating details for the condition's last transition. + type: string + observedGeneration: + description: |- + observedGeneration defines the .metadata.generation that the + condition was set based upon. For instance, if `.metadata.generation` is + currently 12, but the `.status.conditions[].observedGeneration` is 9, the + condition is out of date with respect to the current state of the object. + format: int64 + type: integer + reason: + description: reason for the condition's last transition. + type: string + status: + description: status of the condition. + minLength: 1 + type: string + type: + description: |- + type of the condition being reported. + Currently, only "Accepted" is supported. + enum: + - Accepted + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + group: + description: group defines the group of the referenced resource. + enum: + - monitoring.coreos.com + type: string + name: + description: name defines the name of the referenced object. + minLength: 1 + type: string + namespace: + description: namespace defines the namespace of the referenced + object. + minLength: 1 + type: string + resource: + description: resource defines the type of resource being referenced + (e.g. Prometheus, PrometheusAgent, ThanosRuler or Alertmanager). + enum: + - prometheuses + - prometheusagents + - thanosrulers + - alertmanagers + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - name + - namespace + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml new file mode 100644 index 0000000..3a4ee80 --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml @@ -0,0 +1,12909 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + operator.prometheus.io/version: 0.90.1 + name: scrapeconfigs.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: ScrapeConfig + listKind: ScrapeConfigList + plural: scrapeconfigs + shortNames: + - scfg + singular: scrapeconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + ScrapeConfig defines a namespaced Prometheus scrape_config to be aggregated across + multiple namespaces into the Prometheus configuration. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec defines the specification of ScrapeConfigSpec. + properties: + authorization: + description: authorization defines the header to use on every scrape + request. + properties: + credentials: + description: credentials defines a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + azureSDConfigs: + description: azureSDConfigs defines a list of Azure service discovery + configurations. + items: + description: |- + AzureSDConfig allow retrieving scrape targets from Azure VMs. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config + properties: + authenticationMethod: + description: |- + authenticationMethod defines the authentication method, either `OAuth` or `ManagedIdentity` or `SDK`. + See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview + SDK authentication method uses environment variables by default. + See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication + enum: + - OAuth + - ManagedIdentity + - SDK + type: string + authorization: + description: |- + authorization defines the authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientID: + description: clientID defines client ID. Only required with + the OAuth authentication method. + minLength: 1 + type: string + clientSecret: + description: clientSecret defines client secret. Only required + with the OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + environment: + description: environment defines the Azure environment. + minLength: 1 + type: string + followRedirects: + description: followRedirects defines whether HTTP requests follow + HTTP 3xx redirects. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: oauth2 defines the configuration to use on every + scrape request. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + port defines the port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + resourceGroup: + description: |- + resourceGroup defines resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 + type: string + subscriptionID: + description: subscriptionID defines subscription ID. Always + required. + minLength: 1 + type: string + tenantID: + description: tenantID defines tenant ID. Only required with + the OAuth authentication method. + minLength: 1 + type: string + tlsConfig: + description: tlsConfig defies the TLS configuration applying + to the target HTTP endpoint. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + required: + - subscriptionID + type: object + type: array + basicAuth: + description: basicAuth defines information to use on every scrape + request. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bodySizeLimit: + description: |- + bodySizeLimit defines a per-scrape limit on the size of the uncompressed + response body that will be accepted by Prometheus. Targets responding with + a body larger than this many bytes will cause the scrape to fail. + + It requires Prometheus >= v2.28.0. + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string + consulSDConfigs: + description: consulSDConfigs defines a list of Consul service discovery + configurations. + items: + description: |- + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config + properties: + allowStale: + description: |- + allowStale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean + authorization: + description: |- + authorization defines the header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: datacenter defines the consul Datacenter name, + if not provided it will use the local Consul Agent Datacenter. + minLength: 1 + type: string + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + filter: + description: |- + filter defines the filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string + followRedirects: + description: followRedirects defines whether HTTP requests follow + HTTP 3xx redirects. + type: boolean + namespace: + description: |- + namespace are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + nodeMeta: + additionalProperties: + type: string + description: |- + nodeMeta defines the node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic + oauth2: + description: |- + oauth2 defines the optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + partition: + description: partition defines the admin Partitions are only + supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + pathPrefix defines the prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + scheme: + description: scheme defines the HTTP Scheme. + enum: + - http + - https + - HTTP + - HTTPS + type: string + server: + description: server defines the consul server address. A valid + string consisting of a hostname or IP followed by an optional + port number. + minLength: 1 + type: string + services: + description: services defines a list of services for which targets + are retrieved. If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + tagSeparator defines the string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + tags defines an optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set + tlsConfig: + description: tlsConfig defines the TLS configuration to connect + to the Consul API. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + tokenRef: + description: tokenRef defines the consul ACL TokenRef, if not + provided it will use the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - server + type: object + type: array + convertClassicHistogramsToNHCB: + description: |- + convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native histogram with custom buckets. + It requires Prometheus >= v3.0.0. + type: boolean + digitalOceanSDConfigs: + description: digitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. + items: + description: |- + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + properties: + authorization: + description: |- + authorization defines the header configuration to authenticate against the DigitalOcean API. + Cannot be set at the same time as `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + followRedirects: + description: followRedirects defines whether HTTP requests follow + HTTP 3xx redirects. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: oauth2 defines the configuration to use on every + scrape request. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: port defines the port to scrape metrics from. If + using the public IP address, this must + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tlsConfig: + description: tlsConfig defines the TLS configuration to connect + to the DigitalOcean API. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + type: object + type: array + dnsSDConfigs: + description: dnsSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: names defines a list of DNS domain names to be + queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + port defines the port to scrape metrics from. If using the public IP address, this must + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + type defines the type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string + required: + - names + type: object + type: array + dockerSDConfigs: + description: dockerSDConfigs defines a list of Docker service discovery + configurations. + items: + description: |- + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + properties: + authorization: + description: |- + authorization defines the header configuration to authenticate against the Docker daemon. + Cannot be set at the same time as `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: basicAuth defines information to use on every scrape + request. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + filters: + description: filters defines filters to limit the discovery + process to a subset of the available resources. + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: name of the Filter. + minLength: 1 + type: string + values: + description: values defines values to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: followRedirects defines whether HTTP requests follow + HTTP 3xx redirects. + type: boolean + host: + description: host defines the address of the docker daemon. + minLength: 1 + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string + hostNetworkingHost: + description: hostNetworkingHost defines the host to use if the + container is in host networking mode. + minLength: 1 + type: string + matchFirstNetwork: + description: |- + matchFirstNetwork defines whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: oauth2 defines the configuration to use on every + scrape request. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: port defines the port to scrape metrics from. If + using the public IP address, this must + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tlsConfig: + description: tlsConfig defines the TLS configuration to connect + to the Docker daemon. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + required: + - host + type: object + type: array + dockerSwarmSDConfigs: + description: dockerSwarmSDConfigs defines a list of Dockerswarm service + discovery configurations. + items: + description: |- + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + properties: + authorization: + description: |- + authorization defines the header configuration to authenticate against the Docker Swarm API. + Cannot be set at the same time as `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: basicAuth defines information to use on every scrape + request. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + filters: + description: |- + filters defines the filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: name of the Filter. + minLength: 1 + type: string + values: + description: values defines values to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: followRedirects defines whether HTTP requests follow + HTTP 3xx redirects. + type: boolean + host: + description: host defines the address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + port defines the port to scrape metrics from. If using the public IP address, this must + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: tlsConfig defines the TLS configuration to connect + to the Docker Swarm daemon. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: ec2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: accessKey defines the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + enableHTTP2 defines whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: name of the Filter. + minLength: 1 + type: string + values: + description: values defines values to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + followRedirects defines whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + port: + description: |- + port defines the port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: region defines the AWS region. + minLength: 1 + type: string + roleARN: + description: roleARN defines an alternative to using AWS API + keys. + minLength: 1 + type: string + secretKey: + description: secretKey defines the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to connect to the EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + enableCompression when false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: eurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: |- + authorization defines the header configuration to authenticate against the Eureka server. + Cannot be set at the same time as `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: basicAuth defines the BasicAuth information to + use on every scrape request. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + followRedirects: + description: followRedirects defines whether HTTP requests follow + HTTP 3xx redirects. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: oauth2 defines the configuration to use on every + scrape request. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + server: + description: server defines the URL to connect to the Eureka + server. + pattern: ^https?://.+$ + type: string + tlsConfig: + description: tlsConfig defines the TLS configuration to connect + to the Eureka server. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + required: + - server + type: object + type: array + fallbackScrapeProtocol: + description: |- + fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: fileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + files defines the list of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: gceSDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config + + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + filter defines the filter that can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + port defines the port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: project defines the Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: tagSeparator defines the tag separator is used + to separate the tags on concatenation + minLength: 1 + type: string + zone: + description: zone defines the zone of the scrape targets. If + you need multiple zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: hetznerSDConfigs defines a list of Hetzner service discovery + configurations. + items: + description: |- + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + properties: + authorization: + description: |- + authorization defines the header configuration to authenticate against the Hetzner API. + Cannot be set at the same time as `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: basicAuth defines information to use on every scrape + request. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + followRedirects: + description: followRedirects defines whether HTTP requests follow + HTTP 3xx redirects. + type: boolean + labelSelector: + description: |- + labelSelector defines the label selector used to filter the servers when fetching them from the API. + It requires Prometheus >= v3.5.0. + minLength: 1 + type: string + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: oauth2 defines the configuration to use on every + scrape request. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: port defines the port to scrape metrics from. If + using the public IP address, this must + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: role defines the Hetzner role of entities that + should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot + type: string + tlsConfig: + description: tlsConfig defines the TLS configuration to connect + to the Hetzner API. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + required: + - role + type: object + type: array + honorLabels: + description: |- + honorLabels defines when true the metric's labels when they collide + with the target's labels. + type: boolean + honorTimestamps: + description: |- + honorTimestamps defines whether Prometheus preserves the timestamps + when exposed by the target. + type: boolean + httpSDConfigs: + description: httpSDConfigs defines a list of HTTP service discovery + configurations. + items: + description: |- + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + properties: + authorization: + description: |- + authorization defines the authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines information to use on every scrape request. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + followRedirects: + description: followRedirects defines whether HTTP requests follow + HTTP 3xx redirects. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tlsConfig: + description: tlsConfig defines the TLS configuration applying + to the target HTTP endpoint. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + url: + description: url defines the URL from which the targets are + fetched. + pattern: ^https?://.+$ + type: string + required: + - url + type: object + type: array + ionosSDConfigs: + description: ionosSDConfigs defines a list of IONOS service discovery + configurations. + items: + description: |- + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config + properties: + authorization: + description: |- + authorization defines the header configuration to authenticate against the IONOS API. + Cannot be set at the same time as `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + datacenterID: + description: datacenterID defines the unique ID of the IONOS + data center. + minLength: 1 + type: string + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + followRedirects: + description: followRedirects defines whether HTTP requests follow + HTTP 3xx redirects. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: oauth2 defines the configuration to use on every + scrape request. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: port defines the port to scrape metrics from. If + using the public IP address, this must + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tlsConfig: + description: tlsConfig defines the TLS configuration to connect + to the IONOS API. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + required: + - authorization + - datacenterID + type: object + type: array + jobName: + description: |- + jobName defines the value of the `job` label assigned to the scraped metrics by default. + + The `job_name` field in the rendered scrape configuration is always controlled by the + operator to prevent duplicate job names, which Prometheus does not allow. Instead the + `job` label is set by means of relabeling configs. + minLength: 1 + type: string + keepDroppedTargets: + description: |- + keepDroppedTargets defines the per-scrape limit on the number of targets dropped by relabeling + that will be kept in memory. 0 means no limit. + + It requires Prometheus >= v2.47.0. + format: int64 + type: integer + kubernetesSDConfigs: + description: kubernetesSDConfigs defines a list of Kubernetes service + discovery configurations. + items: + description: |- + KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config + properties: + apiServer: + description: |- + apiServer defines the API server address consisting of a hostname or IP address followed + by an optional port number. + If left empty, Prometheus is assumed to run inside + of the cluster. It will discover API servers automatically and use the pod's + CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + minLength: 1 + type: string + attachMetadata: + description: |- + attachMetadata defines the metadata to attach to discovered targets. + It requires Prometheus >= v2.35.0 when using the `Pod` role and + Prometheus >= v2.37.0 for `Endpoints` and `Endpointslice` roles. + properties: + node: + description: |- + node attaches node metadata to discovered targets. + When set to true, Prometheus must have the `get` permission on the + `Nodes` objects. + Only valid for Pod, Endpoint and Endpointslice roles. + type: boolean + type: object + authorization: + description: |- + authorization defines the authorization header to use on every scrape request. + Cannot be set at the same time as `basicAuth`, or `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines information to use on every scrape request. + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + followRedirects: + description: followRedirects defines whether HTTP requests follow + HTTP 3xx redirects. + type: boolean + namespaces: + description: namespaces defines the namespace discovery. If + omitted, Prometheus discovers targets across all namespaces. + properties: + names: + description: |- + names defines a list of namespaces where to watch for resources. + If empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces. + items: + type: string + type: array + x-kubernetes-list-type: set + ownNamespace: + description: ownNamespace includes the namespace in which + the Prometheus pod runs to the list of watched namespaces. + type: boolean + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + role: + description: |- + role defines the Kubernetes role of the entities that should be discovered. + Role `Endpointslice` requires Prometheus >= v2.21.0 + enum: + - Pod + - Endpoints + - Ingress + - Service + - Node + - EndpointSlice + type: string + selectors: + description: |- + selectors defines the selector to select objects. + It requires Prometheus >= v2.17.0 + items: + description: K8SSelectorConfig is Kubernetes Selector Config + properties: + field: + description: |- + field defines an optional field selector to limit the service discovery to resources which have fields with specific values. + e.g: `metadata.name=foobar` + minLength: 1 + type: string + label: + description: |- + label defines an optional label selector to limit the service discovery to resources with specific labels and label values. + e.g: `node.kubernetes.io/instance-type=master` + minLength: 1 + type: string + role: + description: |- + role defines the type of Kubernetes resource to limit the service discovery to. + Accepted values are: Node, Pod, Endpoints, EndpointSlice, Service, Ingress. + enum: + - Pod + - Endpoints + - Ingress + - Service + - Node + - EndpointSlice + type: string + required: + - role + type: object + type: array + x-kubernetes-list-map-keys: + - role + x-kubernetes-list-type: map + tlsConfig: + description: tlsConfig defines the TLS configuration to connect + to the Kubernetes API. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + required: + - role + type: object + type: array + kumaSDConfigs: + description: kumaSDConfigs defines a list of Kuma service discovery + configurations. + items: + description: |- + KumaSDConfig allow retrieving scrape targets from Kuma's control plane. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config + properties: + authorization: + description: |- + authorization defines the header configuration to authenticate against the Kuma control plane. + Cannot be set at the same time as `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: basicAuth defines information to use on every scrape + request. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientID: + description: |- + clientID is used by Kuma Control Plane to compute Monitoring Assignment for specific Prometheus backend. + It requires Prometheus >= v2.50.0. + minLength: 1 + type: string + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + fetchTimeout: + description: fetchTimeout defines the time after which the monitoring + assignments are refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + followRedirects: + description: followRedirects defines whether HTTP requests follow + HTTP 3xx redirects. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: oauth2 defines the configuration to use on every + scrape request. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + server: + description: server defines the address of the Kuma Control + Plane's MADS xDS server. + pattern: ^https?://.+$ + type: string + tlsConfig: + description: tlsConfig defines the TLS configuration to connect + to the Kuma control plane. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + required: + - server + type: object + type: array + labelLimit: + description: |- + labelLimit defines the per-scrape limit on number of labels that will be accepted for a sample. + Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: |- + labelNameLengthLimit defines the per-scrape limit on length of labels name that will be accepted for a sample. + Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: |- + labelValueLengthLimit defines the per-scrape limit on length of labels value that will be accepted for a sample. + Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + lightSailSDConfigs: + description: lightSailSDConfigs defines a list of Lightsail service + discovery configurations. + items: + description: |- + LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config + properties: + accessKey: + description: accessKey defines the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authorization: + description: |- + authorization defines the header configuration to authenticate against the Lightsail API. + Cannot be set at the same time as `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines information to use on every scrape request. + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + endpoint: + description: endpoint defines the custom endpoint to be used. + minLength: 1 + type: string + followRedirects: + description: followRedirects defines whether HTTP requests follow + HTTP 3xx redirects. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: port defines the port to scrape metrics from. If + using the public IP address, this must + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: region defines the AWS region. + minLength: 1 + type: string + roleARN: + description: roleARN defines the AWS Role ARN, an alternative + to using AWS API keys. + type: string + secretKey: + description: secretKey defines the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: tlsConfig defines the TLS configuration to connect + to the Lightsail API. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + type: object + type: array + linodeSDConfigs: + description: linodeSDConfigs defines a list of Linode service discovery + configurations. + items: + description: |- + LinodeSDConfig configurations allow retrieving scrape targets from Linode's Linode APIv4. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config + properties: + authorization: + description: |- + authorization defines the header configuration to authenticate against the Linode API. + Cannot be set at the same time as `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + followRedirects: + description: followRedirects defines whether HTTP requests follow + HTTP 3xx redirects. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: port defines the port to scrape metrics from. If + using the public IP address, this must + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: region defines the region to filter on. + minLength: 1 + type: string + tagSeparator: + description: tagSeparator defines the string by which Linode + Instance tags are joined into the tag label.el. + minLength: 1 + type: string + tlsConfig: + description: tlsConfig defines the TLS configuration to connect + to the Linode API. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + type: object + type: array + metricRelabelings: + description: metricRelabelings defines the metricRelabelings to apply + to samples before ingestion. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression against which + the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + minItems: 1 + type: array + metricsPath: + description: metricsPath defines the HTTP path to scrape for metrics. + If empty, Prometheus uses the default value (e.g. /metrics). + minLength: 1 + type: string + nameEscapingScheme: + description: |- + nameEscapingScheme defines the metric name escaping mode to request through content negotiation. + + It requires Prometheus >= v3.4.0. + enum: + - AllowUTF8 + - Underscores + - Dots + - Values + type: string + nameValidationScheme: + description: |- + nameValidationScheme defines the validation scheme for metric and label names. + + It requires Prometheus >= v3.0.0. + enum: + - UTF8 + - Legacy + type: string + nativeHistogramBucketLimit: + description: |- + nativeHistogramBucketLimit defines ff there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + nativeHistogramMinBucketFactor defines if the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + nomadSDConfigs: + description: nomadSDConfigs defines a list of Nomad service discovery + configurations. + items: + description: |- + NomadSDConfig configurations allow retrieving scrape targets from Nomad's Service API. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#nomad_sd_config + properties: + allowStale: + description: |- + allowStale defines the information to access the Nomad API. It is to be defined + as the Nomad documentation requires. + type: boolean + authorization: + description: |- + authorization defines the header configuration to authenticate against the Nomad API. + Cannot be set at the same time as `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: basicAuth defines information to use on every scrape + request. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + followRedirects: + description: followRedirects defines whether HTTP requests follow + HTTP 3xx redirects. + type: boolean + namespace: + description: |- + namespace defines the Nomad namespace to query for service discovery. + When specified, only resources within this namespace will be discovered. + type: string + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: oauth2 defines the configuration to use on every + scrape request. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: |- + region defines the Nomad region to query for service discovery. + When specified, only resources within this region will be discovered. + type: string + server: + description: |- + server defines the Nomad server address to connect to for service discovery. + This should be the full URL including protocol (e.g., "https://nomad.example.com:4646"). + pattern: ^https?://.+$ + type: string + tagSeparator: + description: |- + tagSeparator defines the separator used to join multiple tags. + This determines how Nomad service tags are concatenated into Prometheus labels. + type: string + tlsConfig: + description: tlsConfig defines the TLS configuration to connect + to the Nomad API. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + required: + - server + type: object + type: array + oauth2: + description: oauth2 defines the configuration to use on every scrape + request. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the token + request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + openstackSDConfigs: + description: openstackSDConfigs defines a list of OpenStack service + discovery configurations. + items: + description: |- + OpenStackSDConfig allow retrieving scrape targets from OpenStack Nova instances. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#openstack_sd_config + properties: + allTenants: + description: |- + allTenants defines whether the service discovery should list all instances for all projects. + It is only relevant for the 'instance' role and usually requires admin permissions. + type: boolean + applicationCredentialId: + description: applicationCredentialId defines the OpenStack applicationCredentialId. + type: string + applicationCredentialName: + description: |- + applicationCredentialName defines the ApplicationCredentialID or ApplicationCredentialName fields are + required if using an application credential to authenticate. Some providers + allow you to create an application credential to authenticate rather than a + password. + minLength: 1 + type: string + applicationCredentialSecret: + description: |- + applicationCredentialSecret defines the required field if using an application + credential to authenticate. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + availability: + description: availability defines the availability of the endpoint + to connect to. + enum: + - Public + - public + - Admin + - admin + - Internal + - internal + type: string + domainID: + description: domainID defines The OpenStack domainID. + minLength: 1 + type: string + domainName: + description: |- + domainName defines at most one of domainId and domainName that must be provided if using username + with Identity V3. Otherwise, either are optional. + minLength: 1 + type: string + identityEndpoint: + description: |- + identityEndpoint defines the HTTP endpoint that is required to work with + the Identity API of the appropriate version. + pattern: ^https?://.+$ + type: string + password: + description: |- + password defines the password for the Identity V2 and V3 APIs. Consult with your provider's + control panel to discover your account's preferred method of authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + port: + description: |- + port defines the port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + projectID: + description: projectID defines the OpenStack projectID. + minLength: 1 + type: string + projectName: + description: |- + projectName defines an optional field for the Identity V2 API. + Some providers allow you to specify a ProjectName instead of the ProjectId. + Some require both. Your provider's authentication policies will determine + how these fields influence authentication. + minLength: 1 + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: region defines the OpenStack Region. + minLength: 1 + type: string + role: + description: |- + role defines the OpenStack role of entities that should be discovered. + + Note: The `LoadBalancer` role requires Prometheus >= v3.2.0. + enum: + - Instance + - Hypervisor + - LoadBalancer + type: string + tlsConfig: + description: tlsConfig defines the TLS configuration applying + to the target HTTP endpoint. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + userid: + description: userid defines the OpenStack userid. + minLength: 1 + type: string + username: + description: |- + username defines the username required if using Identity V2 API. Consult with your provider's + control panel to discover your account's username. + In Identity V3, either userid or a combination of username + and domainId or domainName are needed + minLength: 1 + type: string + required: + - region + - role + type: object + type: array + ovhcloudSDConfigs: + description: ovhcloudSDConfigs defines a list of OVHcloud service + discovery configurations. + items: + description: |- + OVHCloudSDConfig configurations allow retrieving scrape targets from OVHcloud's dedicated servers and VPS using their API. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ovhcloud_sd_config + properties: + applicationKey: + description: |- + applicationKey defines the access key to use for OVHCloud API authentication. + This is obtained from the OVHCloud API credentials at https://api.ovh.com. + minLength: 1 + type: string + applicationSecret: + description: |- + applicationSecret defines the secret key for OVHCloud API authentication. + This contains the application secret obtained during OVHCloud API credential creation. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + consumerKey: + description: |- + consumerKey defines the consumer key for OVHCloud API authentication. + This is the third component of OVHCloud's three-key authentication system. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpoint: + description: |- + endpoint defines a custom API endpoint to be used. + When not specified, defaults to the standard OVHCloud API endpoint for the region. + minLength: 1 + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + service: + description: |- + service defines the service type of the targets to retrieve. + Must be either `VPS` or `DedicatedServer` to specify which OVHCloud resources to discover. + enum: + - VPS + - DedicatedServer + type: string + required: + - applicationKey + - applicationSecret + - consumerKey + - service + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: params defines optional HTTP URL parameters + type: object + x-kubernetes-map-type: atomic + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + puppetDBSDConfigs: + description: puppetDBSDConfigs defines a list of PuppetDB service + discovery configurations. + items: + description: |- + PuppetDBSDConfig configurations allow retrieving scrape targets from PuppetDB resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#puppetdb_sd_config + properties: + authorization: + description: |- + authorization defines the header configuration to authenticate against the PuppetDB API. + Cannot be set at the same time as `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines information to use on every scrape request. + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + followRedirects: + description: followRedirects defines whether HTTP requests follow + HTTP 3xx redirects. + type: boolean + includeParameters: + description: |- + includeParameters defines whether to include the parameters as meta labels. + Note: Enabling this exposes parameters in the Prometheus UI and API. Make sure + that you don't have secrets exposed as parameters if you enable this. + type: boolean + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: port defines the port to scrape metrics from. If + using the public IP address, this must + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + query: + description: |- + query defines the Puppet Query Language (PQL) query. Only resources are supported. + https://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html + minLength: 1 + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tlsConfig: + description: tlsConfig defines the TLS configuration to connect + to the PuppetDB server. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + url: + description: url defines the URL of the PuppetDB root query + endpoint. + pattern: ^https?://.+$ + type: string + required: + - query + - url + type: object + type: array + relabelings: + description: |- + relabelings defines how to rewrite the target's labels before scraping. + Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. + The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression against which + the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + minItems: 1 + type: array + sampleLimit: + description: sampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + scalewaySDConfigs: + description: scalewaySDConfigs defines a list of Scaleway instances + and baremetal service discovery configurations. + items: + description: |- + ScalewaySDConfig configurations allow retrieving scrape targets from Scaleway instances and baremetal services. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scaleway_sd_config + properties: + accessKey: + description: accessKey defines the access key to use. https://console.scaleway.com/project/credentials + minLength: 1 + type: string + apiURL: + description: apiURL defines the API URL to use when doing the + server listing requests. + pattern: ^https?://.+$ + type: string + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + followRedirects: + description: followRedirects defines whether HTTP requests follow + HTTP 3xx redirects. + type: boolean + nameFilter: + description: nameFilter defines a name filter (works as a LIKE) + to apply on the server listing request. + minLength: 1 + type: string + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + port: + description: port defines the port to scrape metrics from. If + using the public IP address, this must + format: int32 + maximum: 65535 + minimum: 0 + type: integer + projectID: + description: projectID defines the Project ID of the targets. + minLength: 1 + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + refreshInterval: + description: |- + refreshInterval defines the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: role defines the service of the targets to retrieve. + Must be `Instance` or `Baremetal`. + enum: + - Instance + - Baremetal + type: string + secretKey: + description: secretKey defines the secret key to use when listing + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tagsFilter: + description: tagsFilter defines a tag filter (a server needs + to have all defined tags to be listed) to apply on the server + listing request. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + tlsConfig: + description: tlsConfig defines the TLS configuration to connect + to the Scaleway API. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + zone: + description: zone defines the availability zone of your targets + (e.g. fr-par-1). + minLength: 1 + type: string + required: + - accessKey + - projectID + - role + - secretKey + type: object + type: array + scheme: + description: scheme defines the protocol scheme used for requests. + enum: + - http + - https + - HTTP + - HTTPS + type: string + scrapeClass: + description: scrapeClass defines the scrape class to apply. + minLength: 1 + type: string + scrapeClassicHistograms: + description: |- + scrapeClassicHistograms defines whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + + Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration. + type: boolean + scrapeInterval: + description: scrapeInterval defines the interval between consecutive + scrapes. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + scrapeNativeHistograms: + description: |- + scrapeNativeHistograms defines whether to enable scraping of native histograms. + It requires Prometheus >= v3.8.0. + type: boolean + scrapeProtocols: + description: |- + scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the + protocols supported by Prometheus in order of preference (from most to least preferred). + + If unset, Prometheus uses its default value. + + It requires Prometheus >= v2.49.0. + items: + description: |- + ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. + Supported values are: + * `OpenMetricsText0.0.1` + * `OpenMetricsText1.0.0` + * `PrometheusProto` + * `PrometheusText0.0.4` + * `PrometheusText1.0.0` + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + scrapeTimeout: + description: |- + scrapeTimeout defines the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + staticConfigs: + description: staticConfigs defines a list of static targets with a + common label set. + items: + description: |- + StaticConfig defines a Prometheus static configuration. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config + properties: + labels: + additionalProperties: + type: string + description: labels defines labels assigned to all metrics scraped + from the targets. + type: object + x-kubernetes-map-type: atomic + targets: + description: targets defines the list of targets for this static + configuration. + items: + description: Target represents a target for Prometheus to + scrape + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - targets + type: object + type: array + targetLimit: + description: targetLimit defines a limit on the number of scraped + targets that will be accepted. + format: int64 + type: integer + tlsConfig: + description: tlsConfig defines the TLS configuration to use on every + scrape request + properties: + ca: + description: ca defines the Certificate authority used when verifying + server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to present when + doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for the + targets. + type: string + type: object + trackTimestampsStaleness: + description: |- + trackTimestampsStaleness defines whether Prometheus tracks staleness of + the metrics that have an explicit timestamp present in scraped data. + Has no effect if `honorTimestamps` is false. + It requires Prometheus >= v2.48.0. + type: boolean + type: object + status: + description: |- + status defines the status subresource. It is under active development and is updated only when the + "StatusForConfigurationResources" feature gate is enabled. + + Most recent observed status of the ScrapeConfig. Read-only. + More info: + https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + bindings: + description: bindings defines the list of workload resources (Prometheus, + PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration + resource. + items: + description: WorkloadBinding is a link between a configuration resource + and a workload resource. + properties: + conditions: + description: conditions defines the current state of the configuration + resource when bound to the referenced Workload object. + items: + description: ConfigResourceCondition describes the status + of configuration resources linked to Prometheus, PrometheusAgent, + Alertmanager or ThanosRuler. + properties: + lastTransitionTime: + description: lastTransitionTime defines the time of the + last update to the current status property. + format: date-time + type: string + message: + description: message defines the human-readable message + indicating details for the condition's last transition. + type: string + observedGeneration: + description: |- + observedGeneration defines the .metadata.generation that the + condition was set based upon. For instance, if `.metadata.generation` is + currently 12, but the `.status.conditions[].observedGeneration` is 9, the + condition is out of date with respect to the current state of the object. + format: int64 + type: integer + reason: + description: reason for the condition's last transition. + type: string + status: + description: status of the condition. + minLength: 1 + type: string + type: + description: |- + type of the condition being reported. + Currently, only "Accepted" is supported. + enum: + - Accepted + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + group: + description: group defines the group of the referenced resource. + enum: + - monitoring.coreos.com + type: string + name: + description: name defines the name of the referenced object. + minLength: 1 + type: string + namespace: + description: namespace defines the namespace of the referenced + object. + minLength: 1 + type: string + resource: + description: resource defines the type of resource being referenced + (e.g. Prometheus, PrometheusAgent, ThanosRuler or Alertmanager). + enum: + - prometheuses + - prometheusagents + - thanosrulers + - alertmanagers + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - name + - namespace + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml new file mode 100644 index 0000000..702988e --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml @@ -0,0 +1,1413 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + operator.prometheus.io/version: 0.90.1 + name: servicemonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: ServiceMonitor + listKind: ServiceMonitorList + plural: servicemonitors + shortNames: + - smon + singular: servicemonitor + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + The `ServiceMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of services. + Among other things, it allows to specify: + * The services to scrape via label selectors. + * The container ports to scrape. + * Authentication credentials to use. + * Target and metric relabeling. + + `Prometheus` and `PrometheusAgent` objects select `ServiceMonitor` objects using label and namespace selectors. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + spec defines the specification of desired Service selection for target discovery by + Prometheus. + properties: + attachMetadata: + description: |- + attachMetadata defines additional metadata which is added to the + discovered targets. + + It requires Prometheus >= v2.37.0. + properties: + node: + description: |- + node when set to true, Prometheus attaches node metadata to the discovered + targets. + + The Prometheus service account must have the `list` and `watch` + permissions on the `Nodes` objects. + type: boolean + type: object + bodySizeLimit: + description: |- + bodySizeLimit when defined, bodySizeLimit specifies a job level limit on the size + of uncompressed response body that will be accepted by Prometheus. + + It requires Prometheus >= v2.28.0. + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string + convertClassicHistogramsToNHCB: + description: |- + convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native histogram with custom buckets. + It requires Prometheus >= v3.0.0. + type: boolean + endpoints: + description: |- + endpoints defines the list of endpoints part of this ServiceMonitor. + Defines how to scrape metrics from Kubernetes [Endpoints](https://kubernetes.io/docs/concepts/services-networking/service/#endpoints) objects. + In most cases, an Endpoints object is backed by a Kubernetes [Service](https://kubernetes.io/docs/concepts/services-networking/service/) object with the same name and labels. + items: + description: |- + Endpoint defines an endpoint serving Prometheus metrics to be scraped by + Prometheus. + properties: + authorization: + description: |- + authorization configures the Authorization header credentials used by + the client. + + Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + basicAuth defines the Basic Authentication credentials used by the + client. + + Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenFile: + description: |- + bearerTokenFile defines the file to read bearer token for scraping the target. + + Deprecated: use `authorization` instead. + type: string + bearerTokenSecret: + description: |- + bearerTokenSecret defines a key of a Secret containing the bearer token + used by the client for authentication. The secret needs to be in the + same namespace as the custom resource and readable by the Prometheus + Operator. + + Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`. + + Deprecated: use `authorization` instead. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean + filterRunning: + description: |- + filterRunning when true, the pods which are not running (e.g. either in Failed or + Succeeded state) are dropped during the target discovery. + + If unset, the filtering is enabled. + + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase + type: boolean + followRedirects: + description: |- + followRedirects defines whether the client should follow HTTP 3xx + redirects. + type: boolean + honorLabels: + description: |- + honorLabels defines when true the metric's labels when they collide + with the target's labels. + type: boolean + honorTimestamps: + description: |- + honorTimestamps defines whether Prometheus preserves the timestamps + when exposed by the target. + type: boolean + interval: + description: |- + interval at which Prometheus scrapes the metrics from the target. + + If empty, Prometheus uses the global scrape interval. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + metricRelabelings: + description: |- + metricRelabelings defines the relabeling rules to apply to the + samples before ingestion. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression against + which the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + type: array + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 defines the OAuth2 settings used by the client. + + It requires Prometheus >= 2.27.0. + + Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + params: + additionalProperties: + items: + type: string + type: array + description: params define optional HTTP URL parameters. + type: object + path: + description: |- + path defines the HTTP path from which to scrape for metrics. + + If empty, Prometheus uses the default value (e.g. `/metrics`). + type: string + port: + description: |- + port defines the name of the Service port which this endpoint refers to. + + It takes precedence over `targetPort`. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + relabelings: + description: |- + relabelings defines the relabeling rules to apply the target's + metadata labels. + + The Operator automatically adds relabelings for a few standard Kubernetes fields. + + The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression against + which the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: scheme defines the HTTP scheme to use when scraping + the metrics. + enum: + - http + - https + - HTTP + - HTTPS + type: string + scrapeTimeout: + description: |- + scrapeTimeout defines the timeout after which Prometheus considers the scrape to be failed. + + If empty, Prometheus uses the global scrape timeout unless it is less + than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: |- + targetPort defines the name or number of the target port of the `Pod` object behind the + Service. The port must be specified with the container's port property. + x-kubernetes-int-or-string: true + tlsConfig: + description: tlsConfig defines TLS configuration used by the + client. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: caFile defines the path to the CA cert in the + Prometheus container to use for the targets. + type: string + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: certFile defines the path to the client cert + file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keyFile: + description: keyFile defines the path to the client key + file in the Prometheus container for the targets. + type: string + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + trackTimestampsStaleness: + description: |- + trackTimestampsStaleness defines whether Prometheus tracks staleness of + the metrics that have an explicit timestamp present in scraped data. + Has no effect if `honorTimestamps` is false. + + It requires Prometheus >= v2.48.0. + type: boolean + type: object + type: array + fallbackScrapeProtocol: + description: |- + fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + jobLabel: + description: |- + jobLabel selects the label from the associated Kubernetes `Service` + object which will be used as the `job` label for all metrics. + + For example if `jobLabel` is set to `foo` and the Kubernetes `Service` + object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` + label to all ingested metrics. + + If the value of this field is empty or if the label doesn't exist for + the given Service, the `job` label of the metrics defaults to the name + of the associated Kubernetes `Service`. + type: string + keepDroppedTargets: + description: |- + keepDroppedTargets defines the per-scrape limit on the number of targets dropped by relabeling + that will be kept in memory. 0 means no limit. + + It requires Prometheus >= v2.47.0. + format: int64 + type: integer + labelLimit: + description: |- + labelLimit defines the per-scrape limit on number of labels that will be accepted for a sample. + + It requires Prometheus >= v2.27.0. + format: int64 + type: integer + labelNameLengthLimit: + description: |- + labelNameLengthLimit defines the per-scrape limit on length of labels name that will be accepted for a sample. + + It requires Prometheus >= v2.27.0. + format: int64 + type: integer + labelValueLengthLimit: + description: |- + labelValueLengthLimit defines the per-scrape limit on length of labels value that will be accepted for a sample. + + It requires Prometheus >= v2.27.0. + format: int64 + type: integer + namespaceSelector: + description: |- + namespaceSelector defines in which namespace(s) Prometheus should discover the services. + By default, the services are discovered in the same namespace as the `ServiceMonitor` object but it is possible to select pods across different/all namespaces. + properties: + any: + description: |- + any defines the boolean describing whether all namespaces are selected in contrast to a + list restricting them. + type: boolean + matchNames: + description: matchNames defines the list of namespace names to + select from. + items: + type: string + type: array + type: object + nativeHistogramBucketLimit: + description: |- + nativeHistogramBucketLimit defines ff there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + nativeHistogramMinBucketFactor defines if the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podTargetLabels: + description: |- + podTargetLabels defines the labels which are transferred from the + associated Kubernetes `Pod` object onto the ingested metrics. + items: + type: string + type: array + sampleLimit: + description: |- + sampleLimit defines a per-scrape limit on the number of scraped samples + that will be accepted. + format: int64 + type: integer + scrapeClass: + description: scrapeClass defines the scrape class to apply. + minLength: 1 + type: string + scrapeClassicHistograms: + description: |- + scrapeClassicHistograms defines whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + + Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration. + type: boolean + scrapeNativeHistograms: + description: |- + scrapeNativeHistograms defines whether to enable scraping of native histograms. + It requires Prometheus >= v3.8.0. + type: boolean + scrapeProtocols: + description: |- + scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the + protocols supported by Prometheus in order of preference (from most to least preferred). + + If unset, Prometheus uses its default value. + + It requires Prometheus >= v2.49.0. + items: + description: |- + ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. + Supported values are: + * `OpenMetricsText0.0.1` + * `OpenMetricsText1.0.0` + * `PrometheusProto` + * `PrometheusText0.0.4` + * `PrometheusText1.0.0` + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + type: array + x-kubernetes-list-type: set + selector: + description: selector defines the label selector to select the Kubernetes + `Endpoints` objects to scrape metrics from. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selectorMechanism: + description: |- + selectorMechanism defines the mechanism used to select the endpoints to scrape. + By default, the selection process relies on relabel configurations to filter the discovered targets. + Alternatively, you can opt in for role selectors, which may offer better efficiency in large clusters. + Which strategy is best for your use case needs to be carefully evaluated. + + It requires Prometheus >= v2.17.0. + enum: + - RelabelConfig + - RoleSelector + type: string + serviceDiscoveryRole: + description: |- + serviceDiscoveryRole defines the service discovery role used to discover targets. + + If set, the value should be either "Endpoints" or "EndpointSlice". + Otherwise it defaults to the value defined in the + Prometheus/PrometheusAgent resource. + enum: + - Endpoints + - EndpointSlice + type: string + targetLabels: + description: |- + targetLabels defines the labels which are transferred from the + associated Kubernetes `Service` object onto the ingested metrics. + items: + type: string + type: array + targetLimit: + description: |- + targetLimit defines a limit on the number of scraped targets that will + be accepted. + format: int64 + type: integer + required: + - endpoints + - selector + type: object + status: + description: |- + status defines the status subresource. It is under active development and is updated only when the + "StatusForConfigurationResources" feature gate is enabled. + + Most recent observed status of the ServiceMonitor. Read-only. + More info: + https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + bindings: + description: bindings defines the list of workload resources (Prometheus, + PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration + resource. + items: + description: WorkloadBinding is a link between a configuration resource + and a workload resource. + properties: + conditions: + description: conditions defines the current state of the configuration + resource when bound to the referenced Workload object. + items: + description: ConfigResourceCondition describes the status + of configuration resources linked to Prometheus, PrometheusAgent, + Alertmanager or ThanosRuler. + properties: + lastTransitionTime: + description: lastTransitionTime defines the time of the + last update to the current status property. + format: date-time + type: string + message: + description: message defines the human-readable message + indicating details for the condition's last transition. + type: string + observedGeneration: + description: |- + observedGeneration defines the .metadata.generation that the + condition was set based upon. For instance, if `.metadata.generation` is + currently 12, but the `.status.conditions[].observedGeneration` is 9, the + condition is out of date with respect to the current state of the object. + format: int64 + type: integer + reason: + description: reason for the condition's last transition. + type: string + status: + description: status of the condition. + minLength: 1 + type: string + type: + description: |- + type of the condition being reported. + Currently, only "Accepted" is supported. + enum: + - Accepted + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + group: + description: group defines the group of the referenced resource. + enum: + - monitoring.coreos.com + type: string + name: + description: name defines the name of the referenced object. + minLength: 1 + type: string + namespace: + description: namespace defines the namespace of the referenced + object. + minLength: 1 + type: string + resource: + description: resource defines the type of resource being referenced + (e.g. Prometheus, PrometheusAgent, ThanosRuler or Alertmanager). + enum: + - prometheuses + - prometheusagents + - thanosrulers + - alertmanagers + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - name + - namespace + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml new file mode 100644 index 0000000..7c7a32b --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml @@ -0,0 +1,9754 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + operator.prometheus.io/version: 0.90.1 + name: thanosrulers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: ThanosRuler + listKind: ThanosRulerList + plural: thanosrulers + shortNames: + - ruler + singular: thanosruler + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Thanos Ruler + jsonPath: .spec.version + name: Version + type: string + - description: The number of desired replicas + jsonPath: .spec.replicas + name: Replicas + type: integer + - description: The number of ready replicas + jsonPath: .status.availableReplicas + name: Ready + type: integer + - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status + name: Reconciled + type: string + - jsonPath: .status.conditions[?(@.type == 'Available')].status + name: Available + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Whether the resource reconciliation is paused or not + jsonPath: .status.paused + name: Paused + priority: 1 + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: |- + The `ThanosRuler` custom resource definition (CRD) defines a desired [Thanos Ruler](https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md) setup to run in a Kubernetes cluster. + + A `ThanosRuler` instance requires at least one compatible Prometheus API endpoint (either Thanos Querier or Prometheus services). + + The resource defines via label and namespace selectors which `PrometheusRule` objects should be associated to the deployed Thanos Ruler instances. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + spec defines the specification of the desired behavior of the ThanosRuler cluster. More info: + https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + additionalArgs: + description: |- + additionalArgs defines how to add additional arguments for the ThanosRuler container. + It is intended for e.g. activating hidden flags which are not supported by + the dedicated configuration options yet. The arguments are passed as-is to the + ThanosRuler container which may cause issues if they are invalid or not supported + by the given ThanosRuler version. + In case of an argument conflict (e.g. an argument which is already set by the + operator itself) or when providing an invalid argument the reconciliation will + fail and an error will be logged. + items: + description: Argument as part of the AdditionalArgs list. + properties: + name: + description: name of the argument, e.g. "scrape.discovery-reload-interval". + minLength: 1 + type: string + value: + description: value defines the argument value, e.g. 30s. Can + be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile) + type: string + required: + - name + type: object + type: array + affinity: + description: affinity defines when specified, the pod's scheduling + constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and subtracting + "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + alertDropLabels: + description: |- + alertDropLabels defines the label names which should be dropped in Thanos Ruler + alerts. + + The replica label `thanos_ruler_replica` will always be dropped from the alerts. + items: + type: string + type: array + alertQueryUrl: + description: |- + alertQueryUrl defines how Thanos Ruler will set in the 'Source' field + of all alerts. + Maps to the '--alert.query-url' CLI arg. + type: string + alertRelabelConfigFile: + description: |- + alertRelabelConfigFile defines the path to the alert relabeling configuration file. + + Alert relabel configuration must have the form as specified in the + official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs + + The operator performs no validation of the configuration file. + + This field takes precedence over `alertRelabelConfig`. + type: string + alertRelabelConfigs: + description: |- + alertRelabelConfigs defines the alert relabeling in Thanos Ruler. + + Alert relabel configuration must have the form as specified in the + official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs + + The operator performs no validation of the configuration. + + `alertRelabelConfigFile` takes precedence over this field. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + alertmanagersConfig: + description: |- + alertmanagersConfig defines the list of Alertmanager endpoints to send alerts to. + + The configuration format is defined at https://thanos.io/tip/components/rule.md/#alertmanager. + + It requires Thanos >= v0.10.0. + + The operator performs no validation of the configuration. + + This field takes precedence over `alertmanagersUrl`. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + alertmanagersUrl: + description: |- + alertmanagersUrl defines the list of Alertmanager endpoints to send alerts to. + + For Thanos >= v0.10.0, it is recommended to use `alertmanagersConfig` instead. + + `alertmanagersConfig` takes precedence over this field. + items: + type: string + type: array + containers: + description: |- + containers allows injecting additional containers or modifying operator + generated containers. This can be used to allow adding an authentication + proxy to the Pods or to change the behavior of an operator generated + container. Containers described here modify an operator generated + container if they share the same name and modifications are done via a + strategic merge patch. + + The names of containers managed by the operator are: + * `thanos-ruler` + * `config-reloader` + + Overriding containers which are managed by the operator require careful + testing, especially when upgrading to a new version of the operator. + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps or Secrets + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies a command to execute in + the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents a duration that the container + should sleep. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies a command to execute in + the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents a duration that the container + should sleep. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + description: |- + StopSignal defines which signal will be sent to a container when it is being stopped. + If not specified, the default is defined by the container runtime in use. + StopSignal can only be set for Pods with a non-empty .spec.os.name + type: string + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This overrides the pod-level restart policy. When this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Additionally, setting the RestartPolicy as "Always" for the init container will + have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + restartPolicyRules: + description: |- + Represents a list of rules to be checked to determine if the + container should be restarted on exit. The rules are evaluated in + order. Once a rule matches a container exit condition, the remaining + rules are ignored. If no rule matches the container exit condition, + the Container-level restart policy determines the whether the container + is restarted or not. Constraints on the rules: + - At most 20 rules are allowed. + - Rules can have the same action. + - Identical rules are not forbidden in validations. + When rules are specified, container MUST set RestartPolicy explicitly + even it if matches the Pod's RestartPolicy. + items: + description: ContainerRestartRule describes how a container + exit is handled. + properties: + action: + description: |- + Specifies the action taken on a container exit if the requirements + are satisfied. The only possible value is "Restart" to restart the + container. + type: string + exitCodes: + description: Represents the exit codes to check on container + exits. + properties: + operator: + description: |- + Represents the relationship between the container exit code(s) and the + specified values. Possible values are: + - In: the requirement is satisfied if the container exit code is in the + set of specified values. + - NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + type: string + values: + description: |- + Specifies the set of values to check for container exit codes. + At most 255 elements are allowed. + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + type: object + required: + - action + type: object + type: array + x-kubernetes-list-type: atomic + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: dnsConfig defines Defines the DNS configuration for the + pods. + properties: + nameservers: + description: |- + nameservers defines the list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + options: + description: |- + options defines the list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. + properties: + name: + description: name is required and must be unique. + minLength: 1 + type: string + value: + description: value is optional. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + searches: + description: |- + searches defines the list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + type: object + dnsPolicy: + description: dnsPolicy defines the DNS policy for the pods. + enum: + - ClusterFirstWithHostNet + - ClusterFirst + - Default + - None + type: string + enableFeatures: + description: |- + enableFeatures defines how to setup Thanos Ruler feature flags. By default, no features are enabled. + + Enabling features which are disabled by default is entirely outside the + scope of what the maintainers will support and by doing so, you accept + that this behaviour may break at any time without notice. + + For more information see https://thanos.io/tip/components/rule.md/ + + It requires Thanos >= 0.39.0. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + enableServiceLinks: + description: enableServiceLinks defines whether information about + services should be injected into pod's environment variables + type: boolean + enforcedNamespaceLabel: + description: |- + enforcedNamespaceLabel enforces adding a namespace label of origin for each alert + and metric that is user created. The label value will always be the namespace of the object that is + being created. + type: string + evaluationInterval: + default: 15s + description: evaluationInterval defines the interval between consecutive + evaluations. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + excludedFromEnforcement: + description: |- + excludedFromEnforcement defines the list of references to PrometheusRule objects + to be excluded from enforcing a namespace label of origin. + Applies only if enforcedNamespaceLabel set to true. + items: + description: ObjectReference references a PodMonitor, ServiceMonitor, + Probe or PrometheusRule object. + properties: + group: + default: monitoring.coreos.com + description: group of the referent. When not specified, it defaults + to `monitoring.coreos.com` + enum: + - monitoring.coreos.com + type: string + name: + description: name of the referent. When not set, all resources + in the namespace are matched. + type: string + namespace: + description: |- + namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + minLength: 1 + type: string + resource: + description: resource of the referent. + enum: + - prometheusrules + - servicemonitors + - podmonitors + - probes + - scrapeconfigs + type: string + required: + - namespace + - resource + type: object + type: array + externalPrefix: + description: |- + externalPrefix defines the Thanos Ruler instances will be available under. This is + necessary to generate correct URLs. This is necessary if Thanos Ruler is not + served from root of a DNS name. + type: string + grpcServerTlsConfig: + description: |- + grpcServerTlsConfig defines the gRPC server from which Thanos Querier reads + recorded rule data. + + Note: Currently only the `minVersion`, `caFile`, `certFile`, and `keyFile` fields are supported. + properties: + ca: + description: ca defines the Certificate authority used when verifying + server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: caFile defines the path to the CA cert in the Prometheus + container to use for the targets. + type: string + cert: + description: cert defines the Client certificate to present when + doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: certFile defines the path to the client cert file + in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keyFile: + description: keyFile defines the path to the client key file in + the Prometheus container for the targets. + type: string + keySecret: + description: keySecret defines the Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for the + targets. + type: string + type: object + hostAliases: + description: hostAliases defines pods' hostAliases configuration + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: hostnames defines hostnames for the above IP address. + items: + type: string + type: array + ip: + description: ip defines the IP address of the host file entry. + type: string + required: + - hostnames + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostUsers: + description: |- + hostUsers supports the user space in Kubernetes. + + More info: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/ + + The feature requires at least Kubernetes 1.28 with the `UserNamespacesSupport` feature gate enabled. + Starting Kubernetes 1.33, the feature is enabled by default. + type: boolean + image: + description: image defines Thanos container image URL. + type: string + imagePullPolicy: + description: |- + imagePullPolicy defines for the 'thanos', 'init-config-reloader' and 'config-reloader' containers. + See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. + enum: + - "" + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: |- + imagePullSecrets defines an optional list of references to secrets in the same namespace + to use for pulling thanos images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + initContainers allows injecting initContainers to the Pod definition. + Those can be used to e.g. fetch secrets for injection into the + configuration from external sources. Any errors during the execution of + an initContainer will lead to a restart of the Pod. More info: + https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps or Secrets + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies a command to execute in + the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents a duration that the container + should sleep. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies a command to execute in + the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents a duration that the container + should sleep. + properties: + seconds: + description: Seconds is the number of seconds to + sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + description: |- + StopSignal defines which signal will be sent to a container when it is being stopped. + If not specified, the default is defined by the container runtime in use. + StopSignal can only be set for Pods with a non-empty .spec.os.name + type: string + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This overrides the pod-level restart policy. When this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Additionally, setting the RestartPolicy as "Always" for the init container will + have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + restartPolicyRules: + description: |- + Represents a list of rules to be checked to determine if the + container should be restarted on exit. The rules are evaluated in + order. Once a rule matches a container exit condition, the remaining + rules are ignored. If no rule matches the container exit condition, + the Container-level restart policy determines the whether the container + is restarted or not. Constraints on the rules: + - At most 20 rules are allowed. + - Rules can have the same action. + - Identical rules are not forbidden in validations. + When rules are specified, container MUST set RestartPolicy explicitly + even it if matches the Pod's RestartPolicy. + items: + description: ContainerRestartRule describes how a container + exit is handled. + properties: + action: + description: |- + Specifies the action taken on a container exit if the requirements + are satisfied. The only possible value is "Restart" to restart the + container. + type: string + exitCodes: + description: Represents the exit codes to check on container + exits. + properties: + operator: + description: |- + Represents the relationship between the container exit code(s) and the + specified values. Possible values are: + - In: the requirement is satisfied if the container exit code is in the + set of specified values. + - NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + type: string + values: + description: |- + Specifies the set of values to check for container exit codes. + At most 255 elements are allowed. + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + type: object + required: + - action + type: object + type: array + x-kubernetes-list-type: atomic + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies a command to execute in the + container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: |- + labels defines the external label pairs of the ThanosRuler resource. + + A default replica label `thanos_ruler_replica` will be always added as a + label with the value of the pod's name. + type: object + listenLocal: + description: |- + listenLocal defines the Thanos ruler listen on loopback, so that it + does not bind against the Pod IP. + type: boolean + logFormat: + description: logFormat for ThanosRuler to be configured with. + enum: + - "" + - logfmt + - json + type: string + logLevel: + description: logLevel for ThanosRuler to be configured with. + enum: + - "" + - debug + - info + - warn + - error + type: string + minReadySeconds: + description: |- + minReadySeconds defines the minimum number of seconds for which a newly created pod should be ready + without any of its container crashing for it to be considered available. + + If unset, pods will be considered available as soon as they are ready. + format: int32 + minimum: 0 + type: integer + nodeSelector: + additionalProperties: + type: string + description: nodeSelector defines which Nodes the Pods are scheduled + on. + type: object + objectStorageConfig: + description: |- + objectStorageConfig defines the configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage + + The operator performs no validation of the configuration. + + `objectStorageConfigFile` takes precedence over this field. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + objectStorageConfigFile: + description: |- + objectStorageConfigFile defines the path of the object storage configuration file. + + The configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage + + The operator performs no validation of the configuration file. + + This field takes precedence over `objectStorageConfig`. + type: string + paused: + description: |- + paused defines when a ThanosRuler deployment is paused, no actions except for deletion + will be performed on the underlying objects. + type: boolean + podManagementPolicy: + description: |- + podManagementPolicy defines the policy for creating/deleting pods when + scaling up and down. + + Unlike the default StatefulSet behavior, the default policy is + `Parallel` to avoid manual intervention in case a pod gets stuck during + a rollout. + + Note that updating this value implies the recreation of the StatefulSet + which incurs a service outage. + enum: + - OrderedReady + - Parallel + type: string + podMetadata: + description: |- + podMetadata defines labels and annotations which are propagated to the ThanosRuler pods. + + The following items are reserved and cannot be overridden: + * "app.kubernetes.io/name" label, set to "thanos-ruler". + * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". + * "app.kubernetes.io/instance" label, set to the name of the ThanosRuler instance. + * "thanos-ruler" label, set to the name of the ThanosRuler instance. + * "kubectl.kubernetes.io/default-container" annotation, set to "thanos-ruler". + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations defines an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + type: object + labels: + additionalProperties: + type: string + description: |- + labels define the map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + name: + description: |- + name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/ + type: string + type: object + portName: + default: web + description: |- + portName defines the port name used for the pods and governing service. + Defaults to `web`. + type: string + priorityClassName: + description: priorityClassName defines the priority class assigned + to the Pods + type: string + prometheusRulesExcludedFromEnforce: + description: |- + prometheusRulesExcludedFromEnforce defines a list of Prometheus rules to be excluded from enforcing + of adding namespace labels. Works only if enforcedNamespaceLabel set to true. + Make sure both ruleNamespace and ruleName are set for each pair + Deprecated: use excludedFromEnforcement instead. + items: + description: |- + PrometheusRuleExcludeConfig enables users to configure excluded + PrometheusRule names and their namespaces to be ignored while enforcing + namespace label for alerts and metrics. + properties: + ruleName: + description: ruleName defines the name of the excluded PrometheusRule + object. + type: string + ruleNamespace: + description: ruleNamespace defines the namespace of the excluded + PrometheusRule object. + type: string + required: + - ruleName + - ruleNamespace + type: object + type: array + queryConfig: + description: |- + queryConfig defines the list of Thanos Query endpoints from which to query metrics. + + The configuration format is defined at https://thanos.io/tip/components/rule.md/#query-api + + It requires Thanos >= v0.11.0. + + The operator performs no validation of the configuration. + + This field takes precedence over `queryEndpoints`. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + queryEndpoints: + description: |- + queryEndpoints defines the list of Thanos Query endpoints from which to query metrics. + + For Thanos >= v0.11.0, it is recommended to use `queryConfig` instead. + + `queryConfig` takes precedence over this field. + items: + type: string + type: array + remoteWrite: + description: |- + remoteWrite defines the list of remote write configurations. + + When the list isn't empty, the ruler is configured with stateless mode. + + It requires Thanos >= 0.24.0. + items: + description: |- + RemoteWriteSpec defines the configuration to write samples from Prometheus + to a remote endpoint. + properties: + authorization: + description: |- + authorization section for the URL. + + It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. + + Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`. + properties: + credentials: + description: credentials defines a key of a Secret in the + namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: credentialsFile defines the file to read a + secret from, mutually exclusive with `credentials`. + type: string + type: + description: |- + type defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + azureAd: + description: |- + azureAd for the URL. + + It requires Prometheus >= v2.45.0 or Thanos >= v0.31.0. + + Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`. + properties: + cloud: + description: cloud defines the Azure Cloud. Options are + 'AzurePublic', 'AzureChina', or 'AzureGovernment'. + enum: + - AzureChina + - AzureGovernment + - AzurePublic + type: string + managedIdentity: + description: |- + managedIdentity defines the Azure User-assigned Managed identity. + Cannot be set at the same time as `oauth`, `sdk` or `workloadIdentity`. + properties: + clientId: + description: |- + clientId defines the Azure User-assigned Managed identity. + + For Prometheus >= 3.5.0 and Thanos >= 0.40.0, this field is allowed to be empty to support system-assigned managed identities. + minLength: 1 + type: string + type: object + oauth: + description: |- + oauth defines the oauth config that is being used to authenticate. + Cannot be set at the same time as `managedIdentity`, `sdk` or `workloadIdentity`. + + It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0. + properties: + clientId: + description: clientId defines the clientId of the Azure + Active Directory application that is being used to + authenticate. + minLength: 1 + type: string + clientSecret: + description: clientSecret specifies a key of a Secret + containing the client secret of the Azure Active Directory + application that is being used to authenticate. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tenantId: + description: tenantId is the tenant ID of the Azure + Active Directory application that is being used to + authenticate. + minLength: 1 + pattern: ^[0-9a-zA-Z-.]+$ + type: string + required: + - clientId + - clientSecret + - tenantId + type: object + scope: + description: |- + scope is the custom OAuth 2.0 scope to request when acquiring tokens. + It requires Prometheus >= 3.9.0. Currently not supported by Thanos. + pattern: ^[\w\s:/.\\-]+$ + type: string + sdk: + description: |- + sdk defines the Azure SDK config that is being used to authenticate. + See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication + Cannot be set at the same time as `oauth`, `managedIdentity` or `workloadIdentity`. + + It requires Prometheus >= v2.52.0 or Thanos >= v0.36.0. + properties: + tenantId: + description: tenantId defines the tenant ID of the azure + active directory application that is being used to + authenticate. + pattern: ^[0-9a-zA-Z-.]+$ + type: string + type: object + workloadIdentity: + description: |- + workloadIdentity defines the Azure Workload Identity authentication. + Cannot be set at the same time as `oauth`, `managedIdentity`, or `sdk`. + + It requires Prometheus >= 3.7.0. Currently not supported by Thanos. + properties: + clientId: + description: clientId is the clientID of the Azure Active + Directory application. + minLength: 1 + type: string + tenantId: + description: tenantId is the tenant ID of the Azure + Active Directory application. + minLength: 1 + type: string + required: + - clientId + - tenantId + type: object + type: object + basicAuth: + description: |- + basicAuth configuration for the URL. + + Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. + properties: + password: + description: |- + password defines a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerToken: + description: |- + bearerToken is deprecated: this will be removed in a future release. + *Warning: this field shouldn't be used because the token value appears + in clear-text. Prefer using `authorization`.* + type: string + bearerTokenFile: + description: |- + bearerTokenFile defines the file from which to read bearer token for the URL. + + Deprecated: this will be removed in a future release. Prefer using `authorization`. + type: string + enableHTTP2: + description: enableHTTP2 defines whether to enable HTTP2. + type: boolean + followRedirects: + description: |- + followRedirects defines whether HTTP requests follow HTTP 3xx redirects. + + It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. + type: boolean + headers: + additionalProperties: + type: string + description: |- + headers defines the custom HTTP headers to be sent along with each remote write request. + Be aware that headers that are set by Prometheus itself can't be overwritten. + + It requires Prometheus >= v2.25.0 or Thanos >= v0.24.0. + type: object + messageVersion: + description: |- + messageVersion defines the Remote Write message's version to use when writing to the endpoint. + + `Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0. + `Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0. + + When `Version2.0` is selected, Prometheus will automatically be + configured to append the metadata of scraped metrics to the WAL. + + Before setting this field, consult with your remote storage provider + what message version it supports. + + It requires Prometheus >= v2.54.0 or Thanos >= v0.37.0. + enum: + - V1.0 + - V2.0 + type: string + metadataConfig: + description: |- + metadataConfig defines how to send a series metadata to the remote storage. + + When the field is empty, **no metadata** is sent. But when the field is + null, metadata is sent. + properties: + maxSamplesPerSend: + description: |- + maxSamplesPerSend defines the maximum number of metadata samples per send. + + It requires Prometheus >= v2.29.0. + format: int32 + minimum: -1 + type: integer + send: + description: send defines whether metric metadata is sent + to the remote storage or not. + type: boolean + sendInterval: + description: sendInterval defines how frequently metric + metadata is sent to the remote storage. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + name: + description: |- + name of the remote write queue, it must be unique if specified. The + name is used in metrics and logging in order to differentiate queues. + + It requires Prometheus >= v2.15.0 or Thanos >= 0.24.0. + type: string + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + oauth2: + description: |- + oauth2 configuration for the URL. + + It requires Prometheus >= v2.27.0 or Thanos >= v0.24.0. + + Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. + properties: + clientId: + description: |- + clientId defines a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + clientSecret defines a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + scopes: + description: scopes defines the OAuth2 scopes used for the + token request. + items: + type: string + type: array + tlsConfig: + description: |- + tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: ca defines the Certificate authority used + when verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: cert defines the Client certificate to + present when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing + data to use for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: insecureSkipVerify defines how to disable + target certificate validation. + type: boolean + keySecret: + description: keySecret defines the Secret containing + the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname + for the targets. + type: string + type: object + tokenUrl: + description: tokenUrl defines the URL to fetch the token + from. + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + proxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. + type: boolean + proxyUrl: + description: proxyUrl defines the HTTP proxy server to use. + pattern: ^(http|https|socks5)://.+$ + type: string + queueConfig: + description: queueConfig allows tuning of the remote write queue + parameters. + properties: + batchSendDeadline: + description: batchSendDeadline defines the maximum time + a sample will wait in buffer. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + capacity: + description: |- + capacity defines the number of samples to buffer per shard before we start + dropping them. + type: integer + maxBackoff: + description: maxBackoff defines the maximum retry delay. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + maxRetries: + description: maxRetries defines the maximum number of times + to retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: maxSamplesPerSend defines the maximum number + of samples per send. + type: integer + maxShards: + description: maxShards defines the maximum number of shards, + i.e. amount of concurrency. + type: integer + minBackoff: + description: minBackoff defines the initial retry delay. + Gets doubled for every retry. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + minShards: + description: minShards defines the minimum number of shards, + i.e. amount of concurrency. + type: integer + retryOnRateLimit: + description: |- + retryOnRateLimit defines the retry upon receiving a 429 status code from the remote-write storage. + + This is an *experimental feature*, it may change in any upcoming release + in a breaking way. + type: boolean + sampleAgeLimit: + description: |- + sampleAgeLimit drops samples older than the limit. + It requires Prometheus >= v2.50.0 or Thanos >= v0.32.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + remoteTimeout: + description: remoteTimeout defines the timeout for requests + to the remote write endpoint. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + roundRobinDNS: + description: "roundRobinDNS controls the DNS resolution behavior + for remote-write connections.\nWhen enabled:\n - The remote-write + mechanism will resolve the hostname via DNS.\n - It will + randomly select one of the resolved IP addresses and connect + to it.\n\nWhen disabled (default behavior):\n - The Go standard + library will handle hostname resolution.\n - It will attempt + connections to each resolved IP address sequentially.\n\nNote: + The connection timeout applies to the entire resolution and + connection process.\n\n\tIf disabled, the timeout is distributed + across all connection attempts.\n\nIt requires Prometheus + >= v3.1.0 or Thanos >= v0.38.0." + type: boolean + sendExemplars: + description: |- + sendExemplars enables sending of exemplars over remote write. Note that + exemplar-storage itself must be enabled using the `spec.enableFeatures` + option for exemplars to be scraped in the first place. + + It requires Prometheus >= v2.27.0 or Thanos >= v0.24.0. + type: boolean + sendNativeHistograms: + description: |- + sendNativeHistograms enables sending of native histograms, also known as sparse histograms + over remote write. + + It requires Prometheus >= v2.40.0 or Thanos >= v0.30.0. + type: boolean + sigv4: + description: |- + sigv4 defines the AWS's Signature Verification 4 for the URL. + + It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. + + Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`. + properties: + accessKey: + description: |- + accessKey defines the AWS API key. If not specified, the environment variable + `AWS_ACCESS_KEY_ID` is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: profile defines the named AWS profile used + to authenticate. + type: string + region: + description: region defines the AWS region. If blank, the + region from the default credentials chain used. + type: string + roleArn: + description: roleArn defines the named AWS profile used + to authenticate. + type: string + secretKey: + description: |- + secretKey defines the AWS API secret. If not specified, the environment + variable `AWS_SECRET_ACCESS_KEY` is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines the FIPS mode for the AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean + type: object + tlsConfig: + description: tlsConfig to use for the URL. + properties: + ca: + description: ca defines the Certificate authority used when + verifying server certificates. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: caFile defines the path to the CA cert in the + Prometheus container to use for the targets. + type: string + cert: + description: cert defines the Client certificate to present + when doing client-authentication. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: certFile defines the path to the client cert + file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: insecureSkipVerify defines how to disable target + certificate validation. + type: boolean + keyFile: + description: keyFile defines the path to the client key + file in the Prometheus container for the targets. + type: string + keySecret: + description: keySecret defines the Secret containing the + client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + maxVersion defines the maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + minVersion defines the minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: serverName is used to verify the hostname for + the targets. + type: string + type: object + url: + description: |- + url defines the URL of the endpoint to send samples to. + + It must use the HTTP or HTTPS scheme. + pattern: ^(http|https)://.+$ + type: string + writeRelabelConfigs: + description: writeRelabelConfigs defines the list of remote + write relabel configurations. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: regex defines the regular expression against + which the extracted value is matched. + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: separator defines the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + sourceLabels defines the source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name. + For Prometheus 3.x, a label name is valid if it contains UTF-8 characters. + For Prometheus 2.x, a label name is only valid if it contains ASCII characters, letters, numbers, as well as underscores. + type: string + type: array + targetLabel: + description: |- + targetLabel defines the label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + replicas: + description: replicas defines the number of thanos ruler instances + to deploy. + format: int32 + type: integer + resendDelay: + description: resendDelay defines the minimum amount of time to wait + before resending an alert to Alertmanager. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + resources: + description: |- + resources defines the resource requirements for single Pods. + If not provided, no requests/limits will be set + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This field depends on the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + retention: + default: 24h + description: |- + retention defines the time duration ThanosRuler shall retain data for. Default is '24h', and + must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds + seconds minutes hours days weeks years). + + The field has no effect when remote-write is configured since the Ruler + operates in stateless mode. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + routePrefix: + description: routePrefix defines the route prefix ThanosRuler registers + HTTP handlers for. This allows thanos UI to be served on a sub-path. + type: string + ruleConcurrentEval: + description: |- + ruleConcurrentEval defines how many rules can be evaluated concurrently. + It requires Thanos >= v0.37.0. + format: int32 + minimum: 1 + type: integer + ruleGracePeriod: + description: |- + ruleGracePeriod defines the minimum duration between alert and restored "for" state. + This is maintained only for alerts with configured "for" time greater than grace period. + It requires Thanos >= v0.30.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + ruleNamespaceSelector: + description: |- + ruleNamespaceSelector defines the namespaces to be selected for Rules discovery. If unspecified, only + the same namespace as the ThanosRuler object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + ruleOutageTolerance: + description: |- + ruleOutageTolerance defines the max time to tolerate prometheus outage for restoring "for" state of alert. + It requires Thanos >= v0.30.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + ruleQueryOffset: + description: |- + ruleQueryOffset defines the default rule group's query offset duration to use. + It requires Thanos >= v0.38.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + ruleSelector: + description: |- + ruleSelector defines the PrometheusRule objects to be selected for rule evaluation. An empty + label selector matches all objects. A null label selector matches no + objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + schedulerName: + description: schedulerName defines the scheduler to use for Pod scheduling. + If not specified, the default scheduler is used. + minLength: 1 + type: string + securityContext: + description: |- + securityContext defines the pod-level security attributes and common container settings. + This defaults to the default PodSecurityContext. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxChangePolicy: + description: |- + seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. + It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. + Valid values are "MountOption" and "Recursive". + + "Recursive" means relabeling of all files on all Pod volumes by the container runtime. + This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. + + "MountOption" mounts all eligible Pod volumes with `-o context` mount option. + This requires all Pods that share the same volume to use the same SELinux label. + It is not possible to share the same volume among privileged and unprivileged Pods. + Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes + whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their + CSIDriver instance. Other volumes are always re-labelled recursively. + "MountOption" value is allowed only when SELinuxMount feature gate is enabled. + + If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. + If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes + and "Recursive" for all other volumes. + + This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. + + All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. + Note that this field cannot be set when spec.os.name is windows. + type: string + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: |- + serviceAccountName defines the name of the ServiceAccount to use to run the + Thanos Ruler Pods. + type: string + serviceName: + description: |- + serviceName defines the name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the ThanosRuler resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `thanos-ruler-operated` for ThanosRuler resources. + When deploying multiple ThanosRuler resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string + storage: + description: storage defines the specification of how storage shall + be used. + properties: + disableMountSubPath: + description: 'disableMountSubPath deprecated: subPath usage will + be removed in a future release.' + type: boolean + emptyDir: + description: |- + emptyDir to be used by the StatefulSet. + If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral to be used by the StatefulSet. + This is a beta field in k8s 1.21 and GA in 1.15. + For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. + More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + Users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines the PVC spec to be used by the Prometheus StatefulSets. + The easiest way to use a volume that cannot be automatically provisioned + is to use a label selector alongside manually created PersistentVolumes. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: metadata defines EmbeddedMetadata contains metadata + relevant to an EmbeddedResource. + properties: + annotations: + additionalProperties: + type: string + description: |- + annotations defines an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + type: object + labels: + additionalProperties: + type: string + description: |- + labels define the map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + name: + description: |- + name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/ + type: string + type: object + spec: + description: |- + spec defines the specification of the characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + Users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'status is deprecated: this field is never set.' + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the volume + in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller with + a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing the + volume but further resizing of\n\t\tvolume is needed + on the node.\n\t- NodeResizeInProgress:\n\t\tState set + when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState + set when resizing has failed in kubelet with a terminal + error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor + example: if expanding a PVC for more capacity - this + field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not set, + it means that no resize operation is in progress for + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion + capacity request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress and + if the actual volume capacity\nis equal or lower than + the requested capacity.\n\nA controller that receives + PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'Resizing'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "Resizing" that means the underlying + persistent volume is being resized. + type: string + status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required + type: string + type: + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as\n the specified VolumeAttributesClass not existing.\n + - InProgress\n InProgress indicates that the volume + is being modified.\n - Infeasible\n Infeasible + indicates that the request has been rejected as + invalid by the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be specified.\nNote: + New statuses can be added in the future. Consumers + should check for unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + terminationGracePeriodSeconds: + description: |- + terminationGracePeriodSeconds defines the optional duration in seconds the pod needs to terminate gracefully. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down) which may lead to data corruption. + + Defaults to 120 seconds. + format: int64 + minimum: 0 + type: integer + tolerations: + description: tolerations defines when specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints defines the pod's topology + spread constraints. + items: + description: TopologySpreadConstraint specifies how to spread matching + pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + tracingConfig: + description: |- + tracingConfig defines the tracing configuration. + + The configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration + + This is an *experimental feature*, it may change in any upcoming release + in a breaking way. + + The operator performs no validation of the configuration. + + `tracingConfigFile` takes precedence over this field. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tracingConfigFile: + description: |- + tracingConfigFile defines the path of the tracing configuration file. + + The configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration + + This is an *experimental feature*, it may change in any upcoming release + in a breaking way. + + The operator performs no validation of the configuration file. + + This field takes precedence over `tracingConfig`. + type: string + updateStrategy: + description: |- + updateStrategy indicates the strategy that will be employed to update + Pods in the StatefulSet when a revision is made to statefulset's Pod + Template. + + The default strategy is RollingUpdate. + properties: + rollingUpdate: + description: rollingUpdate is used to communicate parameters when + type is RollingUpdate. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + maxUnavailable is the maximum number of pods that can be unavailable + during the update. The value can be an absolute number (ex: 5) or a + percentage of desired pods (ex: 10%). Absolute number is calculated from + percentage by rounding up. This can not be 0. Defaults to 1. This field + is alpha-level and is only honored by servers that enable the + MaxUnavailableStatefulSet feature. The field applies to all pods in the + range 0 to Replicas-1. That means if there is any unavailable pod in + the range 0 to Replicas-1, it will be counted towards MaxUnavailable. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + type indicates the type of the StatefulSetUpdateStrategy. + + Default is RollingUpdate. + enum: + - OnDelete + - RollingUpdate + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: rollingUpdate requires type to be RollingUpdate + rule: '!(self.type != ''RollingUpdate'' && has(self.rollingUpdate))' + version: + description: version of Thanos to be deployed. + type: string + volumeMounts: + description: |- + volumeMounts defines how the configuration of additional VolumeMounts on the output StatefulSet definition. + VolumeMounts specified will be appended to other VolumeMounts in the ruler container, + that are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: |- + volumes defines how configuration of additional volumes on the output StatefulSet definition. Volumes specified will + be appended to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree + awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers. + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name, namespace and uid + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + Users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. + properties: + endpoints: + description: endpoints is the endpoint name that details + Glusterfs topology. + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate + is on. + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podCertificate: + description: |- + Projects an auto-rotating credential bundle (private key and certificate + chain) that the pod can use either as a TLS client or server. + + Kubelet generates a private key and uses it to send a + PodCertificateRequest to the named signer. Once the signer approves the + request and issues a certificate chain, Kubelet writes the key and + certificate chain to the pod filesystem. The pod does not start until + certificates have been issued for each podCertificate projected volume + source in its spec. + + Kubelet will begin trying to rotate the certificate at the time indicated + by the signer using the PodCertificateRequest.Status.BeginRefreshAt + timestamp. + + Kubelet can write a single file, indicated by the credentialBundlePath + field, or separate files, indicated by the keyPath and + certificateChainPath fields. + + The credential bundle is a single file in PEM format. The first PEM + entry is the private key (in PKCS#8 format), and the remaining PEM + entries are the certificate chain issued by the signer (typically, + signers will return their certificate chain in leaf-to-root order). + + Prefer using the credential bundle format, since your application code + can read it atomically. If you use keyPath and certificateChainPath, + your application must make two separate file reads. If these coincide + with a certificate rotation, it is possible that the private key and leaf + certificate you read may not correspond to each other. Your application + will need to check for this condition, and re-read until they are + consistent. + + The named signer controls chooses the format of the certificate it + issues; consult the signer implementation's documentation to learn how to + use the certificates it issues. + properties: + certificateChainPath: + description: |- + Write the certificate chain at this path in the projected volume. + + Most applications should use credentialBundlePath. When using keyPath + and certificateChainPath, your application needs to check that the key + and leaf certificate are consistent, because it is possible to read the + files mid-rotation. + type: string + credentialBundlePath: + description: |- + Write the credential bundle at this path in the projected volume. + + The credential bundle is a single file that contains multiple PEM blocks. + The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private + key. + + The remaining blocks are CERTIFICATE blocks, containing the issued + certificate chain from the signer (leaf and any intermediates). + + Using credentialBundlePath lets your Pod's application code make a single + atomic read that retrieves a consistent key and certificate chain. If you + project them to separate files, your application code will need to + additionally check that the leaf certificate was issued to the key. + type: string + keyPath: + description: |- + Write the key at this path in the projected volume. + + Most applications should use credentialBundlePath. When using keyPath + and certificateChainPath, your application needs to check that the key + and leaf certificate are consistent, because it is possible to read the + files mid-rotation. + type: string + keyType: + description: |- + The type of keypair Kubelet will generate for the pod. + + Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384", + "ECDSAP521", and "ED25519". + type: string + maxExpirationSeconds: + description: |- + maxExpirationSeconds is the maximum lifetime permitted for the + certificate. + + Kubelet copies this value verbatim into the PodCertificateRequests it + generates for this projection. + + If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver + will reject values shorter than 3600 (1 hour). The maximum allowable + value is 7862400 (91 days). + + The signer implementation is then free to issue a certificate with any + lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 + seconds (1 hour). This constraint is enforced by kube-apiserver. + `kubernetes.io` signers will never issue certificates with a lifetime + longer than 24 hours. + format: int32 + type: integer + signerName: + description: Kubelet's generated CSRs will be + addressed to this signer. + type: string + userAnnotations: + additionalProperties: + type: string + description: |- + userAnnotations allow pod authors to pass additional information to + the signer implementation. Kubernetes does not restrict or validate this + metadata in any way. + + These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of + the PodCertificateRequest objects that Kubelet creates. + + Entries are subject to the same validation as object metadata annotations, + with the addition that all keys must be domain-prefixed. No restrictions + are placed on values, except an overall size limitation on the entire field. + + Signers should document the keys and values they support. Signers should + deny requests that contain keys they do not recognize. + type: object + required: + - keyType + - signerName + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + web: + description: web defines the configuration of the ThanosRuler web + server. + properties: + httpConfig: + description: httpConfig defines HTTP parameters for web server. + properties: + headers: + description: headers defines a list of headers that can be + added to HTTP responses. + properties: + contentSecurityPolicy: + description: |- + contentSecurityPolicy defines the Content-Security-Policy header to HTTP responses. + Unset if blank. + type: string + strictTransportSecurity: + description: |- + strictTransportSecurity defines the Strict-Transport-Security header to HTTP responses. + Unset if blank. + Please make sure that you use this with care as this header might force + browsers to load Prometheus and the other applications hosted on the same + domain and subdomains over HTTPS. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + type: string + xContentTypeOptions: + description: |- + xContentTypeOptions defines the X-Content-Type-Options header to HTTP responses. + Unset if blank. Accepted value is nosniff. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + enum: + - "" + - NoSniff + type: string + xFrameOptions: + description: |- + xFrameOptions defines the X-Frame-Options header to HTTP responses. + Unset if blank. Accepted values are deny and sameorigin. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + enum: + - "" + - Deny + - SameOrigin + type: string + xXSSProtection: + description: |- + xXSSProtection defines the X-XSS-Protection header to all responses. + Unset if blank. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection + type: string + type: object + http2: + description: |- + http2 enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. + When TLSConfig is not configured, HTTP/2 will be disabled. + Whenever the value of the field changes, a rolling update will be triggered. + type: boolean + type: object + tlsConfig: + description: tlsConfig defines the TLS parameters for HTTPS. + properties: + cert: + description: |- + cert defines the Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: |- + certFile defines the path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. + type: string + cipherSuites: + description: |- + cipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants + items: + type: string + type: array + client_ca: + description: |- + client_ca defines the Secret or ConfigMap containing the CA certificate for client certificate + authentication to the server. + + It is mutually exclusive with `clientCAFile`. + properties: + configMap: + description: configMap defines the ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: secret defines the Secret containing data + to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientAuthType: + description: |- + clientAuthType defines the server policy for client TLS authentication. + + For more detail on clientAuth options: + https://golang.org/pkg/crypto/tls/#ClientAuthType + type: string + clientCAFile: + description: |- + clientCAFile defines the path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. + type: string + curvePreferences: + description: |- + curvePreferences defines elliptic curves that will be used in an ECDHE handshake, in preference + order. + + Available curves are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#CurveID + items: + type: string + type: array + keyFile: + description: |- + keyFile defines the path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. + type: string + keySecret: + description: |- + keySecret defines the secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: maxVersion defines the Maximum TLS version that + is acceptable. + type: string + minVersion: + description: minVersion defines the minimum TLS version that + is acceptable. + type: string + preferServerCipherSuites: + description: |- + preferServerCipherSuites defines whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in + the order of elements in cipherSuites, is used. + type: boolean + type: object + type: object + type: object + status: + description: |- + status defines the most recent observed status of the ThanosRuler cluster. Read-only. + More info: + https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + availableReplicas: + description: |- + availableReplicas defines the total number of available pods (ready for at least minReadySeconds) + targeted by this ThanosRuler deployment. + format: int32 + type: integer + conditions: + description: conditions defines the current state of the ThanosRuler + object. + items: + description: |- + Condition represents the state of the resources associated with the + Prometheus, Alertmanager or ThanosRuler resource. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status property. + format: date-time + type: string + message: + description: message defines human-readable message indicating + details for the condition's last transition. + type: string + observedGeneration: + description: |- + observedGeneration defines the .metadata.generation that the + condition was set based upon. For instance, if `.metadata.generation` is + currently 12, but the `.status.conditions[].observedGeneration` is 9, the + condition is out of date with respect to the current state of the + instance. + format: int64 + type: integer + reason: + description: reason for the condition's last transition. + type: string + status: + description: status of the condition. + minLength: 1 + type: string + type: + description: type of the condition being reported. + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + paused: + description: |- + paused defines whether any actions on the underlying managed objects are + being performed. Only delete actions will be performed. + type: boolean + replicas: + description: |- + replicas defines the total number of non-terminated pods targeted by this ThanosRuler deployment + (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: unavailableReplicas defines the total number of unavailable + pods targeted by this ThanosRuler deployment. + format: int32 + type: integer + updatedReplicas: + description: |- + updatedReplicas defines the total number of non-terminated pods targeted by this ThanosRuler deployment + that have the desired version spec. + format: int32 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kube-prometheus-stack/charts/crds/files/crds.bz2 b/charts/kube-prometheus-stack/charts/crds/files/crds.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..615c2bf249e828308c91abb3fa23280477475ebf GIT binary patch literal 197482 zcmV(-K-|AVT4*^jL0KkKS-yzf!~wrRe}HvWRn>q0|NsC0|NsC0|Nmi_{`a3>Uw!X) zdpp)PcfIb{y1R?LpFH=WT3gnyvw5s~i@bYndvABUx864QefM;;edyml?|ET~6niUE zu%+rI_m24yBFQ-=*@dh?Qe0_ zef8gaU1s~Oy_vQ4b#q72xwkl0>$z;(WP2=Sr!Q-|=Pv2q*hunH5a(U%g?F)gYWH)8 zd$(=7-S1nw#`}HN5)?+idq9lSI&r254(4%?+P``Y%JpHAaT+M z-5aTwcB`(7YWUwTb?+$inr4)seOqdJWp8cYd#C{J>Tu8-EFBxZUwd}+J7=qAZ>1bM zae6+qbout)i`(9+)aH8o<8IEMYf`$=Q(bPpJzZwz$y2?@s^mSL^E=YCzyK<(vGtMl zp0!Tc19Cpx8#x{74QFn;nkd;@QlR9B#iOM=cW(4I&v$O%FfRGUwPd2JHc;ASRl$p{ zc8h!k0o)2Z$8$Usd0zHwoed_ty*Mtj?W5N9rB^I(w*ghyX+1Svv;w_4yT!UTIC>}t zsTX=O$+r2sVBk+*U>eXZsNZhf0@Yr*>**{M>+mx(buS?#0!S8O=DwdU^WwWD3 zz0EdqxecIb06NpGil`tB8dbK~05kvqErO^v`yF+)5Nbi|LV%G$-F0$?`{=!n$EL6X zDgcCz?BKrcQTIL7P^Jd;f;g99z#n&ZV_ue+2sd1FcV6AqF!1{IzE<4(8X6u_B?Y19r-P{iAJ=J3F z8T6Xgc#m!MTKTHm-PgYR#HgXKuFW3}?)x)sLPu6Gsf5z9xzp-YrBkJ(=RNlgcW{y*CO{xYff}aN^wUiZ0(ypo zXeX0NH(uh z2$Cek0Du6PfJ~YJ1k)y%DYVr+Jt}W1H>Q-)=q8?odI*sS5J098G!xXqN9t4b5j>5m zWHM=pHm9W1)HG?30BCr5Dar%fDF8+F0-xs}IH$@6P+Eyb)ES8^|Hc38=l(Ab9wScA zKmI?M?ud`Xh9C7u^Yg#cu0Yv3LLc-Z|9H{C-4tbKW0L3oO_)<+Jfom>=l%hUL-`-X ziMFbF6LkJK774kr1AY%KQ&$X$+37bCp^0`(M+cLu9FMSj zF}3u9i&==a$%b1fkPODjk~qXbgaevC^ng67CaKi~&IjSTkqhHQD1@IXXn=dbqbI~i zZOA9RQ6*L0o&N0{`AuK?^9qJi!#CQ$wf&c2nmdA?VCObRsXmFBo=%*)3ocBYxVM@c z#haO824?}oCUr46qpg4IhRYm>4WZhQBnU|oCq+<@7%`0uZ8gCOwfzt2R6ptTZl;?W zZ{?9D8GnsASa{{DdIfw)smFsOR)bn$nMoa+!VE%-HZ{{c2+U%*VMa+1lXaheQd&ir z9}=U{v3V6so~3o=LA)L5)SBuAUmll=`-X{jcPyUrlCC^so@9Z2M{{j$bl67|c`@vU zAR9T8D-j=NK9G>xX5 zG*o4&1n)?uKLSu5&}3K<8qq>jO-)qgA=wh#VZN3qRHS;b_D_LCk^TN!E|flVb4^DAqd7x%;T4%eobqcg+nwovJjK4^Kh(g5ttH;FH+?h%%P$( z5U3eTCrPW)4=1aHCZiuLEuIQSLrzT?1I&3+4>~FgZ5D&@d_33Xfw=u8(=+ z!S)_)#ta@%@3fv zvx5=!KD1H6;LFZ7J#}VI`Jh8+iv3`L)BzB}R>v<#iD~pet)P5#?~e|8pb0%tI-Nn1 z!WuH29UDAjGxNiT54>)Df$MvhK;s$CA^cmAAdMd?y3(pQq9qf`FfK@MM9whiFQD1| z9<-sy`MH!dCVlrp|;~3)boOi&2iNy5xvrh)j ze-|Lxc0yu4cYNA!Y=0=hAFxiG&(n3yu1<>uM8Z=KIF^Qp7s!y3HO;nonRSIAT(Mmc zBQ#=h3I$`-Jm6J^K*8z_L#RLx^pk=t3~aWZcx1T7e4M<=W_j|? z*z;NRV}`R^$9#F?&a&5SS)V?34~!VZ>}dT+Tc!uQ=!Tw#2dgRJ;KX)ujeyv4NVG)= z!3`$3zT>}hbAgWa<8*jZB)lPrX+HjmN()E&22j9_+RuwpzGd?jd5`5V&?C}^CTEU7BJk-pGL z1L&XJFn4F&aepy{o@d6leHZ8CPNCn(2gy(FPJLzKQ*Wbg78_$aPIFZdd(%Uu%OjZ& zFqoN!X8`u=(rY0kB#laBWCDokwF5AcX#8>;z4ZjAVM`siaS%rjKcY>^yG%;Oqs3YM1a8rS{ zj;M)`Jn;;~h@^c*1fKVC zF3IV!j9|}tEg3@#Fv;QGL6~UGP)J83j019iPwCNn8B=t!nGgnuk6{#OingBUnxYzE zawu?*WX1yCUJrB|L5E>Z{TJ5d!N9oXgt*w$G>1qj^RO0;?0gVC9%qi_$k4@OV;7GG z(jaa*X)S}g!VN~<%9Z&X?lh?^ar26aM(|WXk=WyzuEizND0Jy5RXK+G_TiRZwi?Xc zI9?fps34^sFgD7Ok{i4BErmSjOPL07T6nubMQ@WCNGj?5<)onb={2O|W6)_MYbs27^wrNMW0U zcc5IskeE=vu(=750{~429O*J-Kx@%Na9SKl#xb+$x@>E=%jr%}F8thU2Xb99krf}2 z$+Go3&4S}n&Jk#_QTypR&1A=~@6P*mm|ty0(zlwUE&}dN&4PmrZs>(ba5T*%cofpM|TwMwDT)R&3*g17O584tvnAtWe;Kadg9|FZxI}4^e*$ zIs)7fv&{YbPGfrFfwDm$Fqk0@^-x2+)CEa{f3bKkV75sR7JW!0mnJ_a9ebo1)Tx=5 zF5cZas7A4}DWD-rt0rHJAnNT^6i0Br$7UB8o(`TVCBzk}3!odthjDw1C%3s!m~ zxCH})3I~ylg&2cWQb@>tgWk*m#{u>^p!n!otUWhj7zxDv4oE=8C~XI*3RLt6I6LUx2y#eF6!IOR-~=%AEY9%J zv2sbZ$Qn3gaVf}BOn5_aq77p?{I@}jjzWqdkA#4{EqevCQ8P-Rg%ooV#X?3xq~pO@ zAbYvO50yo;`fqpK9X=-F;E)ridbN)1e|t>qRZQ1dE-inQY~vwQA;H(xF0&675^?s3}MSRiLm9fa3+ zZ93=S)pHogOrySV7ekPDFFx8;sjy~}Er0^h9%dWFZ@hCPIO7Uo6S(4d5hP4u!e~wu z7`y=&-O^f#QAj`Vjdqy8^9cDyh>U=9%m~;bluk0i7;7<&^4Z6~JG<##uVCPMh!I5W=+Vq^NAGQS;xWld zAYPn8*W||qfe0W&!K?K%$i3S0B!rn^wj{Q;B~X!9qPY^Xv>eMwjF)@51zG|8n!zp1 zNqQuxmUj;)RCYuzur|I#Le5Ibc{paug*tFoT({Y3qpPF=f1W$;XctVdI?1 zvYN{?@;yD*&)KN_;rl43PSS2=;{YrmcoM{o|lJ%{pU8Vf#26Ljg+rg^N9` zKK>|CkCKsikYKx6j!RJW1-e3M4?)oCAn-8WLm1gbK@Ff~(B%J)C@+hXkYYNtoB&Ob zAgR>g53(F@Lgpc8+H;GB^G-Cptlvl(k&`uU7twI$Fm=L5qCPAUEX8<&m{5m2@0uKJ zEslZK5ejkLTb1Q}Hf}R%+?G^(vUk2aEJuwK=WD^nFYk(EP5YeiRS=ds0PiA|iz{G-y+6Ev{gctxu{sRBG&yF7`=wBk?_R+xuYtCY@@#e3& zux$143kz%$i7h!qriwwMF)r*y?R`|{Jh(|HV2Ol#|xw>m*e2c*E z_R_rQTn4&D@xW19G69wZD<3xmx9#_hC4UqM~MyrQ-gT$QiOeJ9oSSIse@ zjXsUbDT@daBoQMdP4RFGVgPc1(Qr3%jtSSIbNNSH0k}!ee{ihMKne(;TL4AFuvV%t ziY0}NfUfaiiBVm`xZkuM_&NJ~dEI-HNE!^hr$o(-E(hcWg|6uhmO2~_>^P+G;96f= zMH4}*_BfZYK(Hrk;F&q}4MYV;wy00nwPo+-Ib689!!cce2VXUHP2i*!u@{(KA;=)< z&@Bi(0?_KfXzO6S!o!?w(jIEST?{yi#d`(1wV_yt7dQspbXmo)Y*1ezd9uyILL1D* z&Ko)=V&rW#p14OVcLSR0uRWF9y7iLu1R+F}2z3iZn{=zAG%~H~x1m-iQzI&r?xo}j zXdz5VgtV7nl))(iMxyZ+gG3S0%oS4W6MDN1nTxh!HWyt0RRZq8z{p+zZa8LUBQOwM z!s@l}ztR9fZ-BLY3%mp!1&g(d*?@xbc%-03U;NzO%V8=4R1JkQI1S>!k>de%VDG;W zC|lrxwAIKh8pXsjRtv6+3(&jad@cK()lm%HmOWE(^$FR|_lG zW{uSlfyT?wBHzh(t;(Tw+z@hCAY9jIBI*l^v3muf1=VJ7SwO-T zM2R~|e~#`Xqhcifn^HhMGL@`~UxuG=b!{xxs~Vfzyz=WqAs8EGz2;q7TN_Z=Yf8PQ zrS@usd8y>o`qL`54_dZfCW4;(ri1Wl5b2OUZLe?0zPs2+d{T%E9ms61PJ_^F8Iz+y zM$XZWkUnXG`{e_zwou8Maa0l^q(%Zm7GUUrkcb7Uu8pHxObfCIc6(~C`u#oLR6H_Q z^L)7j<11H632`Y-%d$fl5aU#?u8>k9&>t@A=gvx@YkDL}0MbqQEi{mynFh z9*I?kXnF)$5D|;OmI%F|DYnCvf-tH|q!_St4a8%IHz!&OyMwzS$vXwpB{`8S8^DhR zLa{{qIC?gI^aCw4$cBLn{xIL*wr!xp(gcE9nC%%$IK1A)zu1-^%kO57RH=!O2t=?Xg zf{x_Df~%sRI~-Oc@G>8C&V68iic_Kz&bKNw8H0%;1gM~wUDgUVI{$Ceg(txYZiIFL z!!cu-fQW{}1d%M~DM;B~Cgw{d$|XZXgM(S!Y&O;+P>MoK1-npwf1RoPo0aWs8 z$;(%s)!RQk&=7F}I64zMc9(6$TA>h3CrWrxg9$%rEl$|fb3GulQ^_RovY=`x3j=Jb zhRg{8ml_QdD}_#QQ;N$DDLt`k=y3LCYJgU~{Oc)DlVS%F5a|*D2^0a1o7mHoHoN-G zp};`H4I!~?2~O7lp8e83o(-kD$@(&KDrA-LTA|?=gk2dhhal{M(6K@BJtMKq*fxZW z?O<`Ei4l95x!S!uSJJ(pUf>nj>Nv2OcA=5%a)!$%+dC1r%U~c93necH30Aqxd*{B_m>Dg~^WIx`no_>QbSDhZH32mkrZx}|z%YzN^ z&4qSIl$O=`aPOnLG7R`EJ%_bU_q*%Cc-0(v8#iKDniVM`Ajo7021zXRd~D|WKBF+w zMev2SrDOC;$iyRUmdn2|(`*FX0cDJ?96G%rmT`E{fTQuw`Jr+;M{Uz~+?Z>$%SpOd zk{TVxlioWAA_FV}QF5(nBGPK6FEg&{YHTvSldzvc_1$j+C}>W;?&=tJx^p<~+pjqK zy8Of51_R+x*i#c(57D1T<@5{4U_pomQ4UM()`TSy186)u50uzai<8aWGe-@gE8v8H zRpi8XEaMS%*+&avwT3@yhM86nO`}zEQGqovVrsPri$PRkfk%E!ARHMMNpLp^2tlDU zg$^Jg29_*sFv<+ z$_Iq|DB=|vNhToqJH%obS4TxRICDmtuyH1~;*&^aD6qI(hE;Q?G}WvFwuI3xl1y@afJyi|9_L^k~=WPR7EiA6^4D z2hie5b0+ENjiLyM%jgjB%6i2awquQ&6#2cV?r*|p);;*HAoM1NFnCVTkRbvNbF6Kd z%dJ#52SK6)R`*#sse~#ECxe=eSv#Z>LC%ejp@QUytLQ~9v%v+sLU@F-gA-!53>m|k zNl@&OO9dH`n-;WGUFTcZ22aRe7F1z874Z-qq+-~^os?|pc0ol6fzy6wBzHnJYEc~1 z?ap3^n1RT^!Vn&*(lPqBDfui6 zd&h%QtN2{wUczHx_UvvV8UqDC5j2`(pa8jT^>tV}_YC#9xbR3jnG%Oh@At%0g-9We z(+n9y3*!JKB+z^4NfJ!64$8rnGH2$XiZq&6)Yt&!m$avhTL*#1w^4Mi>b!%KpNJR+~Iu}&*M`1wfxbVIK5kt+1DuEkcS8Q8iO$xIRMN&?jC^Swc z(Ih#AS7fsUL0>dz;@?}g6$UHvo80dOx_{xd+36Ib#Y)KZ{8p~@U|XFiTx5# zsa&lSAt$h5#3lgEvWP;-*J0nHj7rqDW({5Eb8~l4id0q>A%UD2eMdhdO`@q=ILI9M zh#-lb=%`>juq73l<+1woF}El<+@@Q3e3=VAu_^2CyNoFHUwh@D)_q7UluQL&7K zNGw9zM;bo??FTCO!N~}365g|q5a{ZJq9}&&3WBjgg=;%9jlX9P|4{pv%x^puHkT2cLl9;;Xq-qTzg9PB@ zh!8`J1t+-t9*@QS1~k?o#@voxE@e=Uuus*yl;c}~9B6^p#|Mdb5v}z)tKuz zP${H3ecBjIsPpIN>~L?zD(VvsK|HtC_|e$i`vE{rvU?DEhi=V6q{(2(R$*w190Hgu zZ|ObaUjZ*yozRbYLq;ymfaxWclo{OYZI8EJg4%v*yl1U-F=E#54LX8r5~#&<>dJI# zmy|N919;9uI4Sxk@B82|F8z0KSre$8Iin;nUD+5y8B;W>(Qc`O31BG(5Cku}hJY3b z%#{L+18RoaW}wCq%r|Y52np>niwI1JObVDbp%9Rfj0`CZC?+Lps|=tvC>(W8DnMV8-^Kp+;k4A}ZFR zBi9VrHt0A%*v5v{fr2n8qy~%7ZH&ht@Fo~oV9hWMyj-S`jHZ$a`AjH`G4P}sL5w&| zC}3&?0f}hP$aX+KiL!TC)7RYKxU-Q`Dpw}{J@$NioCvF!a$9VJDh!j_NC82{!|6cR zE3N`N?3of#;#SJ$h61wWqd0&Z>@pnrOTeGqfAVY$@ehuE$>LFrk(h*p4!4&JHwjch zpp$mGa8?ml7?Z9X?-7*T=MvbIh z4A0UO5)Y6r?32N(ZlShMHmci5`D*4TtZZKTuMI-w5{t9yK2wqqa4@?XjRrLk(y=gu zELecZv5nL3j9oz>PWDyGC*Xk!EvkYAN*#XzSUwE6{QlvS8+$%(%yCAnv|xb{u#_MA zhe=}zu!c_UndgVZNCx<034jj4G#uKvo41r;nVS&{V1R>oi@3sxjQdyiPv;n7X3!%Z z)RBOM=<$u=;ZW27r5hxeYaQDdC;aF*J}p!1s%+!BFOkn#e8CBst!M3T&iQ}OFjBt0w z-QCu8Es|KeDSsfv(E~xf(1R8Ba(ew4-RD=r0E3`?krDZ(;v^%<>wj0GeiAB@Kr6UW zGCgJlIX2wz267}aft&*lLpWFrgSVlzga>bJjAN!bRC{1v9Rdag7n>z%-n{?3L6@97O3_IgZ87|0Wjz7QeuSIFn1#9K=-u%M069|z5$e1=biHEtv za8Rg)lZYFT6@v7}rk}@}%s@keSAvJk4o-}eKSCYYy`b(xK?cYTSfD3qiKhbtG89Ao z49>8#gff8Ef|QezYk^9F3LJ5Q4pkCJ<2x{toPn^OpO!3di-CAT4T25og`xvQ1Me^t zzkq1B+~&{8N3v{q*}Z&9A#Fpp))4k{;q&5ldrd* zmP|gY7mPrpiUzRp)j^ac1?p89!(1&C+{fc<_>VpX?}?nI`)5%_7ckJx&fA>2O#_NK zu)G;N2~l9_!?0@?DoEI(&0Jt&k}^c#E?IOihgKUQ!S-l8q^JS+?b!m|)ya*;x3>xa z{Lp<4gMR@pAaMuoek%2LuXcYJ}#y6crgW4xzFbI-E2%aH2v) zr&cc)5Q9G|+m~+vJPF91Yp$G5A(99j5j(&m3F|?@hLV`c%n+k6%02)L4i*p&hseh~ z$Mx%dgxn*0OfV8b20$bbP>OUQL@FB;Ic~8iAiW-r#8$vF+t!3by~_v>amEQN0yaQV z0Rhkxi4B-T_i%wqv2qI*g)IJe^$ARNCR;fXl1n^FVH68W?qNlBo{Ey6sP-Liq91zN z;t**FI{+1PXi@@GaRF28rV8@8>k^6qlTohTIM?iSAPmMQm>`x{ZahrnnIL9NVowd_ zo)dI}#IS#$mt*fn4sTVuM||GLtor=w^*YwAVW+2@a>=3jN1)kqR3{aAV(v49i0aBh zWl%?xO@vH}x)4GvMA3@QOhJ~kNd-As_oX`WQ`&~9kkMP) zrgWDhkhkmaJ0*>w{t7-yc}BNU5;t0f;}i}-i@PfWLVt;di>bJh>zIx|+C}PWokT!m zJPQOy7_-lV7puidhnprHH+L=*bZ3jJJvaz-&XyYR6B3wgpMC)5n!G1?p!keo6hLr# z&1Pv#v#cm8Yw6P)7(30a7SbdACI8EqthQFlKW|Na^ zr_i=nuG-fC=DfO6B^%~AWsc})(G!7^bnKQ~92Zd}z*HEMNy3IN?jSrM`;15!qqsIm zeWJ)ziMbz3aO@N{3hPF&@c_iyme2n5e~VXNxIB;IJwIFjN;RgRN}x zDEcxm7~pEaWa-#eO7Kj0F+&3#pCG}3di~oUjCuvBI;Itdpb%!bDfMWp@+s`?i(?Zy zhvK+13@dLXve)nU@!xP>i1EqU2VV*sUXZ&>MMNVINJqt#6DQ;CluUvs>+I-Ft;4#& zDihS9ad-RFni6DO)OYB#!z1eyJHqOzmwgVA>yc^A#wnC946uMin3FM*5JnO3KJ+*A zr7#mlWB$;xiYWC@*XGVhjkA;u5sWFa2!AFYaPCxUVh$NkAxCl$T;q-qEM9c-PkrlD zd6wS=1d^ypgrI6%*CcNQzrYfG?`;Rh$^O0M;a5Z~iS&yC;WLWpVy$eEwli0?kwn=*}@5cZqS2M4nR8b%7~x z+@vOn4`jOJM9A`OK)Q!GC4x*zwwO)bgo!ammh(!kDQ-sFH43v@&P)@z?G!uUAs7|{ zqor#_or3UucB4D%<@jf9R}yVZN<>wUbf7X8$RDWSG2T#7cPjvSx2drA%6z|m8hx|z ze*JTh#eIUu5SULCn!wQ{5F}LYFf#yV9_cxBD@_AOWqP$;1HbOOWwxvN5nUU7JrJ)*3O458I@A8<-`CU`vD_kRpoQh6a z#RvxC)-)K1c!#$GpKjLGa65}Z1j@cA-xC@cgrr^Iz>Ym!G0np5i#v?MVvQr+NBg1;sL35}?mJS;a+9PEYFLY}qm{x_NhQGpz)-#*D;AVz3 z*SoNfgDzMm#wr$}C-c|oLoz)VkzVGEWo6s`*C-AWh=Grp*in z<#5-Lg5!6*3(1OJj4eJPjCEpf$IOI~9r8#71sKWW+wt3;l@;LWn?~8Pc|q<}jE*q| z9@xj8#ul{ZFDLM%U%3b(jfn7}G1{H#FKM)Le18SiUl&G1!J#<>5YQU~&BQ^0EJu~{ z4)KNZ0LBE|>~os|JOJkgsR0n6$&Or1@E!5C4w%*YDdlmxA?=R<=v~VDRiE6#Uy&IN27F%iwzA z(!QDwF){cUJP_N3O_AroPeD}%*puIB<&MfgVuMPHK)_p<@4h`T`2RMq1k`?;Q@l7; z0q{_C{ZBd8L^#3sgMSc?$N7aIvuo)B*$7RUA^je?J%@(3K6SYc)N&apj14i&LeqY* zXcr>$){Qr52?+tklb^)`@8;4t8u2h>aSn*l(qu#zv|C-uED~=1+=#e37l-3PQF`+W zGeArUU53P50`Dm68q;?Ind%d?6pg+2CfYkyY8YBfukI3m52OD@h~eQN*aL*qF2ZVP znU#Fvs2tS6&~W7bEvKH5-a$MG;)@_l8VW<~9d%{~79&Gl&#Zpr2)5e;vQ)~$V#_=a zwb{q@!fY9NR?~WTIU3PnW-(`^exhM??86E7iN^ThnaiJ~rNbS1>d1xfviUZ{yoUo* zk=b5hj6uF4k)r+oCJ<&Q|$J#!l*%Jt+I8hqnj^-_t z&tSWS1@|q5GGUlWT7qO@b{1_)k$Rz&T-hA!p)eA?YCAJ0ZDSGzG;?VwY!q_V18i49 zR@V#ixH&O_yzMK$H(|4NdqAM%otiE$h}@ZDfaIGV@Y#U60`eUO!vi<5gC5OZe)Obiwa}~xQKy&08x2q77qZFi@G>?3AY$F3{B-gAPzKC6uH(Y zf+bQImR>5$K3%()3oqAj6}dXG2meZu#PabCP%Ch zY7xc)*#1x0_7$nxae)y}PxPP4Ory&CMN6rI4KV$Q-xEiLG9HcSf_1!@Qw zO%Zw%l&%IJbUcty_G7!#O*vW~7_SegvGb=NW^T$iYqvee!1m_N4grAa$k(@V)}tdh z9US9h^!P0Ksh#wFWY7VRCrN&V_A$h;V-EhbHCiJ{+)wyedsnDIWUGD~_8HFwZ5ecG zAW^3F32%IdL9qsk>w}CfH=*hR;88^u9&I!`204rqCMX6#=)hz$U}|RBlGM6-*FA+> z7TT*PSQ)xpT1CUfrNO|sou+of9LlLAK!CzL4?cQ430)GLL>5CDK+g#ew8do!!Sgw7 zw9ZQj6Hsa-4k>Hcm1L;gY7cSjrfJLx z?35sDudo49-~x&Icem<5%gdgy5$#QED;9KyEKduI<*$X5X>;$HE7>WOe^{I>X{dRd zwVFe3Fq?$5&n>i(zWOW>rEP}#$d~l*PR5!vrM%bGfL`WhgesBa3|`>+EtG_j4w+*E zj|3}X9K!NR#}yVZs&{A$Vpt{F!CCx+74H=U=xr!*){TBdbJiM~4H~(5mI>s^R74s) zm@Qt$s7;*_A&}>cqlhz@6hdvL%O=H$M#iIIvk)(A8^p77bX#+xsK>5y)kbVsrb1@i z2GgX*VP+PRjS(`8hd+zIReE`bRm9=6FmZ`OU@p(WVZO ziF5d8up9H{uNmX8E_9_l_gF0ngA9OBYj!Gt@JBJ+cMjmU1OOoH&QpfF?=@orZ5D|P zlok{;`wm+GLEmhiHqx!I=xbuy?1^Enarh1i_Rt?ku~5#FAdgF@lV`K;XrP-RmM0U2 zNZ`;^e>3fbzE)Wvh*@QNv<)TOiGfNWco`^_b_Bb12k1=T?saWAoX3pid1tTPxPuBL zL404ZqFYMCurpL)bh8~A7)jzJ(P!I57f~Kv7a6k8Kb%s4h*kpMaisw5Di(OOUf=db$O)SYh33K|6AlMcJ zKnsS7HYRt*0p8{>Q>fmC6h$RLIRuXAY+ZRusxj>r#_)+XUrV6cTuVggJbzcTfpgOy z8P^pO@FAYcQoKEXQ3e|EPdj-_cq^%*2SLzSkaUMZz@1|P5KI`lLMml3KF1^HYX$G| zHauNn-RICqRU`GHb@N+PVg^Ddlx@e6h~Th`7@bWa$xG+#+V+i+pzWwH zIuzsH1Bh57pjr*eLVTZ$Hx$6ILv{vBR zHLEwhhZJ+>9(OZ0b~%VL1q4xpX9J^SqeVolOmHlJ&e)I~WfS6Hp#dd?2^|{S`%Fxt znMi(PD}iz{wjT(aa}I?Aj$bH@E@W6YDlfhnlaPUiOMu6dE=*gnMrI;|k|<2Mu-Ddz z2QYbpV^Rjks{vxmWl=^8Rb?wN4O}7E$`+fz=6!p_!5JSoPj8|Ely^GdFMZD{*`vm- z>`lYgfU1%P2gYBKrxw?7ClD9lAT$sW;vgr9Kpw{zA~6)|lHh5&CuEiIgEBEpAq-&p zm@?Ow9F(M2bp>V7M2Nf9=9qI~_823Wae}e2l7?-yFtL;jJL5oa>9e^u)Qs;Im)I{= z4u~w|&a>2BuuHKbNhC%LLj#9XwAMHXAoLkkau&#fBs=wDSy02a=$NoZbWsRyC#=SR z_%X@W&C_5cKuIu-S7!*tt~g&2j>DW1?uT_ylZPxJ2xi?EieTb#IjR=ldfE`P7HI|o zm=LUaam&iBT6$?dXqNC29^-M`cx5O>uHTaT&7c9(3OhUHKi1jtczj%c`tK>~n> zV8BxmHC#i9N{Z)&{vvH02)(QDS$C1*qwU{lfI_JFC^(!c?8r<4i1y9MMHEI?g{9@5v76I zMlxfNmjIw(aql zO1u}x7bO}7M_U3&ocA>s05FA!hE}2Axu(cA2sj)JFU+37bbxC08PU1zrHb`ufzwes zaC=Lmd&7&t(8*J_U`K0D+B^b>K*h?If)6kn07GC|)jfa*H9M7k^n#_R7`oQ@u~ZFk ze(0~~?THQkT-Kwz=zeYVAUYtb;%XZ)0|^!GK>^1220rYp*7+(yJ_eSQodp3%kO&(M z4}n>XN~4m3wFn!CcI*=5L@`%F;j&i^`iR^}fQ`t*3nzsbfPANg&l;`+_LN;rYeEA-T!<$Q8dWbp zbAwSK0%!<;X3)aRO07DI}vthv$J949Wi%kW_wva%KJw*em^ z50nt3O>1Ht`}erb$`6oU+(6IYHk~SGB&nJ>LE#3Q2*4RcbmJ}7T_Syag;lK8{AsOs z9nB&eZMf1ro3eTXXw+l_gkij(pbalvAc5A~!B*0Z3%Lyg6?5IPByG-1Q!W_N1PCmq z1W82)#TAcH{DNS7@u9IOK%2hX){MG9?Xv*tI+aF=D4XW3EDoHFj2QN+D-e}bV}eW! zMhbv#bAXpOCTKNu5t&FJXhmokyR32)_NPFCV@_BRxQV+g0pJW78Vg;tBw%bgGGmY= zW@=eaZ7eVnJhm=Ksk{g^htP(bZ<^i1d8>E8hQv-%0eaA6WGaHR98DCQQN!T^mEeGR zN>G-?@_HlJCrn7GeD~i*9h)Bq1A*OsBjATEmC+ub0$BDQ0HvzOg{_H$g!avO6~Tv& z`h7tR*GdpK9(xchRe+LknFE0sDQ0<#he;mX9}I_^b3%L|bD0jOow2A-6no2>en%us z1^|8xxfV$N^pIRdweWp%&;Z>Z2of&-Gj}Ly!)_QF?phW@n#2TvwYGdH*c^AL!!rbR ztN>ODmY9>opy(_Z7-5MMiO;IgVEvQfMg0BW8|Clky!v$SzIl*@&L>DBv-3!gc@46` zgkX?{#yEw_5X=l4Zh~*ob6vLVN4I0d4HMQLn}{4=c^zMINC6~}v|VB{5P0(|NU68U z(x6mi&CpPA+V8t6tSu;!pVMP|p6vy}GdA4OZJp`j0hII5oIcp(FkKE2uttNmpz5_? zEC@|sS9hZ#DO!o7B5%#G{?C(MLYAYE$A!uS;=w$fb zaKacv9R9&QT8&iazj8z9q6IWOMb`M{dFx5im2l?HI7q13;H4Ff63MKV z*KbT0FQ`F`RCG?7{}OJr8W~tI&f}$3QV1dCpkE9ZgR$DfVkK9`u-J83d6aP_xO#lt zBqYO~+ZWu8*t;Nh9>U?uU_`!pDVZaJpcp?^Gz_Hcg0m^2HpG||hXIT|jua|Q)CXe{ zv}r)X{flNT?8Qlm5rvp|VWN+}X?PGJzJOqk5*i8+;E#jwD5Ih4+CUfWK2(_Hn_#L&T{W6G93 zL$2;<&wj|-V2RjE0>CnQX|4PxX&C}%v7411LG3V)9Z_UFP~t$Yw=7n-q|9L4AQlT} zUh!5c_y|=*2SRaOWT8As=)4p1H&8jL`ZI_K`f({VsVrLI0i+{glt@sDG$Cl>!5|X0zXx8c8noGV2Fej0ztIW`NVPLl~+96Gu@xfyqOL$$t&#M0^Y< zz#U5#8JQFg7-y#^b z%ywYbiebo;M&ZRmWkeqPy*))-G94*ovUn)Z8UvO)midIH1A>Sbm~mw_<36z%7i8cPY=b1L0y5<@F$L=L+b zxHxoo;?EGviX=cqN@WeSun~|T9ngCxJu%K%6CkIoZQ-xuj}1x(%SsarNWRW=ZoMPho`=#6^W5LZb-rYi z=j80RhtTU-!?PIq5|aJ75G^)-HQKjr@WH1K2Q1%lVCv-1!ST1DNe_zUH_?a|P`g|i zQKHLq8Yd@#b@aN#k^yai*t*)|Z$wUVB<)vJg{5!Pg=oUJNbPE6T;_$$SVjV-gVCXK zq%>h?6g~BHHZITH*S8zy`!_2H>(+(P@^_pThbJl*SS-G3!+^rG(_xoS`Y%?#O(YSF`ArPQap?(^)?K*t&w=zKLSuDOuI@B z(zTl~?v^R_XmbrsQU@{IhsFvc`QfEd9k5!L!*(@>2}2w{zWYfa6*`RzKm~CXo3+|R z_@A_X8|T<1vyajA{zJEPRnv~KbJc*5sWH=Y|F@Xw~;D+s`!#RSgRz((q zDQ?>pvFw6dyf#n?578fHRPTRS`fY-ePLP8j9sEKp39uH^_ zB5-2DyrOi&GB&}mw+;Kkj;Jv1B~!_ft2S>X7TUYyvjl%6b89eQ$&5b1q*`$gUT|FB zechnhJ=pO5e#aFNG{P;VobX8q;grJ&3X0kSHFm#NmmzOVgca#o*>0^2afL6836vp6 zH&ISVsR$(;Y<^mzMSE2eg{-0mh^<^&qt;atXb|u~(dE^l&kQ_`btb-JdlbftLu_M% zH1kVfS;Pv+u!vAb8u&4xcKL6NGlWL$jc;lA8M8AE`LZ}8LK!X99H$wtV8EO`!1uq1 zTF4t!{SUP6IOXlvjk1`B!LWwHZI=r%3?dO!2HDT5A5c%MjKe}%EULpG3?LvtG3!1| z?>+_`7J6Pg;IYR#EvAa{quWwEj)-VaZ0n}eQ!vkt9c8h;pTEcBpQ(u*Qxk?P!z;FNP=lt};^2(9@SkC6 z5RJ}5FQDd{Ten)G%gTFnCjOeKevc7iU)w@RIRFr}{IsAhz0?j39uo;1C;)o#cvCd! z4bHRcR_KQFe>RwqgQf-|R?D$5PEK

&;m7e?nNc01KTWwS`;VrdnRoscLSrh{Y} zqi)S69MEXU2e@D&4d-g&d$hC@Vs|{W=V%Lol5tgB5(HsX1xl(2Ae~wpC*Y4-4@^_w zt@ab7SnU%+X@ew+$go)u@QX!RAC%ZIEaQWKmQe^2Jbc1pu}$6 zzQncpR<%GgfpQX=n81Cp6jX=j-4b!R#NJh4mUFCKt*Ydq3OZSwDGhMjfx_I(c$pOL z$-~bHf>r}UN-1fWYt6)Yw#-3cI2yR@&r_omikinT;+foZ&24P5YU?g?QcxY8PHxQ8 zCXY%Bh>>X%=noYH^3#lY8M`nP9IBbTv-9U!Na8{U8L=jGcsWc4$cVub|o_9nG;p!gKiq63ph>O~@ShYS8%(^emL>?!0$AIE3h{!#n)e~p6JEvz{O zwLO?9BTOkoC>(M`#sJK9r$QJlm+e#Dvw56@uy9n;o<jmW3=6-ht5MtF7)W#bW6cUn7=|BNtiV~tg ze@U7gKJ-^x7Hp~m4%M4FEqVza@dJtq7+qM1EvYb2{S){jp@aHw6l064#D9?2`A0)#_0G`A zjFZ5RY(_o_43Y0Zcq&efN6r{Pe|Lq249_8R00h5y$zSyLzTcqkJ=n|Ibu>G9K2GvOo9PQRRMqD1SB}c+{jn^jNRt_dno&d43Vz2BTr@A^J)!GX|qz z|3$YD5MXAt+pzI<(=(Q`=O3EC^<)25+nwFp7TdY5T~=jb|9bit&0tW_{jbQxz*SXY zUv`sc-THg?W0q(9U?2de+I&81Pq&|T%3@!*!?N^JmdQFcnsRzpYarq5HLVuHHc!9I z)+e&G8%z(wUpSro4QICP%btd5_1D;Hzx7RD{S1@M_0RU5KkffWl#TWr#T*V|g7-kV zAxE94gJu;Hg@~+XtOA1)#>HAf;f4l~JOai9{)L6REHuzHcbHbi##}-L$Um+WT!3kI zrfRJlgo>a0oP?9sdcj_HNU9c4IzK3;$SwdO`=8OH?!Uh-=KlZHXHa4F`+eUp)qD!7 zMKK`%#w(#lCgS3XWj^&k@l)~?@TapiKjy@d{k9-|pK*<$k_kuNL2$sKb~>qbL$gGk)Y5d*$^R)AR??bLKEUZVI9{UnsPx*fH`l_LMV0HTZw9oGN`EgV)eg-^F)t zz8{fxppHRbjcTMVkXTNQp#6{j5hMe4kFeux;H99YHM8mzxT6UX2%bWs@=Uem=BdH1 zju1M3X&F599wSUllA{Ssc8h+kLG2|+oZel3IX;q>y83-(-Q0%ak)y{0BS}RUENwGC z^T)GxCTM0+> z^24t39@rF35cDio;_dtfb(c#$6K+22fO>;p{&$C;X&hB3j|$AxLe{NWs#sw7<1j}vGVBB zFYM3pXQCaQhD+(d*IzXs3@n|E?4aEj`ox>W+Xaxnf*MIU_I=^EFb`n^`f*o05qhXJ z<%PKl)6gaemN#PC5WSMMu{zR<-l_wvgI2GvoH4m`Zi;5fB#vA8Ti4Dl1U<@#il%rF z8|rz7>H7CA z`TtbnR^63~x=tcz_60ix&P0MtO-;$;8Zj07=8e3n5SsLiQ=1OP##S(MCKD7d=2l7J zLc%_;(kzm@VGpE)Id(Dz9WwFj+_d8>u4JN_0VHEE!UGZ6YwIXnDZm3L9(Y!Uo!xf~ zn}rOF&YDgKYPx~3R6U8XSdA{kP43}5#r|RUa5*l zyis)qbcX>>bXW+VX+DI3^!9yh+6wikr_W@bf6G8#FqAn5^RLi;hBj(Jv|r&&_730V zhvp<8|8llMm>O&IE}Pl1LJ|;=goGp@&F*rqJdH#13}Y)G#xakboR@r<;KQk-`32Cg z%oj$3MvV@IbPJ0+eXc!66B* z{4en4FA8vA(d4siYbE-Qg&1ge9Fs_p(o4WCAvBLdy_1mz{SSo|@%}IuSvM%y>dpxW zNJG=Q^Q{^tvLZ7@MFr%+U>;5bU~J-BTTU!Av2!R(*QC8-#n4iN--tx41RyY?2l#Bs z$&(*NqO!h%(t$%y;e-nR0IrvHjk79ZL7ifhCSEkSmKIb~A-P3WFs&5{DH4!KO2RC* zH$B!YtXjcgD+sc&V%SijYQ_l2SOfvamF|qcv!En?FXin>{ir{e)@Cv2OWXB1@gu48 zlo&t7ABb{8AtaZ(@zeUs{{Z66>t68=-*@I}z*|6E8Hrh6AGTE_=wW}J#X*MR&jf~qG#jI;uO_jA-s@WEk z6xmw^V!&AuU;(cP`8;=2z?*3A5txstkb!2g5$IK~!RLA}8Q@{caT@~(M;KEFR3LOa z?AbH;FMRb@e~j@LWt5k6)5qw2b#Jp)?Y+#@(9&HUz*8Yd85%0~hryhGnT^!j3o7t{+KZRGVr^WlbyQR_c|DizWXy5-VBdK zduWu>+SHFn_NoRv>iS}TW%@7Id&5k_S-%@&8$R~zpxg6&WXe^CRwuR?sw@?wKM7^F zN=3?y;e#v)Ww7bp(yB2k{ST*P@3?G++Zu-yC}$d6s&0O^Y9$c; zlRU(**5SDs=wa*SP^8+=#EFryas`SGNMay*!OG+PLlY|%BOD;`Mgw#>ISl)g9fe5v z#C{B;493r6%y}0W^m4b%sd6x!nd~!1ll6Oa4RmjtDe6*k#*fCt0`blf=sp1mu+w0Q z2v39v#%BrlLrk3N4tgPtj-+G0&5*4!(}zPHt`S!;Qfww%V`yTJ+V>Cb@cdCikF;_g ze(1^PkNErNxRZ05ujJL|PT3OQO}NyD421rDNEg9c?w$c$99)MhNc34(Da@gJiTriu zVk`v-L7mys-MIf(p>}s`815WlnS$xZ`qfr!jcC+)_^6X!&%)!&b#QQVknOx*^T}m9 z^^-o&$7>( zj_KP4A(+=)t6JL+=Wh7bsczSH#*$|1EMh$No9fz2I!;zAgd^Ri5RQCtfd-Qq>_aQ( z1q{oPIkKw~+GhN`WW{ho42CDYdX;;8=niG)RQk`+4rGJkP5|sbEIVW`-r(MPvQ|J% zwzj7H>)K(VGNcET?xCpWi*c5~xe_Z?nPSClfnlUsi}9nQoHA{nXQS~lHwIaOBq9U* zX9r_04Mxu8sn}TChW#z1s#6_r895enIe28NDXr~ zfJA45vn_oml2!e) zNDw%lfKCLJMI!uHXrN#+?Jh_IVnqiz0=O$slen`MVt@n%%m+@JvyJnznt%kb1~5az zQ+N6cSc|7ah3!?&QJ(lNp8<64Evv7(mHfr>c++Kx>Huh8S@{L++Jyx?EZ&G+sQ8xsNE!$SR5j%2w1uj@aZ z^E(PpsRix`6~nk4Yt6!{Na0|=S<;-lfR1BSTdXLJ7U1Z`>sMfWlBE5ha18h_f@cj& zo%94q8*#^o@W}Ug)&Dixr`1SS=!TO4Kqc^Xer6Qly_6 z(o@YZB8cH46_>Fsx?UKE%;7LDE6`U>(ZH>aa=$s*!L^B_qrGF3ElxuLEO;RyRUnfDjY8FXYd7V?6vd?gROdIyffB zN9tW5*vnp$`25)&88PWXVZ(Dz zqXS5VqSS^B^SYjKvZxN_6JJPN0IhQ}z`vg;~N#+Jgz7-C~jt z4>cd(p3H$*aC=`>wRnRi4rA3(X~}09FVs!z&dA{2zVbOofuk+_YUpOkB#>gTqGV{r z@VRjfOG&srWnBn?fZSRgj#hbN6&pKZJX5s(5=pbIdcf6ID-&iAP)J82boW% z8$s|EtPSBY3gZ2U1$F!5Bni3wU!fjgO?r@nWFTQ6RQd#geF|#_roxa^**{JnlTfDG z=aGI&qL@`2d4YyK8aU!D8#ei5EWs1mMx0_+`vMDD#z>g?<-iFM6)i8 z?&udflZ=vPy*WQq>I(cX&%(cFkM{tP$C!C_?t{CX$gk@#F-5=<)69YOtsM)~W{>v% z5Aq;j(ovg;^!o@<9FuJL^G4l;G#{s|svH5=>`T-BYNZteq<|gUcLvIw$?w!0`pgc& z2qBojIfv^G79D{B1rK^+0fN|>sBd5rgy-x}u&LO}k%I84n9*pU_ zctNl*0avKN$a;{3iroO*a4>7!cFHO$Z?Ry>nnFJ(27*sCspT;XM;{8Z;%? zl!xj6P+_4AVNt=@Zu9FB>5j&f%vKAIFL0s^MBXL-Dt)c?viy$ASx1i z*o-01_1%Fbgpu^1lTrLLVRVg);Aoq0i$u(zTCKB2d?BHx`@lcIW zVhIHLb7f8rZM5Q^4@ap{bq$9JrgA^@^ssI&0(q!}6dMriQG$dBlx*Zp1&}}NV0J4A zxj-G0kG@?B5-miK8uE}PaUWL9}~6c6!)YH1tq@ko(YG+Vj>|!XkdQGpXCEY z1~lK+PqA~?T}+GizK1^Ddeeu!#aU!HEa9$yG+j5IS)BgILiPQ*U+Eqvzqu!9ux7<3 zcEiqk93C#&$MADR+xFq9>x}OoOq(35fdij?Sf-68lE_CyMJLglLi8~`^gQ=dD3cwV zPWLbVD`q@4HgLClddf{U9hN-~`9@{d>9D3G77PrI;Koq`5Gj%r{4^Y1@J(|`QS15Z z{1e-xlp1JGTPMSWgBYVoClJE}5HhIxp}s&5| zglWyyWlk|H#9I6#OzoC9J8Nh+;&JNPJI#o{zKphT%V;`8_Spi|1pArS(*MHG*U7^fY2x^5Uf!<#vFlH-jO2USv@Mzi za3F3;;Umo(D5J50j)n`z4O@c7Fm36ei|-X1>0WVZ0rqJ&JZrYzx-vsAf|^6HL_@e8 z!5B*9A(AIkcp+-^Zdx0buEDapKNDQzxA#iM6pS#WqS}Dk1>%*IhhWxT2 zzLx|K1C#N&p#ozvGR4Red!|-ya8H~{?lF;p5M$LH>k)}Xq51J58H}bKI&FjJqMpU? z1&f!45j$fh@K8AT_dKFPDMH}n7$d-@#f=#-zaX;#VZjfO%O9c3W{F{-JOU)_!aqmF zZ}|+Y#uhHcA=tu%w#c!BF}r1la+5?lFc$W}fI;CErUkk9hR@JS5Ahf$HV%WJV&SL1` zsLn;)UBi)G3xRc!dyB9x$_7KRNP%H2g&cSXk%$ooT z0WE-(fRqcQdPflubm5^*%1Lkl?s9>Wg41(ZCiTealCQ(x)3?XLeVNWV&T*MSB2 z@DN*Ya7#iE62z)iu=ZardU|rbH*CvW9PHNBc0ANKIuUK@swK2}t-Ub30U9HCY?BMg zU|^z)1NM_gJvS1Ol~d%@bL6{xavim=d(qa^y~>07{-xvAQSTLXBPqOQ1ld%fNs{@p4DgV{EUhO!x0 zxk!O=WXMGkMXCB9`5yCf)MCY500M_;^!0Le#x?z?|AGH^@l=1#&*s1BTqc^*_}lLn^8dLm z|Ju-v0M^EiSPD5Lu{}utLC}7&1CbO#zkq%;0`3v`#EU5Go7N%4*3ch6eFD@8D2S9m zf8=6N=#Soy?xN$V_kHWQ&Y%Ck`9ESpk`qnPzH^X}kFRZCezkaN;n?1 zBnY4<`@|%8uvg^|Q4qNWfAfu@zH0Z_(W~{7bCyQ0SxbZ56nhuH2Fzp0s)v|kjywIJ zSjoW+R-w$`@|Htk-bbQKA@wXVKUxL_Z@wV@+Bls?D84GZ`)R9 z>xG65jFdAUr4#5K2SR<}hglx>2p?iF$_O7c7(F4EZ~wy_B!dJaC&HWr3me5OCpcrz z+iI$+s;c`FI|%3xJQ@z(!J!kpXJU5!Qb|^Xk6dalZ8^J5znr}OlX?fwoS$FuaeqA1 zNN4XtCYq8lw%BwAZ3sVvXXU5kqiE(##PY9XPrO1zl+cR$n@YWMYvhdG&rivd(lALd}E<$}T3Y*0FDR5bwMHTCdl;}H8NynH{W%%c#>9^zsb18se0w8si6nM8(y&+v*a#UdQ!;Rr$zH;MIy-ea^E*rz_@v+ng1 z@hL{o5^JFkK?-!fegXx5FH&cMkFjwbC*ng${z^~Ddj&BCF+E49uPX9ALjvbE-?`|z zcaY72oDFAvAvNWh3y(e}3HO2r;ZJ~&fSS!iVBAT%qSn35mkb2<9>qOkEs-`r5xAHh z$Gv*e5Jdjd%^m>-+#(D1Vuw@`2S5 zRQp0GhvXn`4=X3$Cpey9fzT#F1i&0b`UD`*ewRfF+AuYVZ`JZHhpq9%u=kFk18><5 zhDefWs{OLv4Q!jvKSkYFnX=FH_2$S^ul3evlzm)&%rw7^7RLjp889!8yF1z>&JeL` zfHuPn9COU9GdBny!+ELOxI+YQ?LO_~di?$81vLtr&BY>7%Fuygb8Sfw*ct>6v4&)n zj__^`^_ibp?>$U2A5V!n&XkzWBCL}AQ|&ntcT1)hEc>aYvE1aVv0o$6aHlK!7j`gF zOd!;nCP{)aP~gbehDu^!Nkbt8yv(O}HZT(-FyX;KSg_vU+=S&_*kCwU%3xy!_M|*L z>+Yr%BmMN~>~-fNyU2G$_7QCt6jA$UAvAgLSWj%z1Q33Nn7R6WC7Dvz1Ft|DVUeqp z-emO!x+lHntED0^VlyN~!_OZg_N2dvOEV12Sdzgj7S*k*LPdy0OhA^!a4iCbrDiMI zW7p%r6vM?a#01Hc204#;>LxTkJ{%1<8;2k4B6*3~s=^!B`%dut55Oq__lSRJr_550 z`-ulfr`#c_<&wyheCH|jI)~JqzzR7CKhRgwPrp)M$oraIiE%Y59pTWzv=!=o64pD9 zc?d!tqQ;YEqI!piq>v~b2lIcr8(GZs1^~hK@Y~9_(07!3LA$#O510tewz&_dQjCax z)Xj+J&J9e^5Jxscb0S-$Q05BV!4Oj2tWA(FYN(!=4F*t zYuB#~FsiIB%#>6K83IjG&@%)+_#ceWWY=?pe=qbN@Auj!lPF-p&c&)>L~oyCq%fci z9T}a)axPAzF;U!lu%qSqPa%7e_{1`CkFpo^(0{^*ubIEJ_xMB6Pv}3tn%Wo`M9+Ei zeg4nA>~jykZM6(%Q(48wzr zl3fA*QpHf?lJ^|Ba;YD2aX!fDgu~mAi3G0bn=Y}GF=l3BEWW#^A<)G@0^%$Men3Oe zFe|@N6o8v;w_gitz}|l#xbL@MHUn5{2KO6=7Lt0O@PqxbrU<6&w{8~TC!y#WADs3H z_lO!Ds9in+d<6yw9zH;)VGWsBk9DXzi48r+Mb9={sJUhW5fuBGP(}v?2td@uYSC|h z%ngt|`TDz)tZ>YU_X((=yq%v*FXTgkN88H?Sk;9?A_2hsPQndNcHfx2WOtHksaI-nII^dJbK!(6-D;9engGHH;>7*XZ{bD|Ol1)lXhrgm=7G$>__L$Tq7SsB3=Pmqb;nc? z=m>OCqiJr7qz-;7`R<^W{o#a@sEQO8rn(GX5vK@32Z7VGUPy}m$;lC9Bv}v-s&+k8q=|M0(18dL zfd^8&1P7acHBKYA+(0+|(DecbtPs1L*%B{jF+h9756|rjFn_%qyFcSQ`+5}qnsST# z7yA}jW&00y2h>Fz{;m6~*J`P5I3Qra2r>8bwEd>GpLbczdqfW%AjBiIjX?+pw1pb( zF&r3%3$bMAxp4Lb4_A4y4}dZj$n_&K4VyT_%g;sk0hvSOJ|SY|hzX)EmPE4rG8FWk z$fBpz4b6SBNhD$YT<5P+hGaj+rhzZyb%nr!>AD?vowY%n!G{zhaB<`t-jDQHg!q3?! z#F1J&;Ldx2kdT7NIQ_$*`Pa;a{D-}eOubqD=15uYZa~-&Xd6HP>HcCq1;Rx?fkrtU z3oyB!@^v|j@$LfO^Aa;gA_6r*=6ZeuFZUQE!O=D=9E@DP zh0Di1YP6{MWJg2G+DGuapNbI@r38d8qEH}wk#u|8+Q>?lwczM`-J2a`C|uI8ST4YZ zWZJ_ZLSWPlC|%~5qjg0%|=XvqKzkl)a7c3t0?>kWN64h7PXyhHRr zq?7c`Oc$&!u2alAY@=B=`xy`Rl*LcI_TNk3NHQ=uSHelD z?dB{#gn<)Gkz`{9`1|}I`G9hffdJAp6Su|y)U1V6$NAA++fNe}DGdBZVd9pY95uqD z5karP^-hnb+n0@u?hJ+IP{%9ZK;U3Mv?)Xeh>gk|Lyfw)3~|7wLuzgsaAEWJ!qlCG z$_^L+c7uj7jz=4o_E({6eP=rcSjLEFs^+Lh1VbCrP+Uyf(Fr7j1v>!(iGoHH!IM#; z(6n=sa8^qzN?f|SKrsa|14ys!4M2nZffw2WUGV2)owovdaF`ScM2fG%XcB8o8-xbh z8wL%AsABt8jV=l0RT0MrhfB+wM`%^~0OTKlb$QZW1*)xBNdSa8B#p{C39LS&M))QM zkfStlQ6p0ik#D{w!?ZFk2v&jqQ}RUcWams$ep=i#P_fWsiD&s49Z~oZn~I-}aG8r{ z@YDRcZ134ku%`@#GoA4S=biBA&#uGY4#9OBcH_3-)onL#6@kn>qodttWGClui%iM_o799jQ=_Dn#)~3sD0B)MO4@Kp4|^J1<&q3H?0cXQOFR;b$DgY7z&=^ zQP;n&%uYz>%;Du_{!#Lg#?1f5qDoOT67C}{i++C|^+Nyk2mD-t>#=TsPkw3Rd|4y$pzo)8o)gLb^^3ucSy2d8b z$?NjF$wRzWN{FGTmjn*u1>5zGmsk||V5i%vp3Fn;Ss#N`_*>-EPi@BsTZD4hqLES& zK=^>6*&v`lxP{}I)86W}fc>FR(jY+LcYFlt4IakAVQ)^ZnIr%ra4|(F*%SJk3YxWQ zs~Iq64V5!gX)!e|wOb*x7`D@C5h3vw5F^_-Bq5BVpQ|7+u!RVQzUjSvXO*KC*#dS~ zk?%x-v{zI};Xx~;0cdR+B5Y^WMaxVYC^SW@Ta2A}C>+cHQ)gVNr$MkT zt7T2x4h4tLkUWli=#na3N03Z*Z&qaMUg zVn4DcF<5_D`QYy7`0OHQ3ZTFa2?v0x0C*twWt2XWLH>?;<$on#pYncK(k#-Mq@9*# zP3p7#ejPnY>B(q*onPN$F`8zt>yC~usj8o%|7PF9+;OZqP#;o37rozmLmT;0Z(2U?u9 zafJavgc+-k`8)k^7>35m0w1_}Bq>QzDR@l8gkVoQ9Ua0+uh2>jSi#4gc-|Xp{n8w~ zGx+G!I`yNbYVMsEp7j^6N;Lk>&Dpl=ztF-sk6oQE^x3@5+IUDgkha-Mjcr;jY9?$w zL+rB%NJ+-@T0#-Cv=I9f{9!sB1~4Q-ALfrOg4B0ngG`z8=l_Nos_jDJ5{53N!t?xh z_~oKU0KuqiNM$Iw38Eyy{d`jfz^{gZw+M1Q;(@2jqc}$uW!OrID{;L5F!oU+43Q0? zV}%gmEUn#`(Xk8!WQuWt6KUmc%8C?3B--7q<5(uE0%{^4;EG8IR9+OJ+R#Tv6`;si zB-zM;r)6J(1MLOe#C1wn=9?}_0j)(TGKyu(b+kNY}2u_*6o_jY*w+?S;}(* zldj7qY|WSqM=LtmnAa(DtlCC4X*43$Y{`dXv!&cF*;wmVo7t;Hxkg?DC`^0~pYuied;i{6;O|_F+2DKX{Y_@D$46`gI z)mz#QSNt{bAA$aK_*z*SE?-T2RLsenRMs;ZOZYT<=g{72jiu%WcXq0FQv0wv7(**1 zPduii+Otx5df3vhD2PJjD(VV8J>_>1ZjoMFm1wxf-J|66#^C2y17Pj0wX7Tk7oK9j zCMgI51}Y$ZyLQDXz&7tBi{zu-H2&@q`m_C-OZse7-b63!p$;(+%PJ7GJ&{|2KpaR= zF;=4cKvLlUY6zQgNEwC2J{Zdj>(rkKsJX-WMlP*C$4BM|`UFFnk2Zo2=1Zay@F*x# z^+3z1r2L#fr42nO^#c$X073y5ZvHesGAAd`%(fzFRZ_MB?=`Sjiya>EDe}?mhu}yd z6R0Zy$S^qv?_cUq0Z~Y9JX}y z${F()I(iBe<|3ytO(5hE726l1?*fz#WBkl|P=xRk+Ps2$A6Mw{ODIYD=3m<|F3r^_ zL}-Q2Xp#Ht_7DR=G~58uLN4^9VGdCZ$F60~nto*oq&giy^+hjLye^b#EGCB{0{mhXCgi7?SpA-46+-X5|o!X=c6VLjx2ZY!o3Pa8_(c3q#ZR| zA)-PWGzBy?D#*EbCx#1ELrIv#d`@Am5Hm&wLV^rsdetG!DbNX0pw!w6(2c3+C&MRTszD)naXaXEiPz`#4iB zAvCzD$d0AM(7@opxWl#5$zW9*K)ZkbVq}6C6f9Y@mk1WTgrXwI?m9r=#u1V7R=6;2 zfsAKCMJ&h~6<9N#Z8NBDb#TNnG3Zf18p9fjpc`lgnb&G?ETx?xw8FTx1JIQK;NwmS zBdJU`ri&s<)rT=GF-cI688lf!MhJvgMvE53tqYxI10E>=po-kaXIG;Ej6Gbf^9Pqx z=H9F{XSc}Cj%<`l0H{YBBO{r0Yb+M_qVO;PJH=}EA3EXMyNCJB`U(^KyXL9(>5))z zVuBRKT}iV6?D*W)YG4jOV2{*`^&kt5#6Ivj-~OHk|JEJHa1r-KfvHRz*LjP(Ox} zyUW#FxEyAACm*{mmFvAcLFb6SvtEjX`SnK2#%Wv_WV6~2eE&9w)1R7K6Y#E%Mcn}gECcZ6HbC}t zWVnvW!19p~t4n2VLx0)GE6@ACyy5iK^2_05yGb;xGHIIIHD;#SX>CQeTPC z9WWHcf-T6mg$@TniZpA8AFMB7*iDCrL+*R|v=Kt&`APB{SLFmT@}L5v$RYQKU5p(| zSUUR~eSjg6{bE|igR(gU3`PyobwETN(GyUM6xu%!MIO*K1>lH>h=}HNBpvk6ol@9_ z$e-cFrP^ht5fcKFs?`Aaz$jR$1czs!mc|X_ZL`AAJefNE>sfr4$Em&edKd;#EUK6d zAweSPL_c{(&T_`S-VXJ6i-C|CpT{j>c)}7NP#6h6a!DZ!-V1t9MftUGG^zG#tLee8 z$RZ$K14I*CbWA~lZVz1voXJP;Cn&`FULmVcYzMyNaOd~g;(2pHv~hp)p69W92zs?v z)SDK_W`uh^GfqEJezZ^7YSRZamRloLdn+Dh#!sEqtkynFmoAMM*`X8^+;Fne1w;xc zLIfic2nkZeH!6rA#tcCdthGco#YGoc&P}{p<>l9$taWwgS;t+=yz(wicpWwkUi!N9 z?c(LzRPa?em8evZg{W*51_MlhJ6(3B-6=xQiMBzGM#mrwjlr=dM-+@|ii5Cfs7B#r zf~Bb4yLin`yk$JcEO~0PHf^H-;1{5ZSCicN+JxS>D+LPO>T9J_ybpR^hh;p2rp`UL<(ywT^nh!8@6j8h|fS16= z$_4P0!YVt*l5{}Wgto1-$6Z^Ob>l~f$K>>gxhgDaL5ZtNN;Z^$h9)H=lx({W^6swj z&TGqSZu?)2Sr5OQZI&{aJ|^LoO-cRV%klGOYgzgAui;lSyTfZ`&lTHP%5=Qw#jInrQ zaR{xEqWOn7Er)`)Zi*n#5LeEQf*+Cz;D_94HxPP2>5?I~e2~Gi*FdSq6ET&h#H9rS znt539;Y)oHDVoRXs5Cm0v}Mt9dJ%?I|~iM`5I|F1U*91f)4xA zX^YN8J!R0+KadEx(aFF9uON5T3=L_jbm9|#cP$n80aS!8FtQ<_qBTIK^Ic*S=UrHTTI?7Y1 zv0SiS+o=*kkj#K=gSsGwjU5~C7a;`^)+ivaiR)dbDA^Ou1pt5;8s^lm8wO~Edu1=4 zlwG9lJ9bj(lCo{1yOwGPF-JZL#5|fZU(D;%72{j_xy>@MwzXxf*lg~1({EnM!R*gw ztktYoBF~Ov9q{C?Y8i@|pk_tIlAv4bv=6&e~y)HRYt%rdNuVCoGq77!$@C5vQ`8R4ADwZ>|}t1}l~H!ei6 z(P@?lIb(q!R0<=KMN!G+?YRx5U5Gt;o7Y>7#CV8AG&dxO2syDxG1zQjLDuSG&{{OG z5u^tK2{^zF=Ly)^N|5tu8#7&9IcLX%!Jc}Dygg5LEtbISZRVcSxkoVeAnLSM*d1cktW;V+4&iAysdrcWtiNzF=Ed~IFP^_Xh zB$!CIr;ki}XR9X0vuM`x&ks0JR1w6Kv_!=%I^xy9$%ke!iD53aEJ}*(0umspW#*c5 z28o-8?PiJ?lc|t2DuE3&6hR_^Tg#U-Zpc};opF@Rtxs8c-n6qsmtcC#nyU0_E@6Z; z2P_gaJ!d?_6F|cl1UO8F46l3Ab+9~ZR<>i+(^;6p&b4`?)cE4|Y93m8&o3Oq!;*hS zFEuv4kYlPEefaTZ|G`)a_gY&g#=a9#<}Zdr=s^b9CPrW=Fi@lg;A@irVaREvriCOz ztacTHO-MkE5rl+nTa8AgLf|s!Y$C!5aVUw1t;N=JVAK#gh!-1ym{w>iFoAG<(DN^S zte&1OldV;?ILobVtx4?4b{y1tUDw8r(t9;TNBcjGg$E0d2Pv?c!0?a&^O_a2Zi(8X zZ=|!^+oZR3UF(7Ja_CkV#er$o_9(VwT#I33R8j^s$(tCxWtm%RH|DCpQUW za2st@G7b^}4GP3?1PByWUIs=tZ4tCifWZwO`dS&p0uYigBFPbiPSU&i!1HhnMfL)e zC^{q55v2p((irDKRY>*QJ1bYE3(HHy)7MfQif>~e&_#m;0+a)2$<$A^%Ry651DkSp zkxpVmQiTZGCTUAEVA`C`WAQs*x@~kh-OnvmojPXOjBN7lb-YR~mspKJ~h=JgUik}fq zpYd1UbN1cS z9=9{rGdoP2?^DaP9-?~9<#}yQyu~{P$)Wn*U#>RU>&m?HG?7yk6Kr^#=U>Y2FlZk< zB*O00xoP!EG+l=<MZ`2T$dqWQ zrcZARPnkGf30p3Nwvy)6+0C=^kB4b`=utj=+MzD#c#@wxTJ*g?rF?;Fq^CK=?Zc3b zM;M2yMo8kSVfRebM6^X|-R4~-VpWAx5Uq}g%5_hv%xW$4C0P`D1h`sVf=0mUbhpMf z`ns1%bjBTQONl7j(aVg9)H}cTmsG`7DGsr!wQk61h~Smv(QRqTXvc>fePzYnjM9I3 z8~~)J-ycN>ya&Z29F83EQ9ntqaR&dJiMfJ6>4I!K;eg#%F#*u$m(CtMNQUMI((`B8un-%SvD^T|Yd z0dBhBgq=h^(1antxn(%JC)iJv2u+(#`19%Ilmvz*Mit#OxTXxO2;&q+prOVj=pll2FMmP zyEd%CLJ<%klxwj<^F>7M(z<>m)x@AQksv^XVTzysPGg_c2jpgc#>d?FJ)G8R$w}zw z#q9eWY@HwR)kbNYaExS6m)@J)U5u2gW7lpDoq2Xn_CASsA*AYK8E0m*`n^lU-7uM# zYF!%}W6D1*`VNEj7$+Rw)7-fhKTJ^8YQ?m}8eSXj%^kNw!9qAXEGMp;1)+~a4l5Id z@37Od>~{!xFkyxUn-s0N#K&w03??f$h#)d!Z6jdVY+;5rD3lF}cYSxm1{h%Gm87Fk zQzSFJ*=1gyhSrAPkn%&wJ_>mY)_L1t-Bnc;LZIwk062;yada^N%TXkW-7$gEyTC}v z-A@f|X*WZK^h@cuwJ@zSgN?=v4gpBQ4nVo51-6?Jt*z2aIYTB3utjqn08CF=01|`W8_4i6Y_xbphdsWJsuQ12I#Ln)&PK`?~be?Wm=-@tnch zONfQgnt>P&@KO*n6l~2YAUviK2(xT=9|qpe(F?{wEzcj=>xxEQ8KD?sU>4&5;OPkg zow^sHxNtn69U|aE9F3V=39un6Tr5Or%_v>)3>znd-7Yd-`-lu5v!sRXhZsZ{*wr6H zqL@tYM?~mQZBm9@JsTsV*@c~j9)s2=z;LoOKm+iUk^y*kkS@pE1`3cH;cN&zYwFEu zM}ru;;v)q%$T=?wSjZ6&g6n4`^49Z*ku${gG!#e?ikFL_#jr0NLBK?;TS+JBuzG9b@-~{ko?Y0``;ms5x3x>H(p^WZpyiPe>w!(1cxgr+7C>>hr z2vw~ob3^OF==vR2jXO$x7ENU^Z?E*W00O)djwHY{CG`wIc~9Hikt3QspgO|n;wKea zSg~tJky(4eZkrlvm`o5_W_VPGi%c2Wz5`hhQ3m8xGGot*17)3!9qiX7*d0AwCuxv^ z7&g#g$tG`X4@PMBFz=&qGBJz4v}y<_%Aa1M^4RzRz}5~D1kZV98YJ?u73_bFa&;o=pS z7;zrluAWiqH1~{om|-=Ehg4EwftZ_G)YWSBRw>HGIapMcGA_l^>S;c#(L^r7R~s%|o%e&D z+oA{`22Hmxbev8&x)ExUsb4Gxg;HrAi8|WEfZs5IQUr+k;_84wS4L7QzaxM7!b*#g^a>f#NZhOYx9{w7`P_ zYqP8QMTX{hFUe-x)i75Gloi4-R0fFhSvHaJl4rwiFL{gKFQ#5aXTKINctRK8qk$n= zDb$QmH-*LQCPb-Z3n@sn8&VD;)Ii@o7^1RLWz7_{ zy1SAJ43L-^AlbUEsUnY;2N(d-83szQLsX%7sF{Fjb>>hGMmQ^{zj$n0#Y3UPM1BU| zy!Z}=7#$U%4)P3RX|eF6Wr(r{4J=~LBB;{xQ$b=gxVqD{Jf)3wINd2;7zl$<<}UEY z!FFC#fX> z?QJ4t{@JRaO;tX9HDnn6@!DNdUl#q!X73aFbwV6{$E?&3V_3^-p+iYzSj=$RRHanG z!<;yX<%~HP zZxujy+#cr!=u_sAqg!x947~`i0t@!x(jja_M#aEz_0hPcE!h(UTInc7^0twtRL4+3 zvGA(ofN$WgC@2f_o#B1531o*;WzmH5VA8SJqJ}U8odq1gO|sGk`d3R;nuov1s=4j+ zk*_DFhlVg<32XSd9b?SMWdp@}ULYAbSF%~Q zj_6t&8YC@pR0*hKQ%+-?^sjv889ho*AiP0)c~t?vTphT=B|wHCqJsYF~Si!=Bum+)qwc%@k!E{l{szRV(y$(roO1F1+ zceQL}j5voSKUV8N#RcN{Lfv#EEQVP}1Zl0Fn<@k=xxKK8S!3e*#*r*i2cemk!KdKX zd|eQmj(8r?!08D%JdPGNnZO)hEJXL4W!c#p)zn^`sd44v1ei(qwPNSjh`&0BH0GG; zKA}SyeQNE~BL;o%Sz;_crW_hE$&Y-7>E z#)Oo+32<|i9uTbKuF~YjP`bUv^vZ0EAV~KLJLvAWY~f?7OuRlx34F0S_-|`S4N=4$ z*9x2Rb%tkh^aLT@Nkotc$Bx*T;z0>tQ69%agfNoqK}tIb?W4&efzKt%J~@;`U+;vy;~Y-CB)iwl%o?V(~3*W6J*UBW*D{$n;DJ`jAn;IEew2|Aq9->16~-0 zCRX)jKv;>ok9ODPigC;#(0P?o88{|1@mA*?O!gam1CEuw_h09YJ5IGa9g9?A*5R{oczEr z0fs6>G11avK*hm|@???Ch%pRYhwup$!9K^~8z3(knDBu}d<4P*lZ+=w#UX)$P{3di z*v3;3+hYtgm!v!wh18K_TN+5~NI4N7p)F8g+2k~P1C$*zO_QwPIAog`$xGOROB5Oy z((oG@+)kX1=8)V((Civojj{tG5C=LCg2Z9YR#Ijd3l@_GmJ2}wa#6M!n}E~>*kBvp z9^1hkQ9}yH90+&li&iT`BE3air9}OJ4jq4VbQqYv8Ov~zUge4I^w0gMzwyMdX{Tg-;bYJ%4d%uNWu+28xRM>ia{~xY=>;0HAV^a}j zv612QDSAHTaF5TUatBt_{yfasnotxRMR87%T@8Z5>NDtU*V8NhCdIZbS!^{dXDd5x zwL=KRT2^e5%qGZUv7=R~S}ki^Y^1X&!7SS}Nt%?*mTJwLZIz{MHfvj0X{~KmYPDjt zM$;jt*3G8F6I(66>ma_ZMOWa`R+TbV%YFXyr;@)*R~cX}>DGcKNg+YjDkUJrL^PBe z3E(Eg%hcGmtwUR88(UK_h9Wu$37HlU0fiMRVj5DKN(KiBhSC=JBQ3VljzAl!slq^l z`X3|Sk}<0b(%`Yy^{!TVYW8UJH?DTFu~BGyqv0dxvs)QWim{(WdJn#-=)Mq!7oos< z$=$r{W6SSbq*`I?HiHkK*FnPht4ToP6}hb#KoD5qkrK+~J3OHF+Pz?|gHikJDIf|t zfGs6pLwMj^53wJs50{oIKb%hDk3>f09ZA@2NgPhFz6)zelltih3Rpuy;s~UCI>Gm)U@>s@oQ+i>6?xhjq0qEIa%v0HveI0dUE!5u=Kg@pBmA%$a$U<{889wZ#;bU3%C4h`ac4ztR+)P`fRx-D(#gOo6wNWgjy z*HA3{^dXbUMLlG9*g)>*4^h+-6Qc%eUi}Oh6^GSWD+o?@!X5X52kcs_J5E?A(P}AB zWxL%{)ZpY;4xz3kg$-EE5L_O@BpMT;6a(B<4v(KO;M6f}qsHN%Y3yZ=<%cGydN+-7 z;A2*kZYk_9-VMIYC~Ypo2MC@r4}+Q-4%j*9QU@EEt0I#W!vSy;sM_O_YvT=qk`N3l zxo8)K@!NFzJd(#%6$UFX$)7upnIfj?Bm+aw8BLIfCD4XuM9m;+hen&VV>ue?#G_R` z7HR5{mufQ9O8wpQSk!bUhW2P723iyf63m$sK@JzSB#tpj){Io}G!z?*(878;zkdw} zPET`Y<|sg*+7PRC>JsyGx9gQDan@Yul%w97-p->NI&WdlHL0LuMZ+d)UzGKz*x4wAY%=!+mK> zAf|OlwEz;iDG}zaBwmvmW_hlf@YU(zUJkGq3V`+wG-SuXeS%r)01!oU-CWK33=uhy zA_PFd9wsKeZ^Yku{e}fC<`K$A>F_XZjTAM|{Qu!;`n!9pVO@Sp-jWuEewAQ4@ zbz8a3R&{Y#mORwEPZ;w%yQtRZIiHzoiS62 zK@zY~ZWfv!D_9tSp0E?v0LZFneZPz2qKojo4w-zJtgVv9lY11c0&=I)8!2N>$42JI zjRNo=n8YjR29u4a#Nn5W=AJlS6EsX~Elp`Xr2j9`e{a&S=VRP{cCV-L(X$&f<9=3t zhCKd}hxsz9RKi9vWLPT!M1Fsd;m`U941@tQs;4T+I zye>sU9tH3D1VgDXtf10jP`Q={#gs~=pchaZe>EUY-919y@b$q5NV<*E2BJ10**x%} zs4$=!LPNa0lnV)a6pBcxB9I|5JWF31H*+qCkb(yV2>z%mYS6bk<0b-o;YX>KY)7jl zdprL}z+S%&tBZ;j)Q4)1^awB@K#bHpAdTr zh=wH#Iq-wkDqt8fL5=hZS!F^LU>`nF0Z0xWNTGF)HN&^Md8*%M%axhxJ4 zL2uDOfF=GRh zC>j`{f#t0{N;u>LmL@CTi+0229ekOvUT@%}mh;fdN%~#NW9!K=(ZDV(A?yK!6iQSgoa~)FGK> zEizIvWfILis{Hi7erzAy)Z`=w5n*cx()>aMBHd8-UETkw3HOB zEHjeT0H%S`n&8Ee1YpFNed8e=7VjEg?oIa0P0mAlc*aR`HnsfL7}JzPU^f+$uyw2v zN+H=+bnMN_5kaBs&;{&}O$X}Y-ivk&R`zWMf!dw;qzM+-n5Z$6M-*M1bY_+8*4ss< z6DKBQmkC(Q6$LOjJh+P3B9pOck(Gv)agni*3}P1qv{8tR-4GkmL{0^+0qJytG#HZ9 zmpx@jyMapzQ&dsT52Ku?gatJGv!3xe6v7h@n3gdvv?9TP@n)irHXAW) z#JUVd@}h`|=pR8M2oa3bWzyCb3Z!Rm6G3I#$2)JAiy0djbs~deiKI&fx1`MI#%a=- zBNG!68{z~58&W|;lMMj@EK5@h2y)0RD4d~iATrAgaiK`p7lV6n@vN^H#!Y4D%t=9s za2qT%Ww4`hT7tqEidtX@R5>urHIzbKHwZ?;Dp@AcUk%a}}<>wCJnyQay-OXbd)srN54=ES8A}&nt z!4Q{22^*OUe2NcY@}ZOIL;Ng`-%-Ep`PHHkQX&x$(J(UKaNscrEEpud53|p8{wnq@ zWNK-P36@mwoa$y$y(nj|$@mos@c&2uY>#o?pxhUr6W<<8Il`PM6 z>fH}CWVV=B+C~t~P7oe)~Gn z?CEI+c04*BH10stOk-Q$gEO)f9|HwMg_(mx6xm18-#z83hSG)zJw;g%Jiv5WNkb88 z7Y2yV)kFa3Rw||jD~KFyA zSa_03ee2(z;2XSvp~f1`8^TK&?9Pd5Ndx=!v@zNd;Kd4C5(^7}jRti)VEsp~Z9^t;nIdo~`I@UR4a}&9auD^OF`=%ItSDz-cfn1vnNEfg(%SP!2f56L5xJ zL011tt6Mv=eN;9MI-D=5gze~>McpYhM5+>k3S(w*y@M<1&Q_}P$4d2`>FW?2j(yGb zK3076BKT?WvmVYbqB0yDO5dBRLI%E=zbHtp$YCN$h5*rIDM63`+836PO5-*!V{#D9 zr8R_nd_BE)s!PugJfwP73EHG(YK@gvt+1_pt3EA+b_lvFBC9U1whaLK3={xYV!KtT z^0b~_uysF#vtrMp+)Y**tpT+%%Tp#zQ)!y4%Q1~nwe3Vc9X!$>QpZQIz$mLNwm^*} z3JZ;r7OP{Pc{#I~Y`2F?nX{bTb(5A|Ug>`POEDWV)p=eY4y&-%q}S)mWZ6sbWIpKp zoATrE7#-2#wnCNVfTb!&SeYTbg9tFoGQ7TR?A-En1{d8$_dIt$dr)3uIF$7-440dI;nQBaLAKsr%y;!c52fb;+xPAXze0&YsE3^Frb#KnE@W}`5wnW};9es90?$(%t| zh9DrikjSJRs?34FoWlwROoZ-ROCcyOtt4!Zvjvji2n3Q7*~)aF+E@whz6M9Q2rrT1 zxo=?o;T5=rQ%mnL&}j$<#u{yL(m*U4%mcq(lf8n%F!$g(L^$b~${@h!)q5qxr9>G= z4&W&<952Ym3A&00#3!)WyU&+k-UwlUBl3bIBtMVmU)p-~Rka%_@W%emqx^4o zISdf-6@TKL_Rg?B>>?-p@<0tS9#|lLWnbdiiTT!pWiA(<(Rn<}G5M#W{om-}`k(OR z+O1)=7P2D!Sw>rQ<4)>FHCbb5wP>X4ohmM7!6#+1h}vyNtTm}KMzBe&*{w`5CPOg% z+`3pavWUfqz*0s738?r8oe!k`aSdmUtoqwOn^zOFgqK~)6ID6i1DQ7QRbd@wl^lm@bkulHF&X`Z0?-KVr-*k;oYY+*13s| zNwnsxoZ#AyWp#^|+UgB$yNtxfI%h3gREs+0O^_QY%*`6zsP=gC&N{l9GjWFsEHhne zE^=~g)uGnpaEJwq>4BKR!6M)(2EB(IXiFbn@%)M34mo-ri|b&24vc z@ynTOGY@SO;JbySz#=Q4V7){|=!gcGKdgu|>S;a}UAB~VzILRol|S3QtOVT!-JQ*5 z1Ay=akCJ-jKnMY|Ypnj^;@#3HV49TN;${9WYUbt{iJInQ8EgcLsTs4@PywKffbtO$ za)=1{n^99yr}sxwA@PNU;xa838GM1|-}J3$^b6c^A|Az3y+Z+WXsAVmC`w;aqi8|& zt^Ay+-_OA93ff7SnOIY5rI=J|wN#l{DO(>@$v(||+Nkw0c5Jz$v`!4RQn0U$=aB7o zNX^`F9b{&9N%R^~Z3?{c!da2AwQ)a-oM};SIh~yNYuTZ<#(?7lJQ)luhkLH|G_v=5 z>E_uTs`$$BRqoKvikCI?BOL@7EJ`wgr=UL!R1`1~JKd`Qr|bS%{O@V>OtWTaGQN2& zr)66)q|LKv&Vz~8F4Hoo_*$l{q3Bpn1c95ZArgnnWN$ ziS!wTnTD3qFRxPMQ|s5(7(Hp;bY7~#ILB#c`1$FX2Ym*CM@&OhUVYRcad0Rh83GeD zNctjp`7fRML!tk_D!->kya!$;g7sI0swT|rgQe=9XgvKip}{UJ$OWMJkbQQo8+1QM z-=adnUn0lxj36ydeIGxX`y;Hbl8t!(RZL@1DD`++Od$wyDjke5InwwdVH!C*E(j}Iw8nqhQ*_$-WW}`G}&6eM@ zx#peR<~3;9vSh;=v1RGIOv@%$teSG{X)#$^nX_iqY-ZTTj5X1?!Nt7VqUHk|I8 zGIm_D^{!)HWZ=*I^WS*O{?vazk?)F&(^}1DtkBFeGd?a9b4r)X6Qn$2mL*}HRgNxW ztYw82NL8dpSr6|@9znqo_|UyjG!B8n*==9tg+20Xk4&e;f5EHB{Mkp)YJ1T6CcZZ; zQ#DgGCwE2vGf(;1=9Kz1b5S0%YKLb{TU9#t&9| zSp}L)HCrleRjm~)&8kf>HKnahwl=k@rfS(mn5tydEM;v~8!f43QrRA9wb-_1W^8SP zL9$t(ZLzSeX2!}kSzu1GZ8FVW~!N? zwObWpY8tT?Wm`5D(XyD*_IRQFcvtN1r?dmGO#*5L0Pctoiiw-0BVki+cqnkDg&!!M z5c7tmH3lURS6J;Mj@zTKZnp zlGS#V%$^K&s;a!vo+q>2+o2bw^jpZ+9(kC0=xLP70TekPiJ-X&B5b=TsP0EHWtFuL zLMz$wUsS!w0klzbr46u#HW709%BMJJLK3r-X?oN#OlfFsR--kwS+Q+KYK>ze zEY_`9n!${wHZ}}sn6}#n(`l^Dni*?WvSp~#Mzn0Tl8a(xYWOemJ%lwybS71Wfy$jn z@FyP`KKwsA5F{XntSBIIz5y4YA3f}dkOCx#VbWjPCljy$;$Z{!g5}f=0|k z4iY==WDZ#5hrL*V-BcO;nmI)3dY(kGD3@9qR)qrqXnfv-1ih2k%<1A@m%kt=Db&$QC?+S(srEDbbssyVg`g0cn$*>sD~;L z5{iGok@*-0{cru^l!5Vq4Lg8v5UXU7hDWr-xEEj;DFq+!KtBJNv53eql%HS3+O}1n z+d7o-KYh-6E0>{eVYIPQARzG;kL{y=A}m;e>r1luU+;URf5}RH8j|<2l-Q7vPzeDD zF%}`)W@d%vxOTu&8U}P2-$Y7TT0omk&7fgWDGQ+>WxFz_E&N29CZHsyQMQy}P+MrP zmArfNyt)^rPM$F4wktzv8F+g2>n)xGmS7KV1(AMe#n^ zKc7eK|6c|CH}hzE$u_AfCZN_Re-P!QA;_;Fm4E^}Wtft(UbJS+M^){YwjOGpu~%iV zM{jQfmeLz5YBsQPxbeD1yvJ48dE>^jQWugu8?Q6V!aJMq2>a253tW0oKEQiLmZFDD z7dRy$b;NQP@EB&;S*O>1tyB2>CF;bZJ|XjeqkXNzHB5|k8#cl|s`~$5@t-t)%=H;| z!%=Ot+F!dJKUQeoi^s#Z~+M zqciVrkdwcpSAbmnIL0c(g2pHqWtPilo!P9jW=3mI+4~IsQvM9pYZ|PqTFXP=r~IsY zCcip4{pZze&9>IHTCA-m1d=e4Mhp=n<%5JfBk-wG4a>CbwXHv|Bg8WF&*{{hZI!V6 ztbTpu)vZ~RHa)YhV`skp{=79;_nME<=MA^ju7>n>J2zWqn#@D>=V#ZswUEWyUsBhz z9*m|MA46LUSRXIy>E(y5B@qTfNjVo3y|5V#7*g1a*@A)mZ7Kstb^)`zBNOae5TiaJ z3IQ=ZReJuti~h(OWEDcf)0W+!s96dRK%{B|j0nIIbNzaO9#$yr-qRQ<`v+TTBwg}2wcNqW`Ja9=M5sN2m4Ro0QL$8sGeVKD&%aaHVd*Z`nCQ{FO4f=J{YGy zld6}NK-dh)e%>5ip&vXe%Tej0>{_Yk(R8Bg3mFferPI}wdRCOLa|c5p&`OHHQUaJCgi6fi7v_P&+7g7WyD*kl4c#hZYjOF1ws5PU0ltwW8a8I?63U z4Nmy45ryIh9k~H}fp~!;#!HB2r=J>@U)Iq=2^_-hYS14#HPT`VTL?{VEu*784k*z` z4KRr~-4{^ukQYBfksS1HOcN=OI5X28P&vUN1J=o^o#kqc1mcbG*&8|#CPX+wg}sqX zF$@bSN?dH^SV)7(LR z{oif1O;bR@KMKi3bPr4HKe4H%O|8e%R4>~(bzH#!q(e_Jo}X*(SL+w%fs=*G0nGv? z$T?}DkwEo0MT-H18IUPOL6$*UP%G{N77C|POCSeOUH75foId&iFpI7ssMRE62oNNX zSo54!IW}bXzBKsAmOokZ7ST1WtjkTXZ9g`U+~{JBt5G{Cb8K0YOiaee+Mm3+ za%QU7#-_4{vYSC`SzA)Eux(pQYc*3eD_RY_(N3FdF{Y+jnoRCj5YTC;pwki-nyOW1 z6isamOklK|EXx*H8Km1R%4%B3W@WU>wX0#W)Yu53T@wLeBADKHg;i8l-}nWOP>5iB z!TQJ$iKWvKnUi@D6-Cf;?E&)lPw|1ySO^l*4XhL&?fsH_$5{S=c9xQllCOhOKMxwV zX)%J9w4p-?AS3Cb0nUgAX0ad9aACm>YZ10uO?}+#mdQiWcD2ezzbf0ts z0x*ha8b)rBiglqaIT$cfS}Hn1fxWPgnEUUAL+@{xJ`U2ez1qYh72zSb?5Ta zJdft1>Ok}Wc%pj%G$``|`v;vt(jlZ%@mKlmU;Dd&&^*F(LH3BC2k1YbeF!ycPXPU5 z{iOM;{<#-XXF*yF*t7`q~y^?xf^X(J)4(`^L zA^5lA{84pkOsPLkUe=jsx@W&r&1dpD>m2BMH8zW$s@y;VHAPLEDy2vaY^nnfT_pBw zAi{>>v;}Fjt|KUe5K%x-ETmbCLL#Itp(2gsACj&R%#HHt`C6CD@^U?S!-lU@4yt5j z;&F6qMub@PPYLaNY|;#Z5=c``M7@I1DuY&j(Co!EULo=H^(W6}=IDCfYJbFJ<-L=Z zb)C`d|7-80hxv^vhWX9iSv}2D#%6Ck&C1r=@oZHsExg!19?yf2f5bq7|4}e8{NU@| zrMm}Q*v=$i+cgs=^VzkngB#nU1*F=zGNm1=yfBWB9U`bGGkJSRPzd5@bXVgd35co{=fciK9l7i@4l&%79dP$sGXM#%`QM}>4YH; zW0V_`lz#nJ+Uu=jg7 zac9yr*gEvi3`$?Y1mr=*h6&)6qS{TRq-arL62d|QRngQjMlfWY3k<^sqfDiOA)%<1 zW&yV|fN}y_3Xhx> z@q#6mj-j*2?;)d z`+nxX+h4}avSU`ZlTB%B7QQF$xA0#B_r>(E_dfH<^79sDjcm~pED{y~;?AgtX9nM# zIs;yRR`At&FtH9M9ff$?5FM+49_Ev@0Uk zYR02XyLPlCW-Q9tjbCsgyKjqy$K>UR84)7 zCMYZR?O+cegH|^w5)fS0@X+%`D`jAV9-bQ@(pi!NY)l#bt#PB0?BOT|gNnDZ29pdJ zZXpKw!(m~qL5O;tlpt1{-#MC18Wsdc5>ZJT(Y`YT(~LQ)Gh&JjprlYaf{824KpPF| zR^(BGY;2J^twfdx(Fiq&L)QWb9O$NSomv8%Xem~;6Qdd!G--tf6bnFx*kc;1J=l)? zXwj(pL@q{PW@i~1*d0ydI3Aa4E^TLO!ra zBN4)zx)`fnZO}#%6a^A2BpEr?)@DB1y6en)1OJM_rL`fl*_fuAV%D_8WtptZHkp)X z(e3nd9DKQ6PZPQ1QML@B7YiN+5@C^pxJn>sX;bI^0n?86qWWXaR?_yGGcz#3p`L94 z1IiTFxbozaKfGh9b(mjRzWo8)_W|dt}ry~1j@)`G|H2w~J z;O8*|)k^aaQ0xdk&u75)d@vUfhHoBW_zJk(wF(R=K2oB2)T0KG1VA=F@FIMsqux+D z9V1Gk--R5)BEb45)kqtHapdGIFAxqP5D;Sq3|bZFINqw$dN|5=SEi?rSoBY8(mJqXan3_YOEVga$FZHvTPS9QAjKmZNU8(GGUj0r_TWaF z4+i06PE-$aI04VvNOT@SnW=PAjQ~<)|BM0zJj2YBL1i!v)+&P4&m=g2w|uO$MLkhy zUT0iv zbPmckB+XP-Udwrjn4S?eeRPdgDEZHj3hMi#++8yf$W57wC$WJDFl0~fJ7k1xYD5j2 z7{P)=hr?eJi5YYnpr#G`LL`slXhbkZSV$h>+cCfr*o;uO{69gY4G=KJ$~1eHElCpV z7PRQiR4zH4^6I@U=?z?Sua;T60`z5SMKZgIStEiffa0o0IH1CvGN7`FmM&(Lr>IC) zFR`<~R?3$zYRyF>e8?*u zLk&ZJuvi3&Z&eW1A`}O&&VYF%1JSqD^1yt*LjE=YJbj9gf+)0<{ z#U4=vF|x>ujC8O;`Mq4cJ|c0@xx&F5*v2u7Ao;kbQB0zQa#5{fD)LK~ODwC1u)!=C zr0qj1A6ubaaz_{fVH8fZ9tyvSo_e+E(!qEDAYu` z5z)Y{3|F?(6tJe2**4LQEwoc5=wmQzkuFwYMrB_M0KjX zcTr2rE5F+93pjX$=5jPj+w2w zvCYoSv9n`tbDC?ia~*5B&am?@FzoYYM#Xt$9xQ{6#-T3)c(gLO=vvn`UFJCeI`yY6 z5c#A?zj(6-wL|UkOR^B|L4yM$(@^@4Td=pbun;U-s8zHA6pG&3@MBLmq0V+Xwqr`q zw^Px!+L|)65A42ON#ox-Oyw+s935;6XqKKIrG97!cySvf1%E_jBlbvUbtzF?uoD*zo}tlwBW5fA8~BX3;?5$ zA5;_%tYW4142}Uig*^Q_k}N9XqjZ>y6kt)H^hkhlI?6YNn>Kl$Hk05H9>|@2zCJzK zokwP7)7S2dp5DXX)OT=0a(SlRcwp-#8;UipSWoO9l>))k7x*WTNFR!*3=M`OU_=h$ z!2`dxP5Lg+%IQ``H$!0gJx!L^@3-=5QF~PN2Z5?QtEv5UW7bb6b)D&TFU-`k)c~-B z2!*0`&W|M7)GewJi5Oc&Od^2;>kw6xjhIAKgzJa^Y;y;UCz%Yam1%#1KEKoVecOLM z50ByPb(y1hQV5->l!_bOUSc)^3>6fiii7ZoxC9SZl?S|l57WSWH=RimMLH^(2?-90 zYNX#uPy^h4xoene!L&zZt)&JssDwno8yR3%SXPL{DO6ODr`ro-ZKNVc5t72Oi8O`+ zE0u}@R2YA_xlj^9JJuXU;;~!D6rN8*%b|j50(qE`6A^(1GZ;oo3H1vhw}&;mIWl^= zOxrmPH;w0qM>Sck=DT^q@r~y@BXgy$x^}MV)1wyCu-VJW@9m?!7c|8=lOkGvqT`h`QRU6dqr4l$8W?Fd5Q0seSfZe|MO|$}PJ= z0MKfc>j6cgfJB9ZNDLZml>;ebDnM|=qUeORb&R=0W=5FA24M?{z-Sqjlx$|?0Qwr! zD&%U8jA`!H2&6;Cf(QzlD=;Y57kIYYL$7}xZJDWgHf7k!j>~GzcFrERi#6u$+H(x& zBUI6>Z&A-4mo^@yq|WHP!(}|9anrL0cQYwycV>g~T4I3wuOIY`Ay>5?(yq)70>An;# z5+r~UF#_|5HsnRbMWt~(X)ZYAuUNnR-h3}7Lrd0IwyK_Kux75(vn$Q!k=kukyLifN z=I-L{b2@pqD!HdJrt`I3f?_+ym^{@2EfGXOAk@SQ!%Fj23cUK>O!qHyjW6WU3_!|M z7*Pr$9StQ0Bp{|NUdLX&9i~UiS#@&t?CQldnJeAtQSUusZfbfpG=CNZk%Iy;5=2Q2 zNT{D%d?w}BKyub=t;{^s-f+yWvUYR1Xx=j{tkglqyk#GhkM6L(xJCnnSb-0Jfz@QX zU`Z8~5n$+Iu~+J&4HPJN!I;p5fcoZ9Z4_vg3E68Ilga?$06W6HXzEPH-qZ;U#@E;% zSYCfBZ?dB+=wHeu{e)kD3;YGTAFeZvJfsibPJfB^V208>&R-(VZCh2WRjSG|u_5>T zyzGH;)QwFXv?oY{3`^R&A{>MOdRXTGNdRbwUOg^)Ewg@h#sl%Tm!ZVKK&B}1yJzng z#Qx{u82BM%hm2^1NFn7AO(1jbHxPwm?miL_o^(KTqwWYSC4D<+w~ster`Iv8#?WS- zF>DUQGRx3abbDu-utlw#EY;ENSD~SJ!Flev#sSvX09%dh^3PgJPJEIXUXk;J5X4vOMvgm$dZHIdj(?M+1dS zaHwg3(riu*q1&i|2 z46TUTw&m?n(>=5s3F+-{_876J&efgJ!J5d3NL>nb;PDUV6az+LNP+_*9G}&}YkV`- zm#1?q`)w7>xt;Lz$}TKB-)B|tWfA6dX9e{Up0OL_nmq^Iu+0^Y6;#Dbi@n>C}kL9mZMd@ zu8%K5jLDXx?KM&NC+L17^9_*oJrzyl>xz42`t_`4%S|lMwW%~dugKzfvc8QY=~}6O zd6IgmCneP0(Ljo^Hc4j5Aemp7{xrIa!@N!-fcy_Jv+FFbrpy`p*~-liHQ7x!IL=o| z+TB%*yW2(0OX&68c=HU+o=VWoW^Y-_S*F52hJRxt%}M5eGn(Y>^bLAQ#i69>?oW>a z^fBzKLh$*{E{lomCr?oGL-^GT9?f$p(#h=OdOw`d?3QKg9jj@~TRD`oE15@6dzQSe zys+--%ttyplb&~*&l9a=@mg1joHX-04>C53Yq@piwv)}xYQ`;dYcYqKMPiywn-<1u z=EE_n>rre-w{Ub-r#G6Xm^{TAISm}uX)R99lHs1jq1sZeN&N#)PiAq4wo52p#>HAb zEZUD&y3WDTZy>*nv3tt??Ak&CapK;mt9>C4Os5T0Kfw59rB1{8aW{p7j{MOvYn} z%^y84UXZ|H10StR(;{^dNI@znv}%8f{j{fxFKLNv9++K{f2($nj_sFL|4%1N#-CG%DAot; zTCO&%dq@2wvH+e4B2yIqEJuiRVx2*vHG5;4NWL^q(blQft*hCE44RKgs;KOH?s_>x z=)o);LXRl98W2teL@VJi zNA;i7kch=K2}r;J+C@X)L(N1_$|$NkbgQ^q3uu7|u!9J@n4tHHAmUJ4L%VbL1|B5% ze&v__pK!{`97FdN$$#j7p*>{dvf9rh(ir@aJ|ctWPwa4i)A;}0{8u^GIm-QyTur6> zQx6_p9JINq&D^iSq#;u}lM$MItWvbH+nz<||HpzlMmG_!#kA#wO z5Q3C+KJ6))V1yly7o4oi#KzRjd9dp-%hs4`%xvDA^lI}h==Af9=Kq|?XK>J##z2PQ zyi!RCF%T*eCN*tIn$0%bTUyqs_b+SPOZEw@N6d(PL_PRf8KW&fS`xW6HvJ6>pa-n0m^QsiY6?J~_iaS;I_{Ygl9+ z#tYL&XJWh^x-(UcLD_xD<<4Gl=BClK?X_$<8&zM)s@l1$6U`~_=SED7-ei5M{?=JK zq4caZQ#D?)bot?!NALLJZ7F+VSI}yU+bGtdu~b!X>_r0Au%Z2oRKi7EL0c{EmJgQ7TVf1t&BEmGZPBfg9rk);KeyrKwzfx1g~#@L*Xd;d^paxetS}!}?q8+~I>u)|idav>?RLMnM&WjBU7wZ%Uy>vr zo{RMVCfhTi`L4XuW?KM2g~AXF7A)tIt9S9Bb}#_sG$#k~SELR=Q;-gn10c*0c>x!s z1+oLCC-i_Oy>xmjzz+^IP)7AcN`(Y#{;PGG(8YM<%~q8&WzKh3EXsS}a51uZrFPe( z)aI>bWu&G|t2L`rYX)iO9n{_}I;V@f5wi0A7bYdqiE7A)%8F8XrKF6&Vn_wZ-PHt4 z!6{$V@`ihJY|3wt7t_1*}+04ko{?4*b%Eh;J{8*Y$eB1K|Q z>Y9jzB9~kR5ym=j(BghN47sdEG!w0ljzgY0)%9D)uTG6iSynvJZBX-7T*|1|o4MWS z;d{oeNH?L13~V$k26_|^W)nKpeop{Wkh$!_$PS3hlpt*&C$)ewZa3C*sQX4vwNU(D zB(L#E{q00v0q=)-#H*NO8eFbAN-c7zWA!Kq6o^&?(3rJWGNQpU(ZTtOFGz&8AsZB$ zIuX*`KLq`@OA2y;9IFy6RC{0dzR|O3v{bd0wNIK~O#atD9X5@sC(eCu@ixSAA8Svi zO8*i0>NkU-%M{G1**V;H#-+dr|P%i&g6bV zHz(2l6`w}NNrvBxqdHlxwdP*Fwi;c1YYkiKzxKWdV12Yl3J#L$pfRh#U?fJ!mT7au z;cP9IW}9PGs`z_4rSq?%nhN|`If>=g-BmnfKV7Es>Cab@<6+lclCu?TuSx#5;6B6Q z4YMiq+uqntobLu^M|KWif!K(9NTX;8UZdCN^TE-~O@t97KqOS|s(O!K+X4Sjl0<); zahWElXsV?_?jVCBA_TVcCkCWBJJ_8=x|<7QO;=oL#g?_K<(bIqb3?J3#PlKZ`VXfM z?qTD;RX@&1o{zTB}(tw%Rt#Mw(eBm0lhf?tL?O)b4%rgP3x8`?&A=@U6WF z#7z%yJe*)gBz(j_WJ^L>c}f$cgkYbFq7Bf?N+XK9P-`=6j6Zta4P$KCQ$+pHMMwG} z2tZ(+|9>!(t1em+G7X2rWR!(~>v2ITffza{T7Z%|o&gjQY^K5e%jWb(Q8!YaT=G<_ zTCIor-K(CNo->@zW@d9a%;!ZOEi_0?>d{NufClVM991p|L`npNRv5C|MByMLq7F8^ zZV;$23`*BKrO$SB^LYHZ>EdB_Dpwa_NI+p4T|ZnHAcbp~tKh`|aQ8esXvPujboYmc zPjGurd_oY35+q6$nL*rI_DDA1w9l1P2?*Z0?a5ICr5jR+rS z?#qaab6GzPeI>tn1UnD3$@3ej!w-+dTZnGUUIN@e>x3e=ihdI;rhW1$qTrg&fbwAx zzV-?W750UL+^|8#0zkjs-56+*O7P@_kVoP|%r?E9AJeQCMXd~ySP5PLeI|rX!Gpuh zLFtEJF`HoV{*jYyqcqmq+AHJv6n_Tha>}-iH4N5Ps_ks%jct=^BGy@ynUAiCQS7{V#6ERU+1L*;PPyq#Rtd6|5S%(S&K;dP|i z7mmZ?{u}*s3PNVZnAjj#onD}~ ze3z9!otXgH0dD~VSSQQ0g_2ZvM>MBpi|x;;pJu1z75Yi~=uU)yyfEVxznv=djq0Hx z5B|jkpea$XL{8W=K)1$&GAxD8O(Go~U~_b9(~tAibn4l#*`D_VcR^0sAPkB|4GgUX z1Pw(kb>mmi@nA**VmA%&4F+e3dXUP$F`4`^(SCpC%**?A z0(z1IrMSo^{ptUTA6PEHO(MPEF4R!qC>vB0a--S^z2F+q6y6_Nq93*C0d9vw4Ny~} zcp->~Vglwpx~I8}=PLFWN(rnpGZI)OXRGC;tV=}dWhJ348ogReK(Jl}4I0+6u7&-A z?4W-k_x``){2j4K2`9(3*h%~ReDbq6@QGH`aLMp zui;91y)1Lx8-(cg^>P=0X&5HNUSIU(mGh0>i!*jE`I?egqywlCv4(-k74>Y`YPPS$+(^aiaYcyEfDYd^Y zS3g%MCD|~rW)?)jWM0=)p;XEY_XA*n>UO+o?BgL+S=B& zw%MlER+;OQv}~5j!JE)$7*BTTqcLM+O^Vp|J$H*YW0ubxlV@qsdBO6|K zR@q}rdvd#KWZEp2R?OOHHXE~*t*y39%Q71_+P14|rm$;z(z@8qt8B|Pc(riPJEIwt z_2Z(v9nQ^FjMOt)*cmj&W}CBZEww|=ROww&ftn9_FP1knHa>b#iqa3ugwo$a$ZCRsj zwpN;^nrUU(-1q06Ynf|Jc+Qw=v9Q%?UYW;O{?>V$Dt^peYFV|5F-?kTV#7T$u1wac za~oV)t=sZ^Ge6W{@g=Lo_EYBPx#;Bj&yWtMs%XS=tjD|H!K3lBGjVEii`#E!Yk9Ugb zT6x!}n`Vw-wr@JFs(ejpl?;Ib0=T?W>_7$Ia{fH@XkLA)=ADK@eKmSaHj>Pw!xl87 zF^wq4Tq~L@(p!n4#tG%`7j@ohD=5{1qq-F2l>h9SOThrM) z)5lGfo}AG|soQ$;JIUiz*~Tku?^lZ`)=XX`hA&;?mf_^@Hx_qhk>zZ)ZJ3^Ob#qg- zbm6l*c$p&tG%_fxaI6tPC0;@IiUce{gIaNjB2|XiLyQ8ZAqVjXCc?vrWL#vBfjsF) z&`UjsI0fOqh=)-NxekgjF)=Kjz|Is%ZVA$I6ee2Vs{;fGtWoMhFkpXtR@%iECHDHM zsQupxQ1^^EU}7*1fbfz4j{W7`9)yI2Yv7pK^C5~axW@soIt3I0Q!$vN!Hf&g-?X8k zTp(ZtBO*&e7#AiMR!^pNlmr=7fx1R848{Z?F#u513Q{S7!`Sx#_*N*VD4yN>+9xU< zY#-gxR+>v#D0_$oh($<5@iVi@e_5~an0|aOhNfgi?2P)Ep>70-Q}Ds)iTSjA+eq)% z&@^Q=5U(68B)Q&M2h0fgM+uQ))-&!3Y~_`Z;5HbtDm7^UA=87-fEmN9lie zQrM|-=WJW_9UW7*TEjzIHPe45>8HM~u^FTwqStXtPoI!9r!h805qWpg2ZTV}F-1Ap zJq#1t=JGl_$5YXZteTHf(Flf)1vM1MIuXz;hM@4)X~(k=@r!6)!rWK!zrnL>7}#rT zX8hKfCEiGGXoV=Bs6a$vl|A~Vz~^lth`y&EtGKoMe>X4XAKlWP;lGnXwHm4|{*}#W zW>S2wm|xD7?QO9FZ$PK*_XVK)7#yJkLWn`v z&9RK-0;6a^LOVk?B45(96>$o%DS$1Efb=mCXk4@#RH|1!f5xBkSu;uV`JtN3_0F2v z-0Wdbl6m^){7je9Jyq@#`PzrkU*=<}75@*>p|uU6tlHBXR@tGLtTMUudYW0?R$q4E zVa_g0yBvh$D&Vip4DByoZ+`F>nyPr!P??GR|3Q5?%&cU#ttNq)Xxi3VjbWI7FXjG^ z*Ze(^?;0#3Kw}0V!V{_JF${Z(@RtB1r`28$#Ha4Ut(2n~ls=!Plr|G$(q)opHH}Zx zR4!ydG~{@|4?yD5^__$W5FkK`=01wNT}j$Z)Xa>sjKH=rirGdpFt%+{#;InNYPCx+ zVUn`7O322oQZ^yShC2N-_tO2*{w0&9LpK;g3?M~e5)gz)d=Tw$^_TfJ#%g3`H8Ra+ zWvf|49i7%iC6c`;n&T9jp(-<*S zeJK1=I=)FdPu|0u_Br!*p(3?4vqk4KSN!keL;EA7iJqE}`kXvK?*p+8+vqy^Ws|xa zOpVezfKHQizqlUwNn;y#@87%B_0exTl)>$#*`%;jZsWw1h91MtkVv(UlhZ9pEv*B9 zQbDq=1t~G(fdXJiWvK*=>Okv;Zd?+;91LKwK(G?&0Ht1c$hlFNG5|of*1-$HFF1MJ zO7NB3E0tc2OU&A*J&T^BXD7cX_v@#-JDPWSab%XUG64VJg^`Q2SjcG5!3*pFkjVg- z!^U0~`bQ1s!V(iO!`|r8c2QIccB=&E2)FCn(#7Ofg5s9V)~66tSU^b$+!}3Opvq>n zMEfID)4oRz6<}>dXk`V}!jP9IzZe51WzTL@^HJ@dUYpV8I%hC2rW-2q<}+<&vlDYZ zUP;cuaAzb6eikemOmv&ls)j@MZjhIaL}0@Bwbzi!aUZ-pX#&zV&X^#~< z`OCO91{+?v+K{1-69gNT-JfF%ig7a7lPoIaMCiG4h|*`pnF(+hL1S+Bq$5=8r|~p0 z!yK?v{>StjTC~729PN`hvu5%sH#Ncol+SSh#C1{u_IDM<`xJVIFw16H)NJQ2C%YrLM?DQpSIR6!>@Kzqf8+1fK?={WolpK zI7(v)I;BME*kJ(wRJI}rHy|Sro2JQ_7*W0e)G4DA`p)d ztlAOZ?DIEnV<J9cF5o{ne-5Z5K86uE~YJ@2w30iW$9xK!DAZGDENpS_eq*M+C~~R;>65T{6TY?BC5D8!2=A>k0NqH4MW7L&V>`TH zGZ2?%pysJ5_kyu*NM99}5HHglO+c6(0=6r*55>q@5iAHG^J}XmjS5{-8849OXglkK z>`7~IzM>f*KEHKQd^JX6`=uOv<*Od#ZkcMy|Un4Uy|Cf8{VwvCYO>A9umh;~9C(350gnBmNa zI$P%eL|_z2#i*N{+KmjvjYKiVA|N4XM~VcaX!SFeHhONeU6)T>y4kU?= z(lnPt7{+PHM}lc#DAR!QUqY5P>*FTV5Rs)qZ+@rCwzyI5KyHy9iZwKTL- z1W5o}WHFX`RDwVmJA$k~xWSt&@*!-26!ycFc?0;L#_g-^_xhmW{5(iNeU!` z*wT+FyxANHRRo9pwB=J%^D*I#;}PJ zRok}aL)V<;;KM-NAX9;&;k&ef5QNN{%DQ31MU{Q&I zgItC};fS$}7BDfD1A-t3#JHft1KTh)6A2U5q<|F*6^hZC@r$}v3Jh2*Rx$vr35Z1N z@HNv0G$qeTg%>c6njpl%4x)>gLOMl$h*JtOT#&XmbU+D#@~}CMC-)bayOn~gCYKvc z)0NBUh5%s&0nd#vY!F}<4R&0!lc$ChU6w)x2dG#g4G{CMxpnji!EEHxmH?}2?imUb z+JrJetObS*38sKV8#1U^l(6W?RetF*j7>LA@7=RmECw?i^0Lbn^T8c%T$cI7S9N_@_tZzBa7r+cGETf}V z8H184uRmVLhWYD~(qh)#`^p~&i7egWXh~@U0$3*i=!YW{9FgFF z4Z&kKD(wtfm%c2HMT(^>fuUEB$Z!-CIox;9*$_fIkX`kH!7N*`Y+a!!5|zo7uvXlx zp+q3JMGJ9h20(44R#r`-u<66AAAia5@;=Z4hFl##E-?78_1RRk`VntxO$oFL5dR_@K7k?q`Csvd zcn*-UKfeVvI+YMVw2&Y1q*H!Blz-k2$JzLp;}r>~llw)!f$K4dgeOkknB` zA*QQuGr6HSf>ER6->JRapQjV((SGCezMm2n zD-h+5F#toa`4pkmt;47cUj0XU?FB!$7Yasd#9}*x3_4XHwP5Sx!FGs25QxOLp09HJ z=jLnlzKrMU{_BR&d8@T1Wp5ue?i`K>DioIj1g%tmhCqOPmx^=dan36pqV|~;>0|b)`0hjB)L_dV_ zYRybC8fmOw4JtGTtU!a=k%{jvdisFt2uLFc5?gG{*w|{*%_nL$n>L~_ope^CP;ta4 z_JsqIuXN{#hPVx)At19K8zL2fY&gE9dd1XaK#+>K4qc~J%#Kez7-3O3r;H9OA`y$o z)f1{QjXg+_!rTl&v=BJ#rqBZvfT_wvPO^ER_4zvdEmh%=|Ihik@r>5Zn$@(!6XSWu zDSjTmGCsn?`kyx)@ioP84EZ^J#=>$yFnhv;OkZKNkXAIBLAahrA;9iSp3VYkEDPNg z6QUxSgib|c7>CxcKG=&Knm9x%D{i=fK>$(%U>bdo+hx)EZAxXopqa4;A9#huIkRC% z;~m71zE3wb?d+;xhXger(EwzO2+EeOh^Tzi=pJ;Q@jTd*XKmA?c;(~El^dApH*`}O zWY+4AYSt{bWLi9F_ti^Ks6Tg zW>eYmpfv>Axuq_d%~nyjMs_w4Bv8LQ$EW$8p_jGrj_cz@;NX%j4h#5v_-^<7b3JoDhPeo zoDS74VcAOL_x@)`;lG=Tam1Z2n87{4?dLPqBx! zg^adLz(~OuGAlkJQ4K&qJI%Nc@PAZ(pth(Rrh`yEU&E57Y+A+Us>10!@iti0v1PR_Y93AP@$6T$u&qB~ zuiu0&2+;}AxY)EsS2F{s5;B`CDn}&~LrsF9H%g#6GGLbC$_vSZ3X~&FK`&L1aIRNY z32Ruw0^u4Uwn42>V9SyYL6O2}d3tA!T&?ZtZ%E!~GSk!D)jeq?>oC_-u5rldvf3_| z5gj7}(kqe(5Ljftw{8n1JCi{#ZyPRa$+2VZ#mxG6ozzkgNJ1j|5f0KR%zWq${<_f- z>^XauvG5BC#CQd}q5NAq0H6a5Ffra5<)XuX#5^+u)I%Z==24^QobO5`I;U`gS!Df@ ze#vQFWZA>MBNgo0_o*ll!Bp)N1@0r`5bc6mZBDVSfTOq+?DvO9ZXwlft(wdvl1`7( z6bCOW(xsI+kRD+i)s$wtlamzMs~QBi$H=?y$stEj zs6P?*2qEY(1pSD^0s*K)V+Mq4DsTHY*x}wv0mdn(B86K5Ngv4c0@@o*p!5@_1t`cc zNr7O)^*x_JfV6`5N6-#)8~}*Pqw>yqp&_)R1LUq8Sy)C5s{QQf^HD|s9Td<=Tn)LS zoSa*j|IHO0f($pI+Ai{MNx$c50}&k&6Db%?M}tARMX8b&M+pU^K+r+`$!1s+Mo>4U zNy5j4h}gph2qQ+A0_)u9Q7wRChKLkR7@>Nq3=wh!8h3>W%a&GG)OkI!@v2xFSHiui zUTW=LKcavRpcjs89R}&HFoL!t1>+*nxE`qrh>K#xRHcSW+Q3`_iEB`x7kB+03J&0K zCgq#F?%{-ROycx)B4il&4+~cC%u%VBwpCP8gwxT9k!)!2bQcBWDf{JJG90v2K*q=E z0qETB#87j3B|gjGcSX>5G}gpgDC~9|5gUNuvJ}U}Fj50u!CmNM z-1DPh&@W>H3^N2)Y|3LReNA;Jvy*|-5wh88bXsNeu^sSSL@`d*VN?fX63`1Q(F)lP1hZ%wYYf$jSdpbz6*3L8eFh7nD767x z;7g?t=*H81g{|>7LQw#SQp+*hh(S4MKoF)$n>>rKft5wzrcwquJjFR80?@;4(?h6X zlPL)>Q;pWu&dEpod>PO!+Q~BaO4Eu=Tb} z21o%kb-srwrItu@+mb>PGcrx1Zg~eaCGtSf_Bp~13>J)DRn4xeC-Dk%Lcs%*@ zp2gwfuBns7lToHwB0#J>7$&gRC|X<_u~$jPODm9(lv?s&a82}%bfCZE1D*NKTtrmS z%9!S4O8KIQrro4+7}M^-m{L)P1dn5b4}&p+%nJhwP!3o=_Gcg3}X}Cx9dut!QbO zNyk-Z3^sX0B)o&jVqSK(iJ0x>5s8niSHZwAY}_&9H1XJ6bt#Zx?&4 zCJ5H--pWTXS>tBa#0d~gjh&`%cybX`EMb^|WN>8?Ds;-pPBKt+kiuZ&Bb9c*!p8EV zrr5%qiHbG~HieP6)Dk5EG-?};?NC^WMM4;C!A8rbOlug^s3eCt7=a{VxXM9r25B;E zV`?#+FEbDY5GgJ+a#zSK1CmZV>`I8`u!bT+29BKLAvLPF&DO6WxR_1&@FOvXK{x1o z5rhX)#!V|_4i!~95HZ80uF5D7Sj;%qDw#ktRSb$YY+#*lSsZU?xM0oj-MJu0NCO7P z){lQ+IC5cx?9{G16!1O0M7+jrJcx7#`2SEpCRHPx#6gnYU zXnhEM4}=Ub?0~k5o$Au@7>;rgutOr-V%VZ(K}Vs95LOOYXwk-lSab!_G&HWk(MCpx0CXbYF_EGY z4W2gy3o>Y%g(x}&Y}io3Kulz4&nVT$t)05*?4NfYr>#-xn><@Bmx~~13IH&zqHoKR zXoUxH(u0B~!MahP!CH)j0%To^9os3WNPtF($+{R?+kI;$Dsd~e3kwoL5t|D7F!D7u zsTQ@^gS`)_BjCz{pUet>mGlZdE7>1*W(HU9o!KJj6eiv!)(Btb#a>kl6<)=Bm@npl zjt@iNO*Yurl-T&%YMc=fN0_FLC|!Mi_LX=+{gLv3apP(+J-0pvj(p6tN%rBQ^_=px zIYlIpd7~nt278x@6d96iHmfyE&&hq``{U8-Tk~B`7OCFS{kg=jkisD>AhkHdbn?vsEwD{(rH3=7e@#2GIj(Ab$-UmZwm$$te`0cCTA^Z9@~= zs%++~Yuep6n}L>+rW8nL6(b@@jpBrJ5eOTyc`|xWXD)i?)aE-am#plphMA4Dt20!o zFd;ZXUQgO&MjQdagXcIo`<92)n2N+2$b`mNuNWgC3068W<4+phHlGIzf#N)dzxOh9cgZq5_Yi zPkVubXnHQnj02|75=2JU@V`i*$i>QFv}s%{G@#=QNQw)x0MizMg#!kNE=cMwSk?<+ zbj(V&m7)cZGYd4^JBs-PK`~KM2#_Kh538cPe%cHb(k{{{2GZ9Px5AFu#ByJ8oggSu z+uku7(+;k^K=hM};Cj-An2d=CM9k9$OfjNDtp9J5Pm>FT%2n=E1`55f;b>6<&bSVT*tgP7h-|C99aWgSM6(L{{I8W>DSWrjd*^7Q=D}YhK1P7| zWUJwpXg&2s@u;u;iol-VCDB^Z@oK4i;ZLvXs7@FIiq{OyZdk zMHZsJt$$?#WI-~B8zKw6(r*+_qA8*^5D_#iKtFmalP-{j=m%LINWa1DF7ak&31%gf zgp4@gJ-*iw_mZET`mFrQ>$92M&*Ep9=WW;fjGdEJt6sY1{W-b`dt~ypb3*Cur#G3V zd?u;sV?l5bSdGMA5WSTbn~f+hF%o`uzS7BlKYvjdwkFfGeWa+Nx$G(%28G^rkt7*l z9fp$!@G%6?N4}<7tkS32>U^S$`|MxJW$j^NQ;+3)-SuBb$vZMdm`FV-@2XodHCTGW z_K%11{yyDo=S$dX*_pKNajY?xv_d45lvGl8O~)-24*m})`>wW~6KL)>o~Mso^#d2* z9fr|^lu8jLju?%tqTg5z8J`Ietqd!7a?4s#mT02^@|ZD-M+1RP4zj!vB@_|@(iuu_ z31oyw6;d)KL>KIVaaztB96J?uR@aSfRP7C~T3$DcHsd;OZnB>G=2wip@tJtfS@O>s z_RCp0oz5(@)14;DV@->_ryfU);M#|~uDvs?ovdb@5M&%(xG*e=Qx*&f1Q{VD1qxz` zQRXX9QPgoAl!gcv_|EM*%IQj#y3{?Io|UgLIq9}+&1%}rW;V>Mm~BNY73I2yymIin zndafB#|jRB#=*8ZK~-ZA)F9%8$nLsy+jfRyVcO+)H>6^~ki$$`!*yh62!L_{km0cy zCbZ%Z@q*OeJ*5`0iW;1tL5`(~t$04GRm(?1&Mib+KHT0?Dff)eh`jxE*e=xf^&NeD zT`J@*!-_#R5<98cbw3nQ{X_k?>Z*RT?FxS!C>&rp5mS69fF{FmP^)Mw)dsYpy|NX4 zTo1W^Q>43l3*+SSwyR}d%B?+Q2gae+C&rZdX+BsN&|FCO{R=EC!J>_usRMja*TLw1#{083Cyz5h1~NiOsUpFH%`m}4&u8Hl@~LgX<1zf!9aB(+JF4J@k$e5dla?`Y71WC0`sVFE2FNeSsq3X_+KfWK* zk6}-a@IoV&SJ#J}OY&RF>3y0eTJY+xvS~G*Bc%H^Sn?TH*$sFDO0R*j3EnWZMkuGa z77R~&P*|XEfQt@57lIr|fSdsi85|m|55AadH4nY1V;OqVW_|Q%VY8YS-&RJ3O;fNh zzKsJ_q|`Xd`{PNbadf4ckG`!*mRd&x7L}EfufEY*tM4#nZAo1F-3B>>@2XejVX5ck zgvEbI!sI7O?K;S+KtHG_f?j?^x0Mxc+;+1Q|F%zFDPvCQ{9n|)Z}0zA8oqm4)BUOc zreij?Wwy3WZ4FYXwNN%+05h%l4g;*DSXQjH!x2C7MvdD6JeyhX;=0rAE?*#p$J4c2}~l#Sc02( z5Bl!xVX)ects2fpSv8+4Q6^J#NJHL=7~Ks8q=Z`l@_l+!CaW+s!L%8bw35Hh>4U0= z!hgB_k5s3zV#`wv&1Q*@oh_}Zj!(>;|5D7%O-40h(QT7kENYIw8U^>?eoa;$pD$FW zDbt^7MK_Tee}tf60p}0XM=uMZ#j+gbgX(~`>Fbh6MnGt@%t1L=FTw|eK9j{RkWKzwTUebORi`~Cu{nC7~Mpk4(1OXdGQJ>c2QQE6S zD#W>T-i^aOGBEw=9xqYq%6n%#8dk1SBra_KQ4|9Z48*WqA`Y$)lk17Yi}NgC+D%F9 z9Fc#`hVY0z$C`S0J?Z|7TTQf3*v4whT4rf89{t$I;W>D<9zRz7zw-J^*7S_43|f2X zjJmC5v1O}k77BYH5=Z;V2G*qeMZ&O( zuz{d}s~fBK3uPAMQ#m38mx=kH&b-_VGSjY4?hmOy>7H2RE~QK+-C9ju*$b}`;_fNr zBPxaYAC*NYZrty+Wp9cJaJmYGu;qH39#ZK8`ZMr$oB$ZIXF zi}~g3fIJcL5-A9gC$Pyildct1K4?;eU3haG=-OpA<()9voI?S0+fj3XTCfp`Oa$@c z8#KvF{3GsRV@rx3!&yJSYjgRLnxdSp~8d9 z`{%FNK!h0VP5_JeNz-RtsTv38I8UuMGu!D3+p1@*1git>->wRIhaTP*w83;jj z7x;Sxe}Y)Z5s7(*rRu6LOrX)j1VA(3Apb2$xHiO;n=1iF zMNooLG*QM$R|F_ET*X93Xu{D}HCqZe(oHK61W+VSj4EOw3`mz|HWWGzia;-k0e_K> zQY#rgW`ug;0)4b6)L8>sKBq`34y)2oa86r?p^By#E@c3VkbuafNF>o=vu4`S-@AU_ z?f66B_xKcBp(`P%IQPY+Ocd0J2CjVWLNQ!}88_saSwQdQ<+1XDH|ncIKYB$6l4yYT ziI+8~=_7eFt6A?4MZR{YWdpEfW@xI~HifOZ+sU$Wa&gBTna+vo__XZ+C_IEisVZ!_>k-pb`^6k4yLr0yc`EH~8Qu zMX6i#yRgWABnk)(&8H5nr;iu{A=kPN@`Tz@&=E)X7c_MMl)bLcVA(rT3D*GR(vgCc ztJeWHXG5sUkPITj3RNERXn+se-*@D6e5|A!D)+MX$7Hq#6B3Y2AaRJcW8*)-AdbBh zq9(E;u!0Uz@rVX-1B6lMVy?_h;CG-H-_0z52T=gH04vl}m@I+ih&Vwrh;oV`#SNr* zkwn+Y5qObT<33*0{-ImRVA#I}BJ1SxJd->beHLCO`K>B1lBwUwy1^ZH;j8$V$lNEC zAp!m45Xk1e#_CgA1eiolqCYv>tZ~RX33dq0b{^B^vRw-5V90@} z2tj(|3{VCkh!~{4UP)(~S(&6{WfCaFba%lipJ{w$m%~jhHCNkhUo5qn7UB?1$_unb z+XPv(1;m};=LpgPGUlR3YkzZ)xBjaeHhKdW+NnWdEB zeLiaFK;;#|pj{*g0}>)kGOZ?MS!B~>WYud`ZMMK=q|##2WvOV32q*ri7$7M48UQ3N zMJKHAx7YUtUZ5I75^4J^7w$6TK#V4i8Be!I2Ea35;A+9Ob^JE-fX#rJwMt5KtvcU0 z!kM%hClOjji8g=*3j+a2IayjI+;x0;SA)t`s?~doV%>nS47?E&cP?*vMzGjI*yzp; zR4M_?qJHqW)W$f3dFNz(c{o&W__uE*k)@E3od5@&UH(cW$O82o~Y!(y4e zRg zay_>AcJaH}zr@?Dq6Zd>%u17|9*AF(gFq5n({Uxq{T>_un9)T(#K8&026!UPSkPdeL zjOxvcn6l0hz3!fV5PPQKKYpy31T*F7)nrF>y03+gNdj`*Ysjs4Xv88wjgdNk)*_J`Q~E& zdvpDinYy*lux2W($bEh#y8P?kw)Fv9XpUn7ACdRj-o5{}MFdag#hEi6KjY^z z3jBCMxnJw6KWT>?x82p%WN&5XUKjR+?ddDt4^!%&+vNrz8Zh*V5?`pH{`m5Mz?BBopvKy8M zoR6`U=!eJ=oCzv+gfEhOcQ>m$8tFa4yxkZjP2NQ>l$M=TIi5s$B(N{@YD zYqDe0vmtxXxg&cZ{-lxstb8W)S(+>DjnT^Mr^^fP{{BCC!o_v`6c>0os(;GE_AA$k z2g(n)&%JuU#nq4II$53ifD3KPReCw8R_ndOwFg{U|D-;}m6qP&;Bs=&SOJ%cE!Xk?l(|%{a!c|ZmHWTK&BgW4fB#;zK|eT(YIS?&le`D7dXCug^*#}+ z;`+Dt%>ShSuc+8c6l8#IiwLjkCj_#QQza zbg0J>lPc>+7*uzs-Hr?5Dn3ZpY7vbMtX=8{d9^mFvV+ zzN=g&kN@%e_oxil@vFy%OMy236XfCo-9BMzW5adw0TlRzpX=Bl7gs&kKc&>#-m7OG zdg890yXdKLMghkAuhoMKu1}PyeEiRjs=-zMiuT}Xwz4q#LAjmMKiN-?l5GCBbCn+) zd*FQ(uKYfjpx z{v&K6>dp0q`_dEcqc-qCu5zUw&4MH0hHyQxx#0S*7MKf&Bc3Wh(y$S|I-t#UG;KZ} z^}$8T(ewUCj!_@|TLAqc$NR*aOXLjKzh-oN1k_5y;Az&Nfq5-Wfb0KP5j^TbF36GY zk$3R_wZX+jJ+i_}i~mo9>%EOuL zyRC#&C%&M-R_skR7xdT9Lv1OJPv6kQMy)bDLW=UQ~Sq~2d z?HP*>{fC|sSoYuN!B*;tx|lj0TUPR+)tDmjv5Te0%LB(`E0G^*(}TC9UKSI6`9wet zJGUje7P|ZHcPD>ZGWbTw&nhQX0O!s6CsI+;&1ZMT>fnxJmoeq~fx(K3qOZftUpUJA zW*&&q`6z16FX`$-+ksD?VMxkv*`QGwjWGZ7T@!zA8TVt}jgEhV?@GLKxY==crwG{a zW0k$Q_uPkUD);vTD(3q2TYpXWzIwf3e)-CVvL#xQq>gwG-R%X)PK5OC{G<*@|ED5u z5gkjZXI02`@{f9f(=}dwU)0F%jv67m5>u@C0!`H$9hw>>h5}G!k;7D!u;bvJHtli-XX_@*Sgtmac1dXekH#id2#F8 zVnebB;`MguR#anTgGMp|@tpJ0(Y3xazpnFj(N|fXCDh*6`eNkJ^jK(Je_u6+M9l-wHY4);(-sHu#xa`tAGr$uv9J$@TyGZ6r$EzZr`Fct)07iM_-gC{c&asvSft{KHThGBhE5>gPh{a8z0>s6of|9Kr`uQNPh(eZO8OUIK#O#8j9u;rz*xa&n4xsCi$fk%!pE?KcIj+Ne%|J~NSx{168T3cItzH)EUqE6T8w82ol zjQV9Qr=+r?vu)WV`#DTf$)8{Dsx1RSNtZyY#Qs9yo*mW~2uDY)ul^cHekUk?@GErL zyW$&DqQDBNVEp&f=t*Ao-+_f8Nd@GON}z$V#h$XC#lAC0wr*yia&r7PFraz}#Ftl* zhXP;k?awNzZ@s&KnQt&ddZnwtS>z+UQ(w#C4|Lh@AK~-}0`hq+{FAcTJicXFN5$EhxWtZs~hY zx|exjrnJ)Z-TWJ!gk%Z9bC*2Y2C|-Zs~}1@V+Ql@kC@UvlgxcwVE~27UL2Nj+6Im9 zL-~a7Ny%8}>L}5~L;Fqd3_wCSsBK#oL7D9D96hn5SkIXr>u}2#3mGZkb zYMrtlD?QNaZFi@9+n75;2j$V8$GKAo>8da3kclGZ>Kp_m=S@XpYF9Y>snAGFE|baU ziZEBzGaxMcwHMgERP}cbWJ9NEH&z;3Xt&-b$w-nGR%+@pF7C^yuH^g0H)<6bS)@(}e3z}9YMbxsgE_kaOtdP%PV&(8*Q7+o??VqI6(ayc zTR$*kpJYChPs%KXB9T&`$1{kd=`7d$(T5B6CvRD}?yuvQvng>Ni!*dv!k@fFU-{H1X4LGwGW1 ziVl`;UxPImopv+Nse6XG<-fziUOIG>3kB^&o$Jetwpt|Tx~*-=adBo}iY}`YV1aGA zH5*kMK5qp=yIC(oZ^_B1s?_LtM>kpL$gL~&2b3WRUZ|8sdYrAaD(Mi;OXuN{?k@hI zUpbYepyP~F{7PX__jSTu8^DeGB`0ZVCaVsk-7fjCtUCSIVREFeCAXf@)xRtKT)cZ~ z9eC-UvN1FN?%tq$7b`;s!{p63L#aR#TGf-}!xmlRvOHE1;^+WMvTAwl=$Q%npnAy= z`AL&Q)--#ZqpwFqivN!(2S>*eej)na7a)ixuwiU*BOtn`5ihNvlaY1B=`PWV6(I$ ztNU5fcW~Wv&#<|5{qeL?k8q8-`^%`Pq0HT4Xrpi6M&Qd`@i)BFXyi<5z&|j2x>(8P zA);%U%48bw)6F_P1x?dAl~Gc6Q{cuUm=I$aIwVH8q@6ttbAf!f5->M1X{u4I+V>ah zj8}o?%)ZOol0|URItJ-M@AFhqhCf1RnqU-LgB?db=p0QUTJJJCRl7h*GW}=DzE(pT zdsCXgo{A_Hk+n}9_|DXjF7LpUt{KWoU${T=2t(z>oRinKK8UF++!et610m(S#uiUR1%Ug8cowICq!R;XHW zwfcB}E@6_eR}$ZE{z_9(rgyIZFB>XDuNiyE4HOa?@j<%HpAVT(Di^cT3yKoWJj~_k0B^UPPKi3l&{Jm4tla(n``hq3WzM#x%R8!0 zrYD^lnLH8mw%KWdFXZv2*l_3Q1H1$mA?g1GO%scT>d~0PDxTo zr7q-!MtjS5L6VNm`XEJ~x=y@}euSz^S+@er_0Gbq$%TI$k-YlSU{3slz>lMIu(rdc zS{=W5*t}WD$Ycs|X4ly(=X_|Kp`FaJnMTL+y7z^8HxcDBB7SLFGO32Qj^`Mjj-nqA z)J-vvG#Jtc<2^v3u+HTfCTZG%7C(IS3fZ)|4`W-`8Nr?;R z6r@O;hU#jJ%CJEpqH3K9U!-pOCHuf3m>T9n1En{25nz$0fGCS%uJS_+xcQs2!fGXm zwiOxZcjmqAa=(2EbYfG#p*wIFk?Zj)rkY84^T?Z0Gqk==rPGHKmHxWBTl3D9-96PU zlCtYy)Hqcg>%I};IFJu_>T}|5^|Y;a=nc}8KM1J14 zF7B#|xs)TTETMdM>{9Y?(NJ1e%~sXU=Df+Senri%`4>EYl)O{~|5yvF{% zY22sRFJPDS@?;=R;Pgqe)P5P7OEQx0ew*Q9o4z5&V)f_^sV0z$8DEh}4vnyDeX8r2 zGrmff!e+>~<@jZ(f9hu&mldS9&kDjFZI+BQ*5&)m6jN$BkYr-%au-x5a0_%nJlLR* zFcnyDzv&;ki9LWZ+lwq#$>g80sl@%W?>YFuR<#)4`@hmsLvO72OILhZ-ZTtrT-YVa zFa2TWv2v7FgEDQyqeZ6r%2ccS~F$Py+Yr zp6xRT>)e#4U9xynxsZx*Mkj|^&CMQ9hn{g z%`q-jaU3WTe<$7G$`zTyXo(;OJ&APZ%Unn)Q=nPEKuZ;OZGz|cYLKqrg>a=A%)`}{ zRW_-Ewpt*SrlBo4^z>fXN`KZtQ_RK4Z2kqyg|6!)1yiNHfjPIhlvb)qhcd(?>GA1w zYOL<}L_5ukx1Rej0B;k`jo&Hhx-Q*id8$Z$a3y~Je7E2EhCR@m<`Ax^W~rh9N~$fN zytI>79<1^efhyLvcMIvujn{d!DPHzNrMvshTjNoQ-_F;70PYKmQTRScsJBDS#SL(@ zOo61C_XtM%0yXmL^HlN!UG-Q9rGFA0OW0HbZ zaW|EJM+OQ!zH{&FtB$W>j)-p|GIx0@migtaJ`psOQeN(Zv4pLvHeoypJOJ98+n2G& zt+nb!$3FWhH&OIf*Xx`~8C>BtG}2+BWi+}!E~voFi5yU~5FRUm4qft>j3c#~{C)2; z0e+Q;d1$ntMrhP(baHgYTxe%m_FvFaK-7wxgDQQ_CK@Brhf2Nzd-(|6GRj$}S zTq0DOAu?4;;!{_?@26(UsLO>grzP~6u*K3{pfZ?Fl6^|t|2oNT`Z;Sn7Pwsuo>%ydRbl^F*tj% z0g;oa6zyf^=m(CyAPdunjjqH_|MjJf8B(*JWVP=uts>Rk|H)sr>2v&g|MRe6a=v~S z`d+8Gh;Yb_SJp^DDZznZiL+&<7aR*@<6$XVn8jJ^TlOeI&A7gyUSw2L$Ps(uE1OoP z8ov=vriea6%}3^*sJ12IKj?J9S;}BxZi3?WwFp2ieZrv-q=~^^IDlXBy=#R!x2imkjELy{}JLVG`439z*fS2QGpxAq<6=W zt@O!J>SicC8&ZEGv{3e}rpPS&+wtK$k_M_Z%-a3)1_sgA1fD@hB#+lLhe?X_k80M? zI18*u%f9qMNf~twpIL~SH<-+xi(*>oNE4oPlW0S6P63`RGVow&El%Dx`lck7B1F5Y{$*u}LL38tmcGY(+j~VXN+Lz+4-~iEEc3a?^LqkkR>L4=)+Y))E#w7I z38}-AwiE?337qBK@VCfB*!LAoZk!r#c1n_6@af53|Eyb#A7ON3rJu>Ki9cTmB`5oY z{1(szUt!2?wcy8ONXw;g%l65VzUa^jVjn3yQ!+nIx#TaP67G9^c31oR&&;)m`IO@D z=qD=#wAq+8fw!!xHDIK5Cd7~?cX^IU>@H5z9MPzU-byv_1_ z2OIB^x)s&`N9OQj#!H?j5m`FJinSj$soW%=f-vz1$8hx*5yq^2+2QgE#Wm&!HE3zrlrgb>- z&6^1lQ&Hxp+fD2%}dTBikkGUS_drnB{zF4FOP*ZQ+G*GG#Y!-vj+zog!S84KUG8(sL2=U3a__NERAQj?5u{95{QsBrDkyYUJkf%RK%n%Efx*Df_*0BNoJM@V=xgF+Di(`IpKo2!Lek}tMV0?NX9 zQ}{u1wn-*f%U)n>0%?_63~UR`%oGZyjecV6N`vDsi|DA%taz+PSf@)~7EbI!HXVWP z&k;QBJpYgl7$ zVW0v~*$PACppt~sY2VVB#ID7B1aP*tSwAAntpzrd|I5o7ICL>4$D&r$t{aHQ`{W;#4Y(}$JysV18@mkk`z=|Mg3lMhf!M8Iufwb z6>vOf;L}glEefCc_-g6rTfcYMl19^{;FGC@+0U}dM&Ak<`@H^{Jzoj{n_}Uv$|k)g z`y#6zL7KaaO0@&*_RZ$t(czT6#O4_I{gRRr5{ET;bl%?Am5}L}&_^qb(3c46#wqCB z=8yp@G1Vj{adv1)_r8QAm0sdevz`!X>8kCJbUKaXI4j0F=!|pd^IIf8V*4OQVeN9N zJ=POFNjX0~hH7kGq-P1bybxcQp%T1@CAli_Pj}D~u z;m@}E{Xz5TzgPBGViU~$zNEi#O|Jf0L2^3Ym5lEuQW@G&22t(0)U17J@YlKdWaR5E zF|sqAznMm4D>gAxXVr?H5fBnOrOQ6vA>}e3`aYF5&;j&(&bsWBQyIo68}!g>_|;Bz z7DX#^<5FJ%q4O&sfpfHc6IM!?)%*AJ9R9}9sf)Tsr3re|n#LwuU-e7yA;WE2$ZB`q z1?x|xy#`%wR~`l-6Un`YHNdIGX{GF?c$Rj7O9$_4_h=ofCoX-f@N=|6M;fqsyi;&q zQ&5D;^e6Zq!5MOrNF&h7=N#Eic8lP3DN~rzYUW5~4mh=6$A)Ty7B@asas#I*+g@PI zN~dH$4I-d6{n&MqISN2Ce1vzAk8Aw3wYHKwY724)X1VM?Vh8h(vY#yc0xVz99Y;9wnlTb;X;q zAAfoLRqbLmVFA)^-G_WwR-xHQOUijE{C5bC5+cGjN91+Tvar5E8nz(Wp8i zTIGtb>%Ogr6dH+HR82$nLc^FG|JXI=cTV@4(bYDcZ>js)yOS_}x zd5X!;xPVqyL42rgbJILa6tJ+x<`^sTra@T_wiE@60!xKFplDv%P(BvRU}RJl4&SMh zFErY4Y;?(S9UF{qaZ!61xVVVThgkO|b0Z)m+|`l%WC+&$9_@NQGhu0}1IeAs^N7Xf z!$Z9(@H|aG&%z-&$(?fN0y^fK7eZSx{U)DPbtum2v@x&mWz%P;Z6%!R;L&VHMWBz( zt=`iFo&_pCpE^r?`JPSb%GW9%Qa`JQxmMO$)j~QcVfcJ=Yi+<`vc!Dz&&uLz4YPL_ zc2VXGnJ})JA3u(jHgsQH5?5kxM0Z~ZTrV<`Pgsq(ZvAwtvGEO{{XC`$>G79iTNJR8ZV$Xl6dK`Nbtav=!0f6HGSOSL7d*;>m=)Pa_kAOp)}y2~-Pu zLCf4T>70ycY!vX$a}eSwADjmMzBXvvmI^I!6Hf$Qu1VL5IXTnAer+WYSu*c`A4>5B z6N+4vX+i&`oW9g~XiPXsTtE6$D=F5+9bVi4wLaOD6DV$qjD=(t7)l`%V#(ETQwvVQ z*+joxLubvKzO?Pb9EZ1X9T=-Fs@wF%PcIS&4-1PpOPd*Z`LP4M(Y3y zn!rP7(Y4Z|Dv(JB&A!|~Ln!;9nEAwbi?k7Y_4mH-zG$4jj#M#5Ma#k5aB*q7%&84^ z*9Ew^rAHACM#2{V&b4`7Tse@vzx8QPt;F!l_}@K139x{izF!2r%V&NiKQWbPm?~9; z`^(pm81XKb^QSB%r-Y{PCO+|X(4+3T3>{s7{Q|kWNQpETR4N1xH1e>1O|1ZKc%5-Ooi#u=;(b!hERJ;-)rN*l(Y7y5m%-LGAL+c=E}FUqk# zCOl5F%D$)z%;0BYPnUji zJ>4v8BCuqBrqtX&qofoeC%OmmIz{Q=Q3~~=aHOB7-qk;?aP7&rwYuEoILec$OP^k+ z3A(JVlmv5-PivEV1`H%tNj1O`M;r_ekZ+R$0BQZa<-{^#nzgJs@Q+T#U%^|I+wpn2 z@%ivTO7)}Zm-dD_+OLWN!;5o8(oA0rElNWp7p9|J2ASs-mhAPKM?zzr?pK*#TH#n) ze>G)XLYInG6c`|0r%P+hU;~?dlS7u_*oQaw(ce_~faZs9>v!)7{n@v6K@yk1YOZ(f z4#w52?X<&g&9I*eon}*vbACDFzT{jPm7WDd<+}i(+*`!v`H1A_)qj3NrYAZa@#gnl z%uF}V13S>+PMddM&foBNm;}|xZ^ph8dgH8QYqjh2`Me4X0YWGa;S#N2+7lQX*3-A8 zm5jP~ro)aGO$%@b&fxLT(QBoR^KA7nHHS3P_Ri690lHu2*r%=+-m8u?{hw)hbywJ` z2jo$;%SVtWWkGdK(CbSR5>^!r$^3V!|C-nAId`#>4qm!ftzW+0&Ds^y1w34+jP~z} zt~TCc!Ks%%UsjM!uNQ6%cj${SwA}#kt{aTWB>y%tRu6zxca7Dwj*Jr5&4m#941(9i zd6LYBoA(t(D5N7m6Eo`@?`iBH*TqdVnLxK5*127YA=~GNRB-˪DF=P-(WIInn+u&lCb`YUlzTIg!q4|*jLf*2#S7kQ39);U^+J|AMtqL! zk-zgiLv=ya&m=9#wT8bj0wMSFhneA1TWXzU;0`1|pH^PYR!fIiPZ~o);=uFqMI>gw z`csdUg0o)x^fV+Q&m2Vpi8;$qiD_tH+!xa(@QOd&NmY3WgoDFR6_oUN{Y2G89ej^3 zp!<^G#0o+=(~f61>rMY1hK}n`p>1Usm0fFbt?w^x4Su5*tTrfvEKxp=Y3Kn*QrSSA zSa}7lfA`ytQT^Bzp(+OTBa2$}j(hOb9QyWdm%D;wwCg%Jnx)CZo1Db|8WuqlfVpV{ z4GFwNj+#P6gJ1P5VA=tt0DCJIsjU|{ZEY>CV6v!b=1eWqMMnfA__bTr}5UJA!WEp_JhS?i4^1;PO>TiomC?!f%a7hKmXrhJt24{unxe@ z>RY9scK)qKH`gu?rO3mI4C>p?%8{#)&W{s!T38=xalD9am*jiWMZ2!tv z0#-Pavt2a|Y^wvlk`e0=@XNZu;`oH!_*|d#L2*za_eSBb)SnWN50Zn^bH6ISzoEP8 zp{=3meV(Mql#%KAFwki`$!bg3DKX|o!o0S7!C_o z{;c*?hIg^)90f>VBfI9{V*3q}M zVOf8FsWOPHPGZZgwM-IOxrB?@Y4IOp8|v1CWsI^p5e+;i54XX+VaBigWW9S)#ZCt)YbzMtOv4rd%m3PZaWw1=RB;U;ZSA%zm@CH*o1Iskt)XQA%WIv+`}tvg6s#Pt5)vNH zU=`!3)`H)B4$I=%ydW!T)Aub}6*4)II?t)T`^)7K2FHAo>#EplvZ{Sc5)z(H7@Nk) zVyoWK5RGmK*D_T6kq>5y6~rK^Th^m2^hXv}JgdoMZ?1@UQqCrQ6IeDACe?2{^F5yl zll-^@S<(2B!0sc-3cU)wOWDcm;ig+vHSlLGC`IQ8oEyOx#tl5V&yatYrX>qVffENPRb z2I4p%OAl%K0$Wdh2OIH&Fk$elF=j*c=XfH`er;xxy3-{jCQmt;&e0hPcV8{agrP?TGaA zC69tEufY)ELsKxTqT6!&gHZtQ!;PS2t7?rTk$FH3a%9-@PHOn|B)kp*r8#?Dkr;n1 zKY`^44lN4TI;P4Cge;g5H3W_tV{&ziC+gqxwO(mPp)_DI(SD8}y=Bhk|*K{p%p#S|S`TO7P`=dKR0iW~v0e zePG@0t$nt};haRk)>|+PWIaExV8W3{#|47Aa%+U%)aMcS^Zat#TpDF90kHN&63HZJ z_)?!|WO37N>~@3H0L>Xh7ur|?n~XBYNS|$s8R53&$>@-p8aXeTGp#$nt@U9Gruz-% z;j_uD*-&nX?LAH3OrzmvZ+57wwC9U)5RWMO5A5ow$#lv*0x2>lH&mbAWn@*keouiQ z+~>E!pXHSo1)wXcjnq7h=T8DX6CT&B3jmvxqp$MG$i&1*vg!)0`n_>7l8d>0BhZo zkR2l8kxzC)F((4sERj*~A_nJgKE=O+yKlZbv-x-=O)3-lP1qw{s(hVx(xc&6=`+wd zi1R%eCs#c6o3#}A1AW!CfpjBQt#2}}1R16hrAr7Nc+Ada#98dKql(LN^{tO!$C6*I zaNAec}SORn3I2`^2CAVY^1$VjDks zqw(aey@9Dz3+4=xcj^X5*Z`!6CO??Iq?WP=AR1UKF>nTlExVWHqxq51|HBkYT&+nU zpBOgin%lYG)9`JyED}vDW>^vyJ1{esSN1?wv2`X{3Hbu2!H0cVo$Rg+Fb4;fQ^Jxu zRSYuu(;T}7s(a18$<)|^JiRfFm(YRUG* zS~B15*@h_{rv)l@vHVcoC*Mu>bd+{@!Pdky$yGFrj=hvlttT6P$IY)>8YZiyi`FR` zZbC}iMcb@+sW*3b(d_s2hqV(ZvN+qtsp<6<3{T$!?U;-_r>+2`&aTZteRzC{!PhKyk6ruD04Z8@v+ zN}<|8;UR9FAA|Q~wzr$dmQ;S)Ki$xuIP!gMak$-z^LoRYzU_eF@4h0(Q``T2Nzn^Z zZYDGsFfxfyqF48~1$y@l(9RpBJU@Wz>BpQrkNgBkC=my(zp#vE%bQ6{uISWzA-bo^i9GS=c6OiQ&p?`|K-+iIGy6$g`>jZ*N-tH@7%Kl5P&Www-f*5?YwwIT!HFJy3ggW4_ie0F_5Zb}8EdXxer8 z=VZ?H^ zzQR`Bo;(j}52*oFc9mN@`HLV_pK8@nb80q4ak~aZbjiCQ&!OzNLAI3qQeLYcu$gKA zEyt^F193W9jnkgCneyxFeO5qaGtKI;j4)lhXVkf#=gfgu(gRx0MR*8hX3*Y|Pr#NO zQz-y%M7V2g??^h7b1m0TX>n8);lsut?40Xh8W=x6jVr(qS7Ce*u|Es$dQgM%{#Zu1 zUo}UxyuGRcsG&kbSBmZw;S>2RT~$pYBh~AS1%JAWuz0Qc6fA#zTrFVxzOqEAmY;V^ z0vPsp=lyrC?{#5S(a{Lpd0}#6wRImBSN`92r`H|O$Xz)>p@7mF2zFLH+muM$LQi(l zl~Z&*UP&pATqba;Xc<)=tzbpo#44NW=Sg6y)4IE+npnX;qBgI|fchM~iPiO9@&N|q zo^iaCvI}A%6Q*I$!pixyXz*7=rmR}kaJFUQbHf*TAt+O^Y>FuHhk`*~%(SjX$ihwO z+>zJZzuikULPhgK@kS=aH3mg3JPs&ASx_-Iy_>KCu@*^exy&u;m% zqfDE$@n)CYFiZwXXKw>yzR(;MNal0Q;XY4G$HR|XK?Davz(ln+b6u;4&vx)_&nM(% zjhtNh@VK{m;KeOt^ET?zOPmHkCCuunH2sDgzAq+q#?Z`SrNhV3uA-JwN8^`Z5Z8M9 zK@}*p70A+qCX!Pk+Ot3Td@8oe+|sCSdmKJ*-MeWghD4cL9Un{Yw_~fT3{1zK=+(!J zSQ>ia{6!0+=5`y+mysgLxqL^ioRq>?ZXNGx;>KP~Pc}T^Ya$R$ypIhmI?t_})mzjI z+WuR!7P1p1Ygqiee<+Vs^4StrZIgP4uPl0(0WI*T#)ED8vN?*1H-+)o#gH#;aAMY= zwQCM_Ww*(-jaW7)!nOp^vhNc-YKt4()jtGd!44j!uzDH!Hp4ZIZ7_3uk&(=2^%|o= zWd+h4npt&Lvv9?f4U|^C50o0d3sgPiE*T1stl7Y&IYeS964IgDFpT%sBh-JCsa;8c zb?Gm>`NytpGQ%K4AADz}+iyv$oUE>{CeWY2(X$2ls-hJ{+Bd&5ox8q=Ng1$8POAaM z%~HY9lVg6Z*`=2iy(B{3Yu}P`a`x-UZh8sG%fKez|5$=*e4oTE;#QQ2zFYvyok9f! z(;lNZe!S+CyZhmQ6xgh`Vjwv+lniX}QR3u?hF_6?KaUzWconqpmCgTD=68FVetwG) zWQ^Evsbh5R^!;A_1vD^#**}`l&Wg0noV;-VtrFJ_c9I&%=VeoAralbX=nMq*Tq{l2Ew$1gMZRUbkLI9>Q2tXydX z8}R{F`mVdVXmKA?LlKIbY$1%88NP@lW_9J#Y>##*MlWKX0a(`dFeLJHcqF9046CW- z{XMZuZ=ztU2Nuc~ncisKwF*|gzL>8QLncCXW%4X{aygW~^5_w_@#@yxX;zj!Io`8d zKGm2U@@r;L!C*`HXI8+6{M=XWV=LJ8SRTk`1buk1Mj7#15?pSGF4aXMRpb^5;27RG z^M}m!pnKn3^kMYg@|HY5vw<&vuE>Us&+bcNZpJ>#cqfnB20v{$5c$p9FLer(Xeus0B>{rj0H6hEsy1xIouEyR^(y_0l+Y^SnHnn*`LfES4)0i>w0d_T zx<#mIR2hx<(XrC>KB(#ZwfW}vBidzdZ*nIC)I?)2gF2G<jKMpHbrHcGm0yV_myeLn3=$XT4fpomq+bJ`N`4WPnYnx7!!T+k>brUrCt*SCnQI zE*bv*Cja<*B4b6XgbnRq-@1*<6{zhe8K zsBAWT_lkYw;@HDDBp9*?bq2s?I(z!pa_w#t45rOF_$1cldo(U-Dj|#!bZWG-(fK3< zV*`T)^n#2gkjEEVwH4&4#8d_95_5om9DGyn-Z59m(b}FbmInyo4lry!N;0beH4{`X zMeoSG=};lRSCNrwJXDbkg20m}oSNHNL}DOOwQ>V=onKKy|Ge6U_1I!~7{uv*3CjU^jo@ex1!Fn68T(PydsI&BB4dp&T4+OTwfWo*vVH&KHjJ(&wMpH! zdlx^OB(CMOfl)>^a1+M16t;=m_cl?8WGh`m8bUSwUCN{L+wW2}fc@I>Q*O(wYVkkk zZ~fP|ZtUPbIY_hQGsJ0Y;UOahnR8STCJxls!+pc6yN7RidWL=7 zTGzki+)XbpyM6S}>2`)!aQnP)c(3Q1`o<#eSX)?2^&RVKJ*^CAN)o1=@3QpQg?UPSnZ?u=6Q-)~ z{Gh+_wU-&it?c2NMD(?`R%Itpt7SJbFGTYh*u8;m^FyPh+q1m-<&cbZ*9YrLUAQ2^ z)cS7yZf6Z}2MGDCVSt}8?iX@Dpzaz(gpjro@>_(t!O~Ta8et`HNVQlSv0PK+*u0QJ zPc|CJ#9B~zN$K(f5Mtvqkl0;U!gVQG&17kpl2z=^S(7aV-9VBlGhw>+ru=H(Igu~! z?e-}tub@z=7tW1lb&(=k_$o_X1%>k|TC(vA6!Wqo1Aw3yp?AO57q?BrabWXCN=tt= zSAs$oQzLfjfs0;K ziC$gUCTgbcX%?}1f{)A_;6`T*n|M&;uBp_4_S7!Wd?*Dwxil{u~WcFd%!enXsu95@7J_?44ct*10=2 zWvLKLgww?rC;&HTyS=Y3utZuPf@SWD7sl$sRh(!;vnb(LMi%ruPnNV(r8J-{*LggCZOOX;O}qgg}50ilOE? zQWHWV2`B+9lmtSND!n|4fb>HWN@zJkAc82piYSB@KoEjRQwbfUN$ue z?Cj3&?0w&Rf3NFv6`b5s8JayCP~pZjWrT&HvQj`Vs!e$_iaN!-y!89?t)6p-I^(;Z zw{LT~6Ut#yP15&)yzN6IQhh#g0$u;y_C(BW+mg}b_$BvE9@x(M)yBjZADTizTDVY> zwqrpalX;bF_f7pbhDl~EPYfi3b@94RuqCw3C$En6reZ0*y;Z8hQDw)|3A)7Tqd7PF z(Xj$bND!;eYt1VLX~hcmP@vHWeY#Qx-$rw| zA9wQe@kM%$D{!x0jLGW6#@j1P^HXc}_5EFyl1h5MY3F)a zUcvD}nR+mN7+T7al&JgKuPrd&WwR~83Q5pO0J6>N<9pi*@+C{+WoK$5k?M=w2pu~u zj-~BF5zMOE846aMnyrgxFk>aC`Ij|wbBiwnS1faZ=oBG@DHf*f6DBE{Z7A)MANvQh zP4e1UTKAxc+*G}@X>z{MbI3AB6cmTUPZ;q(R@y9xXJg zE^x9@>tZ!@tOr$YXNN`OftSQW*1O{3Kjw?$xg&EFUOhgHFSFzpF+U#*fii;Scp*Jx zN^GBjz-25pVKytUPB0Wtyo*$yBgwtJyN!+H#XQK3WPHcfwfiYzgAB=8UQ^rNv=Z8P zDIi$nz?1UIFCep!#43z6_UZi%^F&sY&byMU*~fX6dh6!YYgG%`p?|zQ$lrjZvSI>~ z@_R#g4op*X+! zefkmiP7+A3_y#+@2FFel132VXJ@P43(e%3kC7=-~LrZ-c#rfi+j4{(HPb}45H8v}F zp)L5X<*Er)4kvy28&umeevuZ45<>XrzWQzpQWvnm=IGZ-@@gkR8VytwJ@dPsSGFUK zO|IVDcvLgj`XhMnTY`apV{owSscB!yFw&%|i5$e^7slt0c&9P}O68r(mQ#izt*Mh& z+))Bg#L$zC7HMc{5l2QLA7p%|fA0Ek&TUBrLE()vNjd(WH!X`kWl=m0^tO6m`z<`h zqO<%kuDmsUGu<_uwg5fhV*x2A48q9xN9oGWT-~q%b-Pd?E-N0AKfCR6DAJm>VUej1 zt*5Q3HJ2&}7OBf~QAP5hAz6Nw`T5L9T`$-Tbk$%7dGLlEel*b~SFI5{*{p+V1bkjv zn`N(U0e_zwrg8?=0n*mhy_Y_v(F12DD2tS0&i77SA!F)(=4G*YpGRBV`1Sd3mPMH! zOI3DOR?i~t`UMr9uRE~~9V4f|h!w}9U;Pa4qj zyJWH*5#3q1IPb`?#?0$6D#6SE~nWnY&X=&+3N1EYD1JL5+nJT0!1A@&6k{GI-`Db=+!|P4W}y< zL-1lRN^Z_F;|&|hfm3$DfRRV#(a$G)(Y)7N$UkmFWXGwBIDHkAv=G(n8bY(Ih+VkY zW{~eW{>PY~2p2@;gCHzI*njlk5n^q9);-not7sW4$LtqrE;{Zcb^J`IeJ^l38Tgo{ zfj}utyp$;mMo6wuH@&W~qzgSsj+oQeoYQ@*KNUmp;rzbZ`Bj%_e!soTuaT$SkQG2f*^ zc}^QlrjZ6MHXC%p3zHM*Pu=xedmO#T*=yqV-SfrP%m#jbg$Y%?bOJ;s?ja=Q9KXPs5Rh+ZwM1I|@@Y@0n#@BYE-zdm&c-wZ^g zVUQtKx`Bt#jUi+Dj7iN@2cmR_`Iz#(W6F7c>j4M%DHDZv|B}>aDN;R;&*Ya9+X{%_ zPhW^jtbySj(5hgLss5zHTfaM}uW06&YUxDej1wKSSVQOO+J3Ue zC$7L1n!*L`42RO(YLzM{c|1CTom@DCjP=cI#CJ9||t%?r}2@Z^W z7wlIn8&6rNiAtAKQma}Jbd7H9*8n1WI|n=roHy?YdhKwD;OzLhPgx+v+V-MJ?0+kY z&2|`NU9BPR{Jg?+;aj*?aSde%JL^3G7A|(Cv!C)UosejrC0VJpjTqa|XK>a^BbCZm z9x>tb6N|6qOHQKwrg2h+8eLNq(t@5n#*H?mkU zltQjch;{pkW_Z;xma^zsv*(u`=>>WjitxQoAP*Ph-*AZADcLL(D&7bO*Mc6q&X;uJ zNOLQOYzsWeW`aBU|2)_jHe>MFaLt5=jq*|pzbKa8gV0ZFowgqPG|+X0!t2Tk&^ym+ z8YsGZd4aLAUg+ICm4H3JE8MLcp^h=?MSLYh020Lq(u1hV9V?qvg)BYqjgi}g%(n6n z)5p?G?R0UP1y69d4>Mam-@_f>Vn4JomXXG@FMO=LovhQUd)p&ObR!iZP?keFxn#)B z5>CN5?~5$4VG0%awmf^_8lr|Jj1&b}fcubI+Im#EA)k^1RHM&GIwxH!8G>X+lM2CQ zC0xa0nG!~>zNHY^`uMW>;+RX}0sKMgX5V8=M)kfhK1NEo;5}!{J$-hpL?j77hoGm96o(0>!llNEYr$ZB@Gl0n6?weEd`**lvkR4yY4XXh>E?xNxo=Tb8kv1eB`cuE72l4yp4S z@PuY9Ucm?4eIGYe@Jez#2kWnWA8W8vuILS3%x}7fbzGo~jCgmS9?-iLU#K7v$9J>3x zOSW>Q8VQ%l9^c-es;k_72~HrowtFmfLZS|Z)CfgoHFMXxlUL&xkp@W2qE9|FAMI z`_#{}_+%8;cw$Y*$0wAOKk{Yc_Nf%_r2r4}hMe)|9^N^|B-y@6cl;Flo~A@o zaxusFvo#FQ?6pvrz$@J*)BgA_8x?l!dYY$vR+;%))Z|&z;_!z>cfB&$u&Q!ncVg^c z`d)}LwZ$m5zJ4MWDPpvn(JK57`K*^9r0nU?&?w&NH^-VVI}|^AoeAdlu{#S8*Tr2Psd)oPLrObz=V16`1FNiddd)|mz?<&C;zJ&b@cfJGv;K@13fs$Fend=-vH1K0=U3)sl2vLGO6J`#piL`J0Y#0jn%(upl5dl9Rvw|T{qVH3Zf^1QJTjNs?F zDu;ZYU}$6mE63pF1Wg20514wHO<5KiDhDZMPlI+__%gC@SWFf|z2|KlCRyjJFz%sV z77;Qu&My*kjB|Ks_w}txG5q$UY6VG=&6%@~ImQ%BZQn$Zd(>eVT5fW0sdS@s|4W!s zqs>_`b3%H5(VJ2tPuI7O=QB=KmwRjQ_t#UkZM%{BDdKIb4E+DIVVp*tT(g&S_V~M{ zI_J6h(SyL)I=6x-%51is+%oF+eZ)(N`Q~IVW6I4vg1blcgejlf_qLNhg76; z5=YBadwG#cPQST_AM!Cjo057f+{#sK-Lz`LF+Z)grM?Kxg_`fYxmvTG@##a?rAjeL zuO-#bS!zJurw8W*zUSAB*nXS!KhFI5fD7dVS5lodG}P2?4fn0@WcqG{xmp3cvERSr z^8pW56qMDr;7}dyOp8)=xPO!!a@BuKtb1slaFz&fo*fbF|GFX-ZZnQ#b zf-`c9*he`4lu8Zt?MB!+ffQ8<=-_CBp6-)h1~{a3^lErtn^2$kz^_Nv?^IW(zO zp9P%VPDn}m4Sf21w`D{*pK*-soG!*YHL>?WAR-dyS!^ePjcU}f1W>7rA_WkrsOU{G zOb68fIrBY}r52+~Vug!9HFJ&ZgvV*)@b4-ji6V(6i6#YI(JIt&pC9N<57Nf~n+5fP zBE`W>_(>;i9!s*kiV`Gzndh#nNoa*ZOINpynLnDovR}fBh+DN?0P zA;BH;`8N+T6oa_714YMunbWa&B7U>EPxv5={KM&=kRe?CX3&`SFM)@39V|5hXmKgN zyZUhSc`CH9VQ=e_ON)E{a}RBNEV0VNrH53E;()8QqrtI&vf4yqY)!R@i(?tlL!^RD zfmBj7Gb=ep% zZqZoC3DF1i?dA^aA|B-Q?X-SKgr_8 zKvS@zpFr9zq!+t8E&D%FZ^U%PLyEHk0{#$ zp}n!+#eJ4Y+9AQg?94NTIiqMLs{<8pWnpeXZn9=SISaPt#bNK7gSUEqpD6cPEZ~rxY+N9HUVLvJUr%vG zauz`SK_GM(2L(Q>W$Xp^y5C|>v%o67v3%#+n(Pp(!OfxJEd3H9jNbBM+269c>LfuY zyvcbhbZHa!b!BPCdZ(v9IRo7%1Gb;o{-v85vsAyDr>R4T(JYBoMcs@YC1z&W(O_Pd zAN;?gGzbX~9*1}piSKMI2Wy|K2dOT&=Qp@;&5|Z!gt>n1nuF)MMXweKPj0O~EGrU_ z>O8vfXu}U*kQBFge|vNBurBOK9Gc5tz@FyY;BdUIVe zHLT>^0fW9rr77A|eqf?4^A~=F1nTM7(Gz)q#KeHYa|l^i#)B2;abjRn70%rhnpFrk zvzn+De$**fES-I$FxL4hWUTD%7fB6hn|k=`FzAW6BSzVOJK(+WK8{c6)ZU)8c;K_^ z$W(LXgZWg^>>`gX4h>%{h-ZaSUTp5#|K z*6$4msV7_Th7FAT=f;LThhhNl9`4GKn&b*y`a!menbnbJYdSUTjXMk%qhB&XcyrK? z4!);mu`!Q!*Pq)s=<`bN?5DeLAHJOPw!hzRo12j@W>=cKH?M1SCRNYIzNzi8`{FIU(?a5SXG<>lGW1fR6R`b%Pgt*s{7=pMy_FRFGW&k{6IRjgR?NaaK4FQGFg z!d4cJ-l*I+88S!TRN@Ff<}H9(=gSFdoVM_|MSQUvF{-;$5uGMID*pR7*8^%WT zK(_0bKw}%6OY-^gOL4@!;vWU$R!He9=p+-BrQsd@Pc_>D{HV947|dVW?F7vUPwf-u z&Cq~dDgL39IM7~R&FB2P^cN*dMlW*7f%?$7&0`}z;h~TmKYdKQ&vtj?94GG2Z>9_W|~@5qr7b<&>s zzT9>4dY&yMpiCHK)avrZiuomqjO$96NL`h?RyP`?0mEJM$7%TcGRHNwVd7$;p`_w` z$(Dhj>FpEP>gW8SaJI>Nrxu~U4RXRi$#v{{7I^)Wq|(;LeAfm!T&@b8aK)bv9;&!`S08a_KCD68J61%lqDdh+C9&; z?4gOsTe?VXy35OoEP1XT{x_JF&EPD)hIH>KIRw0Mok|GPrtn<+fGxCw zANXt03}wu`gla%En#*Hpp6F#)XT~0MX0i+dFJqy_uQ85b!Cq8uW+7i9wtrA84=p`N zqXf@uX-l=~`ng6rEn;_oxh!V3S*~-r-x~ z!_|P5eQxlRbWBzsnn}i1N2fz(mc3sej+O&ulVtufA75=w$y8)|^}oCQ^X>h>qTI!` z51wJE@c+Y>mhBCXzpF&0vxn{L4|t!I^D+)%;xtdY1Tar(qyHAaoDAmGG|&!t@RSzl zzgrSU{TrAdG~}pgJHF2Vb79HDHYj|OcM#$vs!v9YzH2tr%UC=yYn{0P!;c~{Z&uIN{ zWPn>lDh?fgoD%>0E;NerIPS+Q${2T}os6IJ|9zHaT<760-KUQQP6uQAM7HUDcJ2j& zDFX92Y``FE4u3+~pg*YyZ$rM|!rg`2!mn|5SqDGZ^FE%2RsQ^6l3qprRK1E&kdKPD zoHkE#tLvkn2I*Uhy(%O!`f{2IW`k^;87Fuj)_;+mKKT{ZtQnRtCpzDLuG+Fe@}cd-L| z*!q>*2o?P|611WBEmvT)eK@kvluTa7yCABre7Md&w5B+w%;wl zu&W;C%!1D+)|_AT%(fENAHQ^Xsy8CP0IWj@&+DhFBGpJjt3?CN5_gIeb3q$t#RE0P ze{LON|Mmr3#_R<}{y{B+20AaSvNu;F5CLDZLo`$GkFODpHeVXd%*`>D2q27@Se9B# zYGjXZ`V&YwU9F7smB>tu?%r>Ra!`qG6^dh^8VCSUSt|eqQQGYIRr;ju4dy=?JJ-D> zk6k16J8#$&Qf6CY#SYRg?6N(VT+-TX9B7KrpdS4zW7P_7c4U<<-EVagd7-1d(ajBbUUhWz7 zixZw(UP`a#M;K?iDc0L>sZpQ1jw)t{hVz9p-6P%gLhMMI)#|6p2A28#Nw3B-L`r5( z1K*XpR9irbz^#^Z=?3}dNu3F_HVe;veR)q{uf=UriNvEi|Q^MYyZVk zg)QY(*OyyNHo~B9wOD+PojFK~OPi6%*TxXllAxaXAgMYq9#PcfW6%P;0q@^Y4|^w= z5F_0=nQ>qO|2Vb{+QprFH;+v(pWX3JmYhdT|ba8`86^*Pd`wV&z zCN`rlW5xY4UV3PPuH9$uyoVO@mq+?})XT zkr}>9=5wp~Le}^K2JoeET7pWBKt(K>QwvL^7#ZrsW!wwIw z!hv#fh}miD+y1I^PGj~#}j=e|FF zJ@Vy2R}}?3Gps)4zTx74DEp*Jfi6MC<-50UAZnU?iVqB8rA6?&j)PBMRzEFHIDeiE zP+D~_Zy`VKxAE-^$5P|CI047CfA9eGb4ISYg@Q|~o)}bDUkD{Mx>OCgG^k(Tvf;bp z)U#p#B6q_>A=JS_JGXd+CXEEh29z}4A@udsb{2C5^-RgIl#&FNYZ?Sbx32()y=3>l++blX+pr+_NIB-y}kw~ z$NyT=Vlr@988_Dgk|v$Yv_BW#H5wylJ(jliM^<&fPpzw*UVQMIR~%^0Ku`zAP&ZBf zXcd_)>)EI-ER1=QOCWR!&P!>!^2_Jwe?sPTumcISA4V;=XKqDG{&62RX9czRIP6~= z^u!_>ofZC6)!v|B=T14+wPyF93^!|u`Dchv zI?Y%>r9Ic$1B$%@T{S;58XEFaFAy({M-;?AQ%*u$D@G-Jk`Ea9HJxy8_g*yffD~i# zx#vT_tECE|6X{UcnI-XI?xzs-Ef%tCYooc^HKZ9V@4#>7hr9)SCIDC zin`D*LyMY|>SEidX~iQ*c>YbZ<1wk;Gg-R4(aBYtW5DgO@2#t3Qcz++Pw>MQZ)7^e zD9!adz4es)<{+z6!Pu?vc7f^THw!197FNu*&~hi64M87{%1^D;s$@oR9OSOXcSZWP zr5|VL*XTS$^;J>t?SP7p4fH9JX4aYao(Af`0mysg692#SF!OwuX?gqxbuXGc@JX>1 z1aZ(i+0DF`10S|HHIX$a>40ZPekoM#CHwPCsmL_IMT!-WdGPhBNMi<h7-xq#O8?3;3 zHQ-(6{m8LXqRbe4JhgGoZSt@OKde)91$-KN*s~)=O8xUl%GghS83_Ol?ZO^tQWX?( zr?bmCPG_EGedz2mNqjr-hpXaFXdKjEoG*-o7)cjUOcy$cp~I8UzI+>_CEn@P*wN85 zGpk{;oD;zfGf70E;~s6ge6{!BM{653^=4Z25b9FwQGEB~h(7wvd11g#X#ET~ zFLru>+Z}pjqum>fn$FZ_G-FHOe``AjuT%^LGO`02rt|hQ6}}C{eG>@6^cCdajk+kb z81>I~B@&V;o^f_VKc4`U5qYrdT6y@jzmhQe;ZM%WVB{G5+v~IV#BFtW;ltNL1!mbf zpEVnVg;&7_rGW`Lsq^l!B_C@#F+C|ElDkr}-ZGlc9U660WpjA3V!-Z@d#N&c`emkk zJ&%Md(V*RzD#jdzit1;!ZH%_r93@S4&2j~(`}bf(4{Jw%$$zJUa%W61EZAWySsMBB z#8+kXT60gVdKTi_0#a9eBc3J+H1DN%B~?Y)W%>-oKPz|`^HkcX3mC8>yaKGG zw)nA9;eVe5{d^JnaHJ2H{PMu;(fVZz=ED?DyuOP2eL^bKq1ARzyoY^O7~Q&a{@eOs z{HyeG)V;x_3E8xqfFgyG?#8w(hiNUzhQ#?Tv7}BpTVmyD+vK!Lv68z}&&x_l^y8ZpWM`WmPHGg?z5k13G2 zCn~}(t8ea`Ml*I&_`z@mj?5jK&&iZ6)LFTI#1^NC2+VvInn>8 zJ1Yu*G_b0ZHh*m;1Z zgJT1B2$883vx+owR@b`gzs`-*J5tK*=k$+#M+S`%!p(5;hWVF+xN_uuE(nVeOy`wvH6}9P~dvnQGO=;P@p5KhG}sC z9(bN8vn=p4(fSxT1J0-BClJzm-(fzU6kk!2D$oHc3vkxDvzb#Tsy$dT+8uq*_(}7h z5o>#0C$=4Ux3VkX0-vuV^h&Jnip<5hSMY>;YzrCZeTA|%6Pf6XS?1H8W&#!)6S z6kihIC_2%Q*nilW0>f!9Tkk(k?^M?O-Nc#U8&fCs+9G}=D*2RkA^YcKld@6*BQ?-F#aNzuDy<0Bbhf1Zw zgFe%uGS^B=56pHIw~qx}D_79@4_htH{&{(PJ9q73JWJrslJ2Y!TQI^UwIR)EBh1`Q zPil@5|3i<`q&Fm=gpIdke(?*wg`!))2DUV2zd!4e2FfIyDmE>kHha>QtSes)2l0-2 z21zA~;B$=6%=n~0YYM*?L_8=4$~q3G8zz{H&(@q)Y>(3gF6H-FA+3;z_-cIFhzsj( z${MUwXQBA&lHf6tdF?6j!i#BrLZ^Zvn~TJzgSi>la5n$nlX4|eJgT`jygckx^E5dY zcH;z4L9Zi?_@-I%-o;Vwc4g25wF{q!KSsk4XHdMQoVqyFZ$0`Z+{legni!o%P#t}C z;Jj141jR8AFxylhThENmQ}DO$EEyB7A(n47s}Xw*_`kIHS=c)%4_&%@XWacna1_rD zEi1Bpkko5*>1x%|N0#!OJ>dB#@;y54HcBW9#iBhv4_#MW)}8wX9+mGmC-QNnpn9$G zwQ1@mN6keUp@emmX793N<7OZI?mcn;9YW@pP$?iFrlNrAkYP0_JM8{_J?Nd#E8nP| zuPT0Tzo>ZV0_*$nUdTYx*u1wltPRU*Sm#3ITf~R&7aamN_GL=n-B|-A(DyFE-3kwf z;I|ay?<6|q52zJZC&O1HMMuEWm5ZV#pO5bC2h6TI9St;x{19UEl!~KYJktB4Nj1ztnkS9=uSeaw1e`i$}vp|3VIxf10U5u5oxclw&|!;S;FieYZA66HJ` zC?1l2;Svpe<`N~xW7JTQ)$9+8RQnj0uJ^xnWW(8c;bbWkeR>xc^^uNjAj9`C57yVW-F)Gl&^jKz>^Py?hq>f4TyAl1YWN6`3GWh%+@XKomsF43 zoV{U?$uFE&iZE=W6SB9R7gi8R>g`O4sI9WW&BscSMVT zPnqkdz!;0(d4qm~ckbCpgc1VR->OxCC9mk#DlmS!&EE>Av>J>AVph}+0XOEX%lEG{cNL>7g{uss4?A5;sb$ord+;vC**4ujI($PYeW~&7 zBcx%hm43g4s--y86KY3)710EXI;Xl)ixgyzzuyRnM4QQH3taeI)eFYrTyhwj zrfx;D3n12tfva<6T+I)KW^a-DU9qEY8O||?T2sIluZmUfedalun;d)^G z7>lmYB^dCrIJP@Yyh&nH#Zx`ihFW??uBqhq_ni0!+)`!cfs z^l^$yE+k8@SI=mMpWq)b;9);|B}+m$*dL-0Bo{pZA2eCH8pq z{n9Nd>++=)?y>Hi9;c=Yw6CFm|Gt`q_$h|(o8oDq0T^J-0&#{GyNWta7D__ie{xn| zKW)KjbxB<*%5UgRnW$UR%BYrfJr5EnQdv72ELTFXAGgFU5{_nEZ|7e! z$xU?+xs0)r?hcu4=uR%;-FzQ!n1p@w$G$Py4aD9kTMzQoBQGD;X8lq%WHcAhO$$rOnyO2x%b2fjPUr7>?z^X$^pie_Hz}dj*e4W8zKpW#y&jTo4MT-)JwVCX{SKQ<~t2P{x0=FFZuq=Jo6tLS+^01&-{>=X5wc|(n z#82hII`Tiv9hKIxA1{Lg&a6*^$dMfIZZ0tjV6)yZgWnS|oA>g#kJK@Zvl>}amwL>p z)1~HhpXYRD?Zj$iUxy{$=DZpyHha%=qBaN*6y(%12Q$qI_ud(5U9`55iHbB&AC?b7 z2#a|UW9y$zS*mTy6#2jWj7>KC&Bt5!@?&pG{KwD!WKi0=I#|t6K7DeSkq5wxrc}V4I7YP?Bt_&wfh(sR? zwM8XT37nI;U+8R7^I=@?1q}r~vj2^%km~w|rFZv*PZGg!p_sa(3KlxRr44Iu;i!`f zAr-w@E2?X?xJB5otx;t087>)bN7>mqVkSV|^DlRCn=-nkrJIdE#Dyl-43`91&(N^d zuD%cyuI~Gb9r2@>-GMAzf7G{gGl?elY>MQP%uN!6e@>%5I;JQ70#TgI&P;w!Nj>da z)D0*`<*6KBrP}rpiN4W?VrxV~Ue*!qe3&@l%V#mYx4q;{6sa-rwW#sb?zD{UNGtik z3^18@-1T%W`NDtGdeS7*5M_&bV`fWKnWtank=Lf;KJoD`$=iOO4u5`P_OV!~?#N)V z7Ihc5tsd#GA(9zB4G9uRNd|L_E}1>4Oh`M%!xKI&{PG%}8o=QepHTjjg^iPlDe%I% z+cLLKmtv_T^WktlVU+fxJ!Kp;Q>1ZjmU|wRRFrZb(ndw+1Mrw%P|=9B+I#!_qRJsB zkMAB?HKFWnA2^!YK4t&nbt6XSKDWsugAW??E>{ong~5E$r1;15>No<7v3r^O`}39<~J& zbtP=5T1)D5d}AO}x!Fx5xp1z;uh_kqm}WU4(@8FD@rFTQq0E}-zXkS zP)^qGDXsL%uzOThZ5l1pl2DxjmAQEL8-nfod9WtydH%gn-Z6S-C2qSCQfCf?HBS3Zm($rxQU@Oj4U)D*2MsOb z4{Hl4MM8|YZygAP@!4E@K}W?$^X>d)gIw%m*+(5^_XS&U%gxuvHqdK5EdoJ@`Gy8d z$Eh(>#40>=d~}?asBS}15bNvQMdlSQLbsRcm6=Pm_NVrb8~f>RJ}mmmccKBl64z>P z0pfLeXFWd5RK*%@@e1ZnMGP5+ovZq&pVW(-1sff^_{C^}<=;wJ$M2bu6yDM4@)Z$> zXqL9KJ!VESMf5e2Zn32y?#6kxSKrNib2xy{PF*a#5Hm0}LcA#Q;4!4g3GV@Ey3fy_ zM9bo)@=ZUHM2b||lN1V(EG3Yt{gtPxSwHW-j!}2#I=`!~SPkrbZ#1+S7#LXM)D#Mg zYEx6e?B8~Q?*gsbJMZFE#ldT!C)2IW&AEQ<*<&<$S_-Y6+}H>cl(fA&0lKT9Y@^v> z+b4zHZn9&Ep9XovnL3LP?aH3o1j)cQ-a4NTva2CGh%2#H8)rDxAE!=)+iXWqm28R* zQBDvOzk5!3KiRf_Mo}rQh|%cK($I+09}vBt={U<$N#JB$aTGxn=jz&%@&Qs1zadjz zqiY_HCRKJMKMOSa-&dJxG3L-AdvK3Vz{FMZ2t_zo^|8}~EZnsiaqDa9CMA;0bfMqd zOo!!j#Svgn*S~7}hth!R@-r)itnVAUp}u){t0gG92nJxD0Z+aSJ?FU8ia>VtELZP; z6PgSNrYt~qXlBiyHvphdqU_IBPhlJ(D>6o}J*7)&{>s}LGf_a>%ymh>mE1SH`edUP zKCXm($c2RCxmQ81#8+JR2YVgw*F!qCK^psS&Q+^Os`_P!GtY956ZC+tmf1T8EV;QU z;AYmG`cM6)k{riu`S8J4+`<7H`-8e9gif+~=x+n9jV&>?Zbi9VANtU@ zawMTa9H5*D*eA>oq3je@9Qdysem>=E+vlP6tZ(G*ohj#p zEcaOlhce;?zRuEaOLcOe6RA_u^{)k4-&{Wj0-+-jpzH3NbJq=zx5t^5b)p8#dWhmg zEz=tkrs~N;DwejLL?JBzsO#julnT$*_psnTc5>X#i!R-yqFgo3exhkRO^m7Tx))VCp!i0k|CZ%TK_= zqBR}1+pr~cZTd4;OH>Qd`LLC$FMW=H>^|PDEj2(fHULUKQ;`#P z?dt>bt_S1@j|Lki%&%W~AGj*Wc*|UbSD{^kGYnCsC3)JjmYJ#ut33Wtt zt;0vRha;6W0YYNM@kzbnu?Z5uVaOr!=;AfxRkl1i-Z;Sgr}mAjv1hxF9}h*U?fP=1 zjen^tZ;*DSnsYQa9O$>>wxibtC9D0{H)Y2Kz zh4~)fr#|kh2XqL-MvX)w2~>TR*I;6J(cTK~`l{>#() z()Zt^AGlP>x;u-*CA&@ssJ_0GWW-K&KVcRs+2N~?5pCWz3B>&GMDVmW#xaY<*GIJd zd_HFMb%Je&`It-kocVLkP=sljmd&oTH=<*aS@r(j@z4I!*9+>Z%-}7FO@pLIeVwJr z_q(pQIodY=c;@{L=B$?8EX{>|DNfHmm(P6}nMt-#Mt*qul!dJkv&75U0hp71qE5;(Pi4M45n@na>wt25Ge*B= ziu$uJHix6tBH1Icj`z%lxVjU61+@g;syxsr3s1D)W{2L{MIKc715Cqve)!XwFI4kS$rO=~hP-AR~DyWyy!IGh1IzMS>=1|>Mg(a-*| zrsC`u#wb@j7xdev1(81^5T?%`XL)_xF<3eVT-4M4%cd?5P@(r2Mo!z_BD+?WC;VmLv4??&>|8SYl@i@6%V|4_vP+%qiaa7VMWN zB!Y#Fk0kgNRlJKXOp9ft|xc|mIjby|ll&>vSB0u`C+W<7!m8f1M9%wvg z+@2L^jpkpOB{wn&;D4L22{zqB{nYx4eI31akeGemMW2f8b9dOD*+bieldzujRRW%Y zxn6`zytpXc<+~ZlRGN|b%-+&6gxJENJKvG7fBdn!GB9wGP@2EcS#I{V@LVHiYa6+f zIKtT+WOs?PkN0qRR=qa=`?rc8-mpav;vpW^0F3>u%5qWgt8<-XsW1atf8^^Kg+@UW?Lm5i`#^gTRG{u`z0DAMH^p9^vrYrSI&{vdO~}@T04@ z?E#E*&)X2-s!sCzG&i!rxUBtX6>AIbTstwDJCBvRU$=Cg-07EQey6RE?fmBs^et3=r3z;H;+{zef=hpqCM*2KpH>pZvZ{K; zG@zCCmqrSaU#R$(ox!z#vxG#Qzem*i97>c2y`x6@j_JykP>14X4~x2u-N|Tcv*{yM z-l<_Angb0o@8CB~eKEjuI>+C%5#iZn8!Q(1nYl!I@ccFMz1Lsci!B*8ebJ*s<{&Eb^aVfGs5@01=7S)v;Os|NHv}ZF{ENb)NgC3Gsy|! zc;85XNM8IH-_>gyZZdqYp}!<WK~GXw?^aZ~m3iiX$V1^wU5Qm|hLD+Zh?qBexFR7}gXcWwKx?1Ro zB1r0Pt$w}gPc0nMo|+0~MrTTnP6p6YG;~V zrJYiuR;^ENCiV652)A^MjZ*%tRClf##ljt=B(EZsE|r8eLd;u9y*wtWs|pJ?Q5g>t z49t@6Q+;xhE?&M43kPJCBG*F9ei@dj$doLHaw|)uONG}(2M+h?ep_^_|I5~!zq7UW z@B8m(x4Ye1!!{IAbhk)^7!pHcep+KBqKTM?A`%j`sF}9UuA&G^Bt%0uG6R7 zVib|lxGWe45*vx6#`C|IyBO=p*P?Rb6USB)6BDbn;s=j1*#q#_X2KxS3^R~8c-X~S z+-Sl0_^1HP2-kk8Nr%8VUNCz_rVj*_8<|IW(XzEqJQ4sV_M-%e7RGvG@gZnma-yc+ zKA=F5I8r)p?YH1+c(Ud`u(DzxVi+xU)q*`ceGE=!;Z2;<1AId#R|p%#NMTtj<3vds z$lFZ)^4pi{d^xfOAqKBrIY7OUKGTUBgJut5_&2(J z&Wn=P0-WN#RGpRY%KFrF-p6)NFSmz&w~O1xp9dFe|6TecwWH_x_{1l>X6wwM@5@Et zS7TFOiziJz>>E=(Zo6Sk5yQH(L`V5@s?)c!P2&LvwWvqdE{Fy*AOzKBs0u)~e*B6C z?=VJ-iwvLdcDSmyX;aSIc)e;!&G^^pt@k)@`>r0?F5bXoWDhi&z@1eLUrTFy!TeUG z0RBBC$|d5KaOhU9ekG*{K2MYp=r8okyLABqygoA70!s$1CI<$?1K4f$M^o0&Gh_$< zK^>32rTBV}`MI1RGB40A_Gn514-LX+bxuF|+vp|fhw!Y&}T?9_~Yf~C%eIob-37{hOrnLQ5@4|VEWJqD0wndoTCw* zAVpq~hPl^9wVc7-Y2dmLxrizN$kmaZi}QPC88=c%HS%tvN7MYL7Ru(xEd|%oGy&xh zn+_1{WAe&|S6iDkWUZ}qz?^6u7tf$T%dNBqRx9pF##Xs0k@&XcELfYFGS%cze6I6t zLEF={a?CjR^f5tAXWH=X)9;lna$?l9f1r;<&7|#+s+!oM=yL$dzp@ke&H^9V5=Iv z2aus&BR%y{sBRq%6RX}dk*RJSwH1*9UxbrW3-nDP^%bWo_HTiysi_td5?)0w2cX$C za8VbTksr^dtc_G`4aI|eid<-D(>1)hCNKo8c#Rm^V@gz=bjeroDAU-7<4d3D0$-Wwa|0g zD2tftfbhKNBYvaM{!`LmI(qPm%|1Te)k3jpgxM^oAzx+Xo24eJv|6?q@d1cUl?4k7 z{gIuOp>JsneSKohzDNDOJHoOmuU`v5o@7kNP>AaOr_tV0Q|m}WSC7QzB8@6}y(^p| zhX3NO!Mh}-50SBt5x9#C`#M6@PUto5!B9<8BK(6Bjbx8Z&k z&b-PzxADw)5)WE4wP~yu6L|*8(hE=3?6lt_%w=&oR z5K{1AgE)rWQ5)kLN^muOxGERDCTZP>^QzM@gspXIX*Ias?1IlGH1@8=dme0j%#D;c zzDWqkZE?r^y?E~X05uzDuUgwaC29Hez<^L_B8kr|*g@)sVXuUj&YhT|=iKt+-%;MR zPVMp@j8sXEM6LCIemn?xtdj8}&^U|(j#q0+TDzO|(j=|^3uUkn?X=p^2v8dy6#(Fu z49`5yvA&~MsHM3S&jrX^(2IN!Le#>sfo!od#j6=~%$BP(5gh*@OY*+1;&B$$I=3HR ztee~%Ky1RP@P&}+{FolFAE`3J-wOWDM%yVNOS-(0e|hd$YH`_eHmhx+mRuVXwM?P}!*`J%_{ zV+$=pb8~d0bhV~rRG(kkuY4`lxn6p0o5biW9X_7CJ(hs(x7Dw}OnAwghOW1uBw9x_ ztP&XdYyMVwF0w~~GUn7M=0o%h)v@;KgpE2v1d7;iI$l^tR50M0 z>(%x*96s2Gv$@Nz5w|Lh zNYsW6qTh7&U0B|6f~gps(;$0~dMZcz?NNGjIiUF-bAJTiu|@8P*-XY;jTcllGg5aU z^OU*=E_ik0jSY~?YO3u~)oLuY1btXu{e+zRl}N_&=JI6~? zM%PHyx0bX+xUkoOc;m$-v`(d+C`f92dc0>?g%7&+!n6(Ci^XEV^ygxZ>V4e}%+eWY zFCo{cGdze1y&+LG`g1uT-TT+LI+tx>y(s?m^De5N_Zia)hh=8{*G#upW6aYN z*x;_1YOe=6BY71rrxFrodoQM$o58|(r2%6_u6aY|k6$x3<5sP4Bx!aBW-LxDO7Y{pmx|`R-$Fog2w-4Ryk%}Ozuqy2>>6Jp&WXr@)+WS%B;}};x zRuw$e{F+s2Dyc%cN}4# zxE-qsHWasx&P^q$l%}33o3nNDXtARTV=ZslK{btf;E7!D1IQ*{Gp4W-!|%Y0sJH)| zGp)-r7c|`Lz0Pe#PlTV%U~7VIq`uNEj%osf_y|#La(!2|FTR!~_<3ImJrI7@5_=XS z*q>n?@i+m)y0m)eGn0%>EIltd-rJtH1;7h~&9(dU=xo~Cm8*p-INJk#9j!Uzcca&z zl;0CoGD=gYAKjMMofvj9>c5*UtuC$2uzgt2)zdn6qs~QnE>{lT*AN$&ifRoVR>+3o zU7f*BJA5W56?+SAVL&i)_i6&i5>s1)L7X+`(cROS)K&6c2bUINeDv`| z=gR=0HoY>Hm_ZouClVKX21KS391eRbA7OHElY0M=P1LM#tO9{8Zqod7S=XvmQV-$~ zgf@sO^q3bEcx|zjm}$OVcgEc1oNG6janS&&?fe_Is#?Yv?u!m#TBk(`@-}1prdV`l z%|+wlq7dbwCELtP3i1-2qgkF=*CO-el+R+6%KBDascffn{{)g?m9}>E)mFMrdtmRe zvV7o}aJFb%K(d^WCVWY?NzSkwq^XSE()%;;&o%|wHXtC($aF8Po^)T`)Q&*MvwD0=D44iRmYXpUO>7iBY`SB5OQK{4CxqS#xyYJ zcx!<{3D`3|e8sooLG3l2y1obZwo-|eUN!KA=S})^MKsRDT}yC9YIU7i-t(c&h|SUp zm7UcD5V6#M4I?tUq+#rquBWqq=hgCk53W|q=QC^coV+}#^WtgZc3Gw${D=4t5PB3R~GcIq4fphbBaX+aFVP705F z4l4}z_|VrI{koSVUH33>!EMvHj^l^D^|bB~R4~q#Wo_y`-iCSw;d3;%UT&LGfhl;O z=joG%*)XM-M%60PG{@9?N1P#kFI%Kbt{f&Tv@B3!2hVCvZ=abzo?)jt?PkgDDlG~* zB+YofOQR31jlbB_L%e2kBR1r_p}>fBl7XIf@~#`tln!~E+*VqcPc6$^iU%Xy>PzUQ zFP0K6$=~36nSV}-msvV@woJtG$IO{#sAIT5FMaeexaak#Y5;q&?*B4*LN|(>aY7>p zkS#b8wpc9zPX1n7I3BcFwa(LJ>f>R7qmMP)KrtEb>pS({6pj22d%kh;Pzga9V?{^Y zaCc9EUqtkF5T>i2(MMh^MFi4DUei6;Zm#HK<_y(WsM6XvT*bN9?yc;;FQos~W;AKK zo3b_G@eDwT2NrQOEME<>+jI{ZyvI(74a|5ACb`H zaS6C$J$HBRgB&Gv@STvpPP@el>g?cSF{oz+<@PkLzEqQ@T()Yf@}OLMeu|y~wqvAW zSVG<<8XJOP#I-Xqzw@$DB4j4GvV`up^?(bZ$L*#ih!OX(W%t7?v{#>b8V!7I>roBv z_T|b~7%dGRwknqCl~S<@X>f|VSC4RMmNQMQv^LNGnyT3Hq2EGA?Sw4cif@FAsw!SatQZ{=bTkB!KF!dEBb*^rNV^@3?xRfAF=0 z^(M8+ls>U^c8tVDX)8L~zRJA-b2cEBPg4)?L+s3PAf9_1E8}gpmd$**3t_g|wWTMn zJp~@`PtLKiRm1JJcBM3HM%kFL!|&5l3XT`OPHim6>dbAGhEnu&rUtzJkOhN^=->y0 zFf$X|k3%umhy}T#8gUIMTR1pbFLrMa&7+%@53om%k}Io0*W_1g?L&VdC)ox z9hUD1(yzVcj-Z-&nDQ))5@2z$95|XaZWtDT2`kN@QVq>t{eOO3z973kaWvY1$Qmep zqX}6Z`4W(cxjwOV_>jA0*#mDqVJt$5QmHe5+zlVEEYdtq#VY|q1#~HXCdl<+`_Xhq(;oMay^$sma6ltw&0Q5Grl|<^>)H;qWn1>FFpmf30NoS! z^YELgkcd}hOCIW0rrU|k%777X5J6Q)qwk8$WUw{v#Rnd0A2&QWngvVT-i_Lx_C!dK zo>}Or=|mfJ*@GMKWX?paXCy|H@a?DYY}t=@o#2g~3?n%BT6M77$O+xlm|h@RDg9*o zAcrJgmS|32>c*CFWxO(W3C%dhi{;~_8o4KS`n?Q|&D;M!vE zRzQ8b@Qok6Z)vU*cuWP$3df0Km_9A4HP za$L3p^_=ycu{T<{5Jjs+fpxU=9V z`<04Ze<``-Q4iZIOEoK~C7cPimP#lC)UjC*3w7$$0#$sp);3K^Ycu=*SvK8(cj-aF zFv zz&m>LAzbhZTP;hAUW#IuO#CXxT+ponwKwXjK>c zt$FTHoknX%smezN{FufLWAVXvjF;mhul4QO9_{l(v#0B;OPfNLt83OygbFKteMt?Q z8SH=ye!cuPc`M_hEA!WZqsp?JBTyp1xO7J`ncLLtmLaK# zcy+NXqxz)Yg7d34Y-xfm-9&S0n|+l=R8{ry5%u1C2Kw*P3sOm}T;rMg0aA{Cy`QKz zU>Fs_ffD(6LsdWj0vCF;>97%sh(8qhOTr7u;Q@Hw>j0wmUKV>aads|>6F2`>Lkrq7 zUT||BP7F%j$9ZS-5b5DB!^Ysju$4KBWaFYb9pmlQiPgFIRNUtlW@vCL!TF9J zE*wKOMR1CI5pSIYV7G``?L!K>!ixoD1EAOwtIuSriXI~763|-o-q+L@oQev1Q2l0{ z8=qMcH_fsxmiG~x*I>Epe$#M~=aJa#vv1r>J%6{)DMrlM&e*!CV;I9kGzrzSx@} zUfKTW0kZb|-EFgMeV^QY&rmvi`qkK#ox!?l_aso6G{)9Kegv888BRVC8L9s&N63H1 zVsp~V9xBb)o87?JO(%q*D_8#&EE%yLIqmKuF;%CktJrL}m@g+)(FvB>Ck`WF&cHDW zqOTLE?tfz|?lZ0=8(3OsS0)N`?n0J@WsiBik1=KOSx-FM@G^Fc&#*c8zN<<5#$%0G z$y6t(tWyCB31W(3%6uO^VzLLLmg-jGDwDC}@Sr-yZFiu1uFCixq!LFiayFVgp7Xm| zImEHHBrC1`7C~P$am~IFMthYoUaePy>EXy^IlYqUjMf#R>MIZxoj7Jb5O6Qx#VrGm zE)qFm5JIR5Lu=lTt;F1V2|#-O?%O zKYZ^I^_7|=LLp_zTKGrZWz?xJF<$s|Q1#EIXK9a5lcT;^ z2a%&YNrv1fdYOe2{X}>C??nxmzUlP+Hh8U3w0&*bI*J`Hpu3#1}vb~-mCq&N=){*)Y;X-Ke2XIABc~JSoQbB z(<0l>2a_frYM&gubf%|TelXR)z%N)!v#JQ56t(QDP7@q1kT*wd%KvbF6Xsd_WY`Sy z1I!26s_Bw|GS_=YNeOom84h>9!WW9Fm%ns(w^iSn9P32DP zzE{lzRje5J$)|AjB9DOzUJBUNSU5 zsE8qQ|BhJxE4X89SuJQP!Kh!i8?77sfF8&w=8)mzMXr+MWUYH^^G%mE;AzeA#bH%1 z!{_P29MPu71E9GwfoDF?Vgv*lFoSkTU<1n9tc#a31so$wJLMseQxD5-K>F3U)8S#d zE#4Z1n)qBm$3l*e#mSx?L9;L2crZIPMc#dl+%cei=%l!@hor6AuvYmogg<_2WN_jg zQY4PxD2y2Yz+Uyh%6a~Ta@zKirZJB`A9+FY=Vtd|DtTH9U7 zO~H2HyE?5(rWW$!5*>zJAAYO}XEQNA4G8=Iw$d7#X5 z5x@l0VVFZu8MbmfyE9^=_;}yag_LP*j3?|ICyXwKB@VY)#!~qAD>6=gY+6|vcGXQZ za~~Kt3e465_>K7qDb3G@!tuYG6l^PmK0ewrAK*vuXBW5+`%S_EM7=o{cpZ(iEl`6P zZ%Q-!{H0!C^cMbe(<6^@o%Vrqw;337R+i^thtTcf=hUZj_wRW|B6Sz*^`-g&ASc$j z;i2hiQU%ovwpl?jFsvhG;Y66al1U*w)$jknjveK8^o*f=aplft3u7^qr#Uhcr!C5h-^Zn|fZGu<}mO|o;YCy4Jpi-&jc5B}9;1LaY zLb2|u!<1w&+0gBt2#cZ~A!PHEb6(Ri4-Iq^SlKi4Ht;Seo)Y)qxRIEN%vO3s&|FzE zjE22})sbuivPUXNu|vI3g?PcZ3pEcAmb!1RdjKq}kMnmY%mEMfVpELiqhuTP3^-(( z`~cS49%vJpXl}mT9ylVgnMl&d@#m~3vuhE;pPWjltkxl zv0_&#$~3F|(`I9mlTJL{G{1I(d&nB<0ds-}#Ac@ADx0H z7af(yu|Hkp%_g1%eXwWniP<%UsX-~uWBBC4|7f3q1F@G4uJ-;cInCnqOLa21Tj zsy^(A#BEv#jDdDd==L288Z>pyC5o}r8OU5%pzinxhkZ^1%mRYqo#ynf4nn<;+_SlayhPr60EaiO37`YUL)Q@Up z;mXP}$NeGWgPrV7opSkfpx-()M!3XsWX;vT+LyUh^-&7}Vc-NLYp%bwZY!7z>^km( zbuZQ7ox5Qy4dcTGw054dHp@64Aom}zO$FKZxYY-LB=2mP(fZ+#RybN^?X{N+sP%%8 ztFxLZC$9L2PD9*m(EdN8fhui&b(I)^nM3>`b(_xDF!pF{=ojIOaHM+2z|*dDg!%K) z>w3p@KfGAN4kO3$+)8*|G3ZFTEBatG)<(-ZepC(3H7Kg2d-xE-7z>cpJ9+W%R0Q31 zV>_B5s7#vBb6^x};BVz z&xtU5N0!jTJmatJHZDi)1=ufFWo(R&`e%+DnX|BS->RDqA5e$lk4z4AAEI@fYe|9J`=-S%gB{gR=X9E4~0w+lx9v&w(`WZpEFQq$pC%9*0PO@bx zuJaTF@Upyv4;z5EI5F0&!NxlALm`bad?;8m(iKoO!>oh&4ZXZ=NLvgpxIQ}(7qziz zrFy1nnm9iJPh5o$*1ROX6q$T5@wNxzv8@wd^FD00z8p2&RjAE)m;SM1c0OoRSf}l2 z;D5ravjMLUgkmzzBiy%bXo$BazxUdCph7O5$=$~oJ{^39&!c1l22x)tTy^hw4~K5X zMH2eVbT|$B!;Ya(DO${WiEqT0o0-SfA>swk1YGr(OtrON$h6x`tizZJuwRVy{8V*6 z9pSXyy7&TPoEF#8Q&wE{Xr?e6<9yY6k0_BXoAHCrpZ=W>wGiWIE`nY~Hj(?-)pV1tjIzyljwip-$q z1a7pvdHzt9oAGpMc2!hq5noePq-oxjiA1M|wMnQvYAEly;^cX$_-X_WSPU8vpA+FsUwmjIex`95i5&TM=# z^vm|qc+Fe=-Qt^jMeb;{W|rI`wrDFs2zDGWBcaqdi;vls+wr;@w9!VSMgK6;V3*N-fz$#;mYr3|Fy%N zp#HWsap_!@1(?u4Bj&65d*Z$23%qSB&>BWYcMM@~t-RYivk8(;jFde#(FPG|0&r5p zLVdiRF$XvMw1cDt;W~fbifhG5*WMcATk^Tb>Qt5a)r!*8q}d1XB0TQScx)3v6yM*V zCTrU_uc}f?449~5n4OBbf8YnQME0a3fu(-<@}>LVht`HHO5M-y#9PUgwe%Yw>u;pA z@D7(GTe*fm@6z;}$IGj<^2+Ex^^OQ(p{~UTFVjw4wat*OrjzESX)4o4cKBZTkF3*4 z$(PKNU2I}I#_;X)Q@fp7E8F31sypi<-Ucj@7`ES)Gf2&QzR92e!b|#HiuhtqB(BrK z+#jHq(0-+8>ZaGbeLrK|Z7VmfzH_a8wj8hS;=!-n`5iz}X~>j#*L0wyQ9&)GXLOaZ zF6(qV9r3G5tJcVDOsHA=j{v;Mx(skiug!RDtUN^byzoo(LGsybqFtaKUk=zwSb&GU zkh&<3{vGA`F5{m^x{UuDi;#rTef+(awI5V`J^WMSm*I&+)Y3uCW}l#hAR>`S3W@}j zk1Po^q8PPdJTpktYPtH0p-Du6q5A+7CZth>bx7B#x$$Pee%WqHa6rc;EU%8w3>|k{ zgU{dbrZo-wt4qwhsj4pBLB_HJE*?fX$BlgD;kPunnF&p<$w77J#J}WE>`vmJc?oG= zUB8Orh6bVy{mr1o%GqgAuE~gLTC!P=vnj_~O*=Z*6*o7Kz>QSDW9|Dj5>%3cu-kCJ zyMM8m_f#6Y@As4MHR$LcIwL=TSp0STSUa?Azzdpq0(fB8%W$Igs+j`p?q)j=@A^#^ zu}T`(^}h)txsp9~48HQROOkXt8!Y~J>lg|T^9g`VaKa`0295SV~gI_?V2jst?RZ#lXC-%Sp zJ}}5c9gJ6S#wg32BXi3zoDv1iqp<=e806YvBf5FTkeRoks!=_(AqF*JX3*bCfHdJ^ zohu}~NcB;;}BG+{uW`1#X%6udQ_5?{hx8Vai<`iU(n z3FUu})K_hp)DTdibLFbI{jtW|(<*50wN-eBb+GrV8>AIq+T6KGPcv+1h`nzqco`qs z&sw8_E(H%0=@<2q|4Lf+JeZW?Z4;99W;<&%r5QH>nQz2yj0J{Q2u#U=-gsd6FwnFx zpi)<2;n$986*dqW`bd`hSN9H|SG3Tzn>G{|_*d#zb@qITsC!IwHS(Q3?%by=L zV%uN;74S{1#~O1*R&OSegWbw4cAPf?5bWoh_qu1qf;S;sqtMKSCs*%2`FU~G3irLd zU%1-ZT#2*w^M%jF#D*wN+L013M?NmPE>QdFY?`^ip3xrfAHegbTfTC0oyXR=$9_&c zsri14z#~HVCLZ&g@FsG(%x*J0y20c>f>2?4;wj z>+<6EI;Qn;9566g?e{yF7{poSA1eOUoVyca4pldZHF%_uyNc8O@Xc-QYV`Y^zt_S@ zdTmEkA2bR3x@tZazZ1oex<*>~;L~kg)gGyN$z(1&=Jk;>CC%FM{Uhb4P|uU<7ohcc zbpo7x@N<)-sm+{|8F{zM(-E`49#=|z7#*p&sITv@8+!Hev8+E^|Go4Fsl50w-k`f1 z=_)&jCOJtO6hMbLY+JkVCpO5%G3FwvytGxdAPT(=o9i) zk`~oqL)@)6{+EAM_ux@;c1y7Os((@=ytzutw2qyqiRx%dTrEy>eHc+Aee-qYCuX+* zde;#|XS!bMdlEeiF(r?hnFQ=IHm;OE8hn>r^YcNKr(S-e1Y?MMi?>v9}*e+{LD@ThD zZw1hx;?0_nvnKAMVcZn*tB0dz!U2kW0PpH$V@;okC$H1Nwo=3QrrmtE&!B!WUWkx? zzqV!2ux&?1b_Lk+s>*{}B_^+*uu~~*_U0jzqd&Blh)2UnEI_!JwYW^+@F{W}qW#zJ z#bds+6ufHQ|3v+CRl*@&=_LD~Emkt{ye-;u=JOr%aexNZyK=aaNMw*(f!5zgmKSmt z?#>Lvwg#ZLbQvu!Tjjeo7M57d%-krcD3qx`@g>AmIi?)$#);{h>b`vi{JmL_#HxS`rm|xwB<)KpY7fPMk`jT;P&!J?pa@fx21ukI`g00W7@}f`}+_nxdBe_Z;1Oc zn1*}u@cFNP?w5eu%?(#PpO09P7N5N*uU=oRwZE*?y$U4z;@z!Q5^5&%U7+gs8oy2> zODB!nJp(3vXIO_Zvg<~~=5(mw+kP`e49 zb%xpfH`JG~Ki8(XL5+cG1dbc;OU;VwV)d-iBNT;emsLxa zYOy1g$@U?6bW5ICZVOns<$=naN44o@(&kV_mE;%xY-m>jQj-TZwIPwp-sa3w^eb&+vgMiZPt;_}Y zE6?zF3z^Oc#r-sw4i%fE(<8keBUE96CeqH@a;|X=3Qz=4m+!ohs=?6LA^Qgr-(`Jw z9xDWVI8{9f(^FjauRV*(IXIPGVB)U41`h(sg5SgBtLeU5g_x#~vP#cPC>D1N6?DK%@8Ah;vFwoB!@M-0BE$%4{9vFNt)P)V|v_%7eNL0%m;utX^YS_nv zR@#kqfqHe-npb_S_jg0>yOj3-m-IthTSM@hO`i>%m!NEo4|&Zx?j5e9u=X{4r3_*{IRK;(Kz1kO<5G(36t}Z1aXb8`RyG ztyQ;(Xph@&<2!Q8rV-c5m}R0+b(rTj2JGhT(dB^ampn>8%NOi#Y|dYm{eE#2^Lgm| z9Q?1%KFU8ce|)0mDK>bxeUbU{rse0$=@7MN_Q{eTB$*#spHIA()-bG{6TgmqJNQv; z9WQwTio|O+`6r(u^!)$BrdpC&GjMtvjAFh+u#X)KjgI zQjdhT(@opoKykN7*+;_tI0dIF;;udf`g^qR>4q8WV#6FhRXtMsLE_}75*V4<(S6(6 zv=9Cjw;$#1z1eFYTuVvO=7-df@&EleQt)@xeh;Kyn+|Df^}bv#P0;(gTs&EfeSUW$ zAb8lpv|k!k^Spxh3-jx!>^7b^d@!fZt5>)B6aQA%HR0yr!^$#+Z!(}y82fAk{|_nrxxp2 zrKJyVv!Yv5Wmg~XmOHA)2NhM?oWC{y#Txm#{c+YyY@JcYGc{bEPBc<~e)Jb&(MCq) z=Uc&NUS@3hX2u3jDlS@I1I|jJvPo-fDDBX>SWbbc_;a87HP&bg+)4g zOJ8cKEc*b18Vi*H7Ej-+sZ^1X6sOVC8`~` z+9S3Gfg|v)NzBCfeqyz;*3lLlc2du(B+YJoC=TE*~ogBoo zM;UBJe7rO|P)46BLr@xZ_>~oXF=8AzE(a*^RvM~Lw2BJHj4gKiQ?}yAxdAI93G;Kb zv52Opm69gE%pl{xMBzTEba2Ezvox)C6?7zweM4GQxT#uE^EIwmm=9D6!|z-^fu*#< z1bXUu4l4hwrR>K`9sXrlm}!)g^mg#5`*%^&VxwZ6PJgP3|Vy2^E4{sr0 zurlo=(=qzxNq`Bf2+OW1n%(Pp(Lrq3dL9IGQA{~RHJVJA9Oj)A@z&*w#q z|F{DTmDKt1-T4QMAfsLeloesNsX!@In51|@%->9i%|Jvdd!uBBRn4))Y=l*NXGxCw z8IK@AbX0O{@(+ddspp;5*zZCJ;Y-g;%E+Ei_8yobyUS^|*Rl@U{`{ll^`lc^nO z9reu=WzG;TZv0ROc}$8rI|-DvjUwcv#4o8oXdadVDaHuoC)_ebG2Wl>>nFl@jYoMD5Fio2uxOZyM4a3y~J+k30JDP#a|0>qvq+JE%q#lu;AXkBxwqyl-T?)6ElA@{}$tXv4WX!v+t3#`TLs9MCJYs9xk?$K@#uBCKkEa`dGd!7(4J0cq&KLT?X z5R-&GZc5n++e07_Xskama#*j;qARsMTO2rOnH4e@`>a|7V>vnr0J+3bR&% zrT0$$_2|H;iZA;M>^u4mDdfx&Zchhx_2zd#h4?x9T{@*TJhJr>$NvLj&muyBOdv2(QC149m^T+1HgIraU#+2nX zE`736ON)%!k3f`~!LK&ELwjn2@>o@hu>hlkgcLc*fEW<&t|2&LE`Wu@MrfnPJD*0r zh?()ZcJeSH*&gqER}JubV$Of2=-6mdbI@XAmQK$;~5oe@(Xv^JW&x@)!eg>}YSV5$s@`=b@nSNZK< zSggx13aB5~nPQy3u@?T$JlN(;59e^apSW@me z(wVrewt$mEwr;^Ip;d1s_DA#V_g1q2$Kv6SL8|GGZzb*@)YKw)srk5@i&#Zb?(r8N z3!7ZX-659zJJGINnJyy+i1m2P+1)F$E%6=ykD_z&XS)CY|L^nZimRNiOinp`az2c9pyrfMi8W@jIZde9 zfsML0NlNKcLKtFp(r_`RIp&x{C&pwOLSruaR*jHEog0|199k`g0Dcz+r<$z(x{Z;0%mM#R(c`W>-2crd0!p zxXg}1Z+RxIYSz(a=>rqJOz4=Mt79Yj`GWW;sB_d_d6k&PS;!d_4lk>RpfKk%Mrevs zq<(g~Uc7pNY<89kh2;dRt0Q4tahzhj;(|3y4C(Q; zAmMY+jH<1|>W@Fd*r=l6u=Cf<%UlYk%5y|4f80hwQ7h_Eb}sqosL-`{a`IPSz}56C zWr>c8E+RAU(fQ{9mA8H?m4=Y7$waLpTbLQ|uQgL8)NThz_jj*}1+cGJqke6l@n6RF z8J3lQM~-em3?r&#D-GefaelIH;ZAM9%7zbl`fBEtxz7oi&Tn>8YQuh?T-&xTe|+tb zWXFDVD;Oi3*iIIHM=>_(3@+j(sRP@y1h`;*;0-Flo&=ga)aqIT`V<;589L?C#V4Gu}=13|%i5OwnlT_XK z1S*&1qT^9u+&rdtHZVJcaM7cw$!&6Kp~$NSU-f=0-ESdqjJ7lweBSWAGbIe?lqZF& z*|!{DdXnk>=u+`tKjIh6uc750AAozlYX_9nqj$zJkI3%n(-HL-j(sGH=~fk%?J<}E zXzVVn>ww?Kxgcp^{jMzTI7+{vt;L5f4(pykBVv)d4?Q`!j6{0{SsS##GrS;_yl1F7 zXJ7y1oIr{%n~xyQ`=s{Y#M%`QId-Rla9+gY62EoaH)I`D8yzY&1#~FX@TNK_=Zj%5 zN^Qm4u&IVZ;e<5X6lyPuGAN`ImI-s7eE>$@jb4OZ3=0I}kRhCbDyWXG^+mMjp*@!0 zwbIl*yuHJy0^bkVgmY%AaYchY#7H@hMqlAj%fa~-YT(`CQU(!VlhPap?6l{nX4Tpb z5l5gw_y_y@)MYyPj@5c(Kog)*(i(37GgKe6&nblZW^D^l%(OT2OV2fNe8(dnJBE_k9~aIApY~#TT*$>vVCn z?Oa4l8M6lVw9v6oMG8bA0t^~4?8?cWX)y_oZbr(ksK7xjh*KirYo zJ3GaT4-`%;paL&p1cptyn7A1~r*F8t{#gGP}#)Z3ZFCo|OHiP!HZM|U?^vL#*A-pee;OL=U*?(s>&(`nq zIkz1r@qOMbUlkn7K%e}cbOh=?VL8j*e7Q_yPvoTOj_WcPOAfW})DMq4$ga)rJU2=9 zxZp#Ilvjw;;V8iKrn`m>GCo9>;PiAZClCtGvcHEZxD>g(r`o|`8lEgt;hV>=*}J<` zyy>`X zZ!|WU_a%@gIxdM_>~&NfVL5$)uoiMCYc?K7myCW6F|rJ(X^hxEv&NH*RPaKhE~&GK z!?Tq-9!+`~RbY;&sZ5ZZbgZUvfYs_4_sMDj+MasB-{pO$5>|m!g$7XRLC7J_ayM)P zzR?@jL3-imKj=A|{J@O3;^g9p>1-ct9I+Jy%)#)vdiGZXzg%>E$#4Tajqp_+J9jE( zuT18qw42ccet@$ccYZlBtRtEyJIY#s9O{`dJS7jNKpb5WPE}^ISe7YpT^u8?`P4D*w=gdcIQRWmZ%S>Z0YueHeU@aZHGPxJvov}mQ$F%tPz+&S1AFtNkjV`}qSijf5v0^zK z_s#mVg4SY5NUOR;_zoFM3v$qX+Cuiy5q{Wt7Z_gg&m+%N1Hv~w;|%`2qj24CSHdk( zgT}8836H*f*6zo-DivTKN>9yDYOdu_$4DgRhyj5MkxK?KFDUVrzEI}jG+i3K&e_>H zeo#kS?wd$mpbvtd(eVx|FRrV?k(e#It4RGuzR2Ehw}Iy(rPI3se&@?9ubN5t6hNF} zBP$n=lV7K+@|j>49(^TuD0HPazFQo8b1tuzRHPTBzCS0-9#hdHjfX4~#bKa26rx*^ z6&k5LF(b7+dA5VkgWUfRHrf$Qf(SRI=pYP-QVJh! z&#)OlpaR@a5>_sO#j)WNY@r05_@DlH@Fgsb%!;onY4_87V!V6*LZJSonzA*vZki*f zp`H4-*V22_f(}J5-Jq)OtC`|7QM4gw=du0O4&ZcKwba5kQ5Y>OG=@GOmSvseh8$f8T)$~wLQt?5x_VzJ7(7&drsAL9>OM`D zSL6Gq@25q&I8^G!j}4$?3)PvwRRH;yqF3J8PQ-@+f=HR$QW)?P|2KeNV3cB;<^5}1 zKyjVCT*Qme3j+fQKCdebBwv@~>U}&KyVocxl+1|+2h_=Ogu#8nrGlFUrhiEH0DoJD z55B)xP|Qqb?G0eDd zXcvSB)5&=KyV{YxrBHKO7~T=qD{kyfQ>|92>Dv>H0qSf>pS6XTMvq{n$q@QW50^|kSLkiSHM#z~sjYO)~A zLiiR}0WXGv)C)}o{B_WZY&ffPUt_vb%1@x@&&?ANs`;G|jeTX;htl8CfA#cro!S}n z`0B2mWe(^F$bU`kF#S*ajf3A*FYg*S+UwJE=vgsY^es%aMPE%X3gH?g!(%7uQhK7F z*j>3cmHy=HXJqeOfZq{bldkB+j*l8Rj~+^5)q+{Ex}(hy}DcT>ZNO;xoSH&1m#Y zxbX>|b?0G5Uik2;qOL7N#J1uCuRga>V`tD`>~NZ*P>7kgUoXM%4vkGHS%f&)>u|$1 zXSO+7SJny%K4&J=vCh&5Hdm}#8o;o3>0)MKwN**d9+7qx$zoVC+)%c`|1Q(znJ=G- zvG*{;qoco&V>$haj)9lSf#RG-1_Yra6dKT}l;p9}W$iKzoU287<%0v4Bm2)EZYjj3 zhJ^|fkBV!O*s0htnttOWM!2);1|%2KY1=g-E{;De1>#BzNPttroURHeM5d;um{A+L zsT!?Y1kU?eehj|wZwX$nfw*Yd!leIL0|8BY^<%(#79oNV3&_xXNSjCzyI}W3SbftCaX<3u2(vxF6n^f2Yrfx% zx6&>CBr)ILD(^+i$%&&H1Goj4B=KT z9-Hz=H~yo;|2Y3>&> zatyp>F&3aXt=SG$8PAa;Zm2yW>&=)S`*9jK#H#l2i0Pm%653|xGNR(7w>xxcoEUYs zxUJJgb%BfAXb;9lHbIsspZLt=g|1#=yd%v8*mgz7o((_GK7K{Xv$k6yDl^ZiR*M|H#QT?tw3raehn6}ogB za4D&M))whEalgq;aES&p_&b_X$GVk%;E(@p9vtTVwKQ{B=PWo{pUr5vqHdV&68yy^ zlo#JS-O=2|jI6NGw(1`5N-gM*ZuhQo3sZxdjFuOkc(f zhTy`=3itB)?Q_25QyV?&fe|9p=Yit%uf_(E0y_&(jx0z2et%e>swm*hKvf4x;tb|q z@#y&8Lif$@&GIqoGa%s|`f3pygjd9*@6>kvtA9i{qDq5@m-n!(<1H{{3Me(2o2A>&O$%fuxbVt8e-UH;bH*t{bZVJ8 zAVCb3(+JB{9@I1|s}vb2i0p9hzLLH&x?w-m--EuwUq`w|Mm3CEufo?0%mO zGOAGh=q2L*c z09R|Am1F9#^6}6=+Yu^0YiU{8Xqh7xNW(D-8e1r0Cq;I#9V`Us#WC{!z?;XQA2;=3)X^@Nc?X zjh!Q(XzLw^be>N=65jfndo@SrV^r7WHnu+TG5mXu&sV+In^0Id(r6YF;oxTDcX0); zw-Tin{nN9)c63e+ieC9}XL*n({610jq^HSL?`_8A&Trs8b=V*Ts;)7(0d-PO`4pkR z%MRiVp;h*vsXLX=0kFe3f*>#vrjH_yVL; zx0{NL(hGBeeeM8Q+?$bKieJ-R5#5^a%(uQdp8v|KAr-tHggkcY4z*RR0z`Ygec?Ye zV%-|Xp=&Bc#h_EAT-)=15pW>+42FMbKQ~PmH&LB_frXHq9db7Phafna+;3u%ufx!U z?<(vp0Q}H|uh*nwt{uc56ZY&Z{>2kS)v)suIDYxdZ;7CXX7m1De6HVna^I(4I_s}l z2{gUbWI_JNUH?v+3mNnah+--&?=c?rD>MKYXDEzi$~R_KmfdodcUFt4;^QzokEMe@ zUrr}y`t`dUEzM1GTXk`tjur#)K$)y6S+gX2F-lb+AVan00%oa_oPZ0!1+i}s)B*Oa zQWtME7cgN{H49gz-TUeI4X{=s838uj86DdN&L%`!i9<+Wpk76+Ilt*lQMmLT*GF9P z36l#j4SXR_*N&=H_Y7zF=-(q}lFDPy*a^d{YNo6Dhs-v4!jE?L5N=lPY<2qRTb-eG zSEHWQ-#0hQD%N6bLyb0_t}YiaB>5z2oyM}(7e04D2hnghwGr^rE&kyaW~qU$djVFm zU%2}H(@D48%o-oU;|KF_y`_+Tj<}~7SDurVIa>0sE|H4h%08K$7u%%}?qf{~z(0C3 zXFcbx`r9%xG4PV#k&D^>M}7AFf|^|&P?mLf);zjJN!GhWJj$M0IP@Sqbh#*M=100; zy8@5gH91m=%D7l%L~+lWkKr4@VfMNPk;7LCA1M_Jbe>rbd8`B`xg^EcXL(-5=+Un~ zlb_Bpw$%A!PB|+_Q(`ZL7?et;=b}k3NH4}Y`-G=T5M@(rbyxK?=rW{j+sGdBZAKBS z^;R}}5xdm1nY(tp>Y7L<&jF)U-km8T!4+c|3HkzQZZm$i0oO6cqYt*o9Aox{~Q78t`;QYdKnThvrB(W^WE z++ia=|KDcI$%7n`?y0WzgC}#;eNJX-<$K!CUOm+wH=Eq6V*Eb;y73SC!tHmqx8M8d zm?S0=#b6O>vH0E&&w-#)Uf!@AipQEKY05T;c>G~&eS$&tG$|~0Zq3MW6~oV{n$e*I|n8;DLGoVc!3~8EDNZ;0W1b+pJkgx z%!a`FR0%~c1{KaNVwkBdQXDxI6kq3YyPpMSI8&)z41F%To8-yqO>HDK3!oUQ=8z^k z5D5Y`)#YoaHN`fOZI!V4k>j;7L2Q&0Aevhs0UsvF+Npi8CXlSK6{^P~hJvJax>KZ) zIvuZgdXWKjQSr++7XW$X0$arD`f5{7`$L_b&=(j!bVU;|N|n0Eiiuq59cK~5c^uS~ zus5|vj}SxhaP&>(h-)FShAfy|fj!n;8F%S$jvxJCpC>SYwdti1pt=d7?>RhSR)9FL zkj@#mP}Q>w;u3Gi51L1HmCU%V7r8&JkhG=W^s{syOx!|c%(+$tN?iPF*p-3vQ8(v$ zdgidck;}7>Vs~WBpY@92DT{O^t2Ze#T{wLmug?Bwy--cR)%oP`j{c#@Ue3g*BF)Sd zIGn=}WY6zvUp#g;pyhsdZHzw+?akM|m#C^sJSqBPLr3SHnJx(TS>9yr1p8A4-GyY| zOtB3-;E$|DPkItCOi5cW=AVUds)601W0cMKc5R(`XqFlp%bcuN_S+?hQljy|vbr>; zp@Ww>d#!O)xF_XUmDDB=SrC~A>bh)gW9E5`hCB@vnaJQ6l~&=)^VJp6*;w78QXl`3 zoE&Xx2U~B1tzrPPt?GCe>KqD3&mA%3EY>okP_|hpb1}YgE~jIJ4wlR=Eq8aw^9Pxq zYu4M^+M_}ez<8&e@8c-#_!(mN=SX=P<(%HclWvfXbFZ-?Xp?QRy$83XKXt3zMRewPIgceY;xUNM+?iM#cC|I=UP z*Llsp*7EE3x}vGgn|@K-eV+*#iUDHR^1auiZjfBs2V9%-xpEIblM1G3iQfZ%Q<}z9>*tB7GrjN8M6q zv~M0*+59{U82LoWvbAR&Y`XkL;|h7Ze8F95WV$kHtwqb<|L~Tb-AU>)4L~+GHy+t? zyW;AUTz~0Iw`M_e{mf4wiA3*b96elUHmB*qFUvA>|L3^Vll?Fq+Moq#4+@V}SaZ&288p1ly3Otg`-!M44Zt&$t7JN1~{?11lgqK;ZPk#GyAa|rUF zCzpcr<~u8|2){X+xK{=q6qj@F-FdB&kJve{y#X0V`wAVn{scZ#k1EUeeXzIP#8LU+ zPU0<}qTKL3I@}5O=kD(zvVp)_AE-810SQI41XbhVf?RnG}iyWdPk;m_AkwG zJIa?17tD?9U{gdXAK)A4W%c;a^N@~?2N#^;GvmntdO6hw(e*DRpLOyh@86e^%(DQ9 z%myajLOZe>$IP~!h@|OPiIGsXG%zL82J`;xw&~Yo^XI*nZ*y|{x9$G-VFS(Ij=mC0 zc9!_x_pLY(iX0~^3Zs;e#<6qAE*9aam0w-J=c=9R={DnI*Uag-)H$O7X9I6}1wN3g ziv@&c>FEhWaJr+}ige3x$kT@Mrd<{mwIMhTEFPl{{6RTm@+nqoK16iXCmxc$I zG}c!=x$rshN$EBeINU=iq=(32PXh(^#yan4OE;FLx;6=MkmhJ3hmyE!qERh(a8J0& zLhzqYYWmj~h9?GBLkCq~CRpwVHTmfFq5KC(`vqyC3)PgEbbHyN>EY3M*lfbIJ|DtO zd%Ebd=cQpJPuC?%pWEkzgGHu}BDjhZ#>OfwSQ~pR0UJAQ5T{$ia|&dDVQpc^_JVf2 zc{Za~WW!Y*YuGDnjVDK{t16Pm!11qsXzjQU21Sg z^t|DcE*nWgh@Q452FPJ-lQwkN-N1+L%TWNEa~ZFeUrfI4H9u+mUDt;Ocs7)!{n)!3 zRl5OdF7WKqGJ(PNi}W_n^6kpky3+Po=w!GN@`m$dr4&;HN;CgeC`IoO*vzVmP`(fo z?&LBs_WCmY>LBCJS|ll4+cH&)V-6%uSVv=2L0a9b-g8#V@lnTE&Z@-Fs%09Nd)G=X zx=E&u7#ZmP+AuXYt3axd-;oQR@qhZf=|6z>Dd_F5ZzK$!i>-|ZK6tT76e9ezR(d!D zKXgW4r#|(S&n=%ip2jwIvm~Pr{ax2rC@o|pFtBzx# z`=tC(;p;u++n3r)Tl2WvDb^c}}+0NQ((d&7B7TKH!K3E><&$^~ZhN=P^ z6)dw`+n{YV?Fni6K%kS8_ciO}m-pm%ab!s@%Z|L*?w<~~2WX1RW!p_(V&+FCR^r>ERv9;*~7 zYZ)8$KBj9U()=S4+9g2~2X6`BQmNG3MjIjdy`@*^@8^nNSzi0{M)u}= zosRussb*ntARm`6<3_QELGxS52AqtcZqR1HxglvZ6ZGR)9dES1a;UDjSJ;$5R0+$*O=isGjer+GbRML2=C$RQ}L8A0+Is zT+U_;Pal)t=z7qZCR>{MVS!jH{yMqB&Fk>nyA@e!SYwVM>tAH8;c^y};J zNks*t#d0(=A3nW_DkLHOAjSVIzbBERyv`sba*m92085hKh=sT`vo$P!qMU9fMfx&i zc6KgDWq=QTQeoGomTyN>>uwm*dLhmCl3mo zAMM49`BnOnJ)xAp3H=Kdy=L!o^cAs)kwUUOCjZ>49**Ij`NQb_!`0XiHsbStoV<6dGQ$@ zJkh65{z{DtX>u)kZCjD*FA{@#vq*iZPP(_!mGm%6GAU{bE`5V_cMO|bAnk`?Nc+;P zrD_GjgI{AEee&k{4*=;=q9U%#ccj@jL}*$~qg@eUsbLtkwYq>Y`eUTpsKnRO+_FhB;eFJvbL5wJ>h&ha z0gdpsu!fJkzBXTw&saX(1zG>8Qe!@ptAK7t7tPJAx$$5o!{&Fpq=!p zm06QU+KrNdM2EYF5A97uW8R$G+fH|Ny#m}U==N#X-xun??2YDe z&id6-7=luDQP-Oi;zaw4Ijah1yG6YoNX(t$2QO%+p=e1p#5$)!Bj6@AR zKx)Ab5Gz1CZ}gLz<0@PvVU{Y`CDI}3Zm2F@vpBjD?I0Nj#qO*X7lksdyZC!8l~jqI zLpQS_ga@OO&29#J&P#z)=+TO!S=b`BK|aIUvbjADO^}eT$-a~oOr;(#)FT# zupXY^1CMfXspSFw_F1W3CouAlB_u!oJEc8_ix-;ySjKxT2l=Bt3!Z*Che$)|2`0%I z2DwZhuExA5Jpw+TZBm5DpBV%rbwxV+;+*bf>Z=G!)l8~^Ad!Rh^5lcmMl=%Cbu&|Y zQ`gLM=uB3n<$Fffjt>_!!@YB|^ zYdEx+@o(q!IwHE`!EARfahdV_a@>zi+7HgRBo}I@KLyhy@=lng?x?m=DN}b|6jYd? z%gV~jE6X^}ar1PB?(uEvh-Hz^>ClnPjAw*)%YTo5n5tP2?gh@sB{Cy}s}Cusnbz`G zZ*%V7v+~!_S~!&pEK69NTR@a+W}x;Wp03N}T)-v>tWU0Nc)uwAH{tAH)P=N@Q`w`4 zO2214kg0xs&e(f=dX!I&v~q8qq|r4iqwotlt`K2futvs7&EmRo$a|(>ZC2hZRBD#5 zL8V&%%`&aHxHrhM(Hxtgzrxb8)pIIoyexrpypuMVAd#T$pe_>siFVME)Cp@?GJA=pNYiZ&`Awg-&%W1U zhKQPPUhq3-s8eR;S0e*)-tlUmo$9m@Vp*rqFt zzrFpWs+C@+)X5hY3=Ex(BLZIw zwZKRsUF7f(iKgzD!fUTgpYeE)C8emg9ws%M5}Kb&S;zcIV17T%C)a<)?yTZ|C@|bk z^il3AK69rM(=gKWJV{&m-LapDGTaZ1fyxmeI95&vkEjUml@I6u2kob8qBjj5`H6lvuwW*@0S zB?$4mk1s=k%_aHyNp4F^XK!yo{g$rLC0uHf=j*L^Kc4(kY>9SiFxujqH_NV4U z<(F5uY#p9X-@_1b^NgXDdH{dGCvdM|pYGxLt6JerzgUPTW# zwHB)RA;;|18+&KfR-~lW`fPIk=gSZE4aaLeN1iqkWI4s37PpA|X6|glsC-qkj|+Ml z;9_nfjPS6bkz{L--11@WYfsPU%X+}=mu2jqrkxwr&rr*->ydANV%})j=Cf0CzffT0_oBqI-ocHJKNACY0|d6;;JfKx2+#G>R;WtPIc!N{5*6gs%HV#`vd6b-{Ep+ z(7K_TnPZz`38A*oTCdN2b<;RK^6RZ-&CVc}XiVhn=$&OX&P7$1*NDTI%0(S$)+2aj^vBbJW$%nOqc9#aAc(USz(n)-kky zlbTUc9N%0JScU0qD1=F?Vu6o1JcnLKU5?miL(gxN__ahf?*hJ7HwYj5UgA^vX1(2i zb~0olD(JBw-9v{O`4oB=&FGSic%cf7E*saMYk_?ftHU{IRLiIm_j&*ffC z{B4}TP5=)0;w?Io-)$9DbtJ?+Lek&aT=+=+29^2@&!Iy{g$}|T4v|ygRDMiB>LAF& z8{Gen&HX70JvqxmTgK?*XQdrN9l~I<8o`Q&{R|nhZ0C=fq(jd2v`yx73JB#+mvod4 zeRS>|fOcOhpUWKdwN63D^<*8g`16sycfh?3vZ^M=ll5ge?ra&s8Yo9leavt4K2*b> z3Pf0Bj89zr4e7V*9)cW3jO+u>?Rj;Oa*A)>TAFHT{PmG`u}8jLQ)P@VCo;k3Y>^vD zd*(F<7taa@m5Wkqh^=&ig{^Xm+PNY>Yb!Y$e_^`~SKAdA`6`80*Q>Z8p&9x#>LZQx3h#3bf_#x=gR$G_b3$;O*$eJV{?fJJ_R%&^WnKBFlE z%%hTSbdTp{sf7r$bsaqz>cPzUE!%M@lPaH)-?Q@?Gth?`AMn1Q_DW(Q(n^63jY>-39}Oa! zpV+#BR9JsP);@^3-r42uqWBi@JdbwGhN_pUeH6;?tTmG;~8YL%hWqh|uTOkTRm z3e#9v7tl~^L}rX)1#{;ft&RSQlbmLN)qIA8OQ5>`~~ zIM{hhB6Ui%_5^mhK+;YxPN-`hmb-7>UAVPY4u~R)YL{ z{*_Swu2cg6#8;PrM}D?``>b|UfcmP68hYqRx91w=i<=spWG zs1zFJS((tC$!b1leRMBqTE8F?r9MQq>h>X(pUb}AWNyA-E#2F$Bm`)LTbO}8{STH= zmx(R38~%sAoy!qrh5Mp&_b~65GR@F_NENtxVIE@4b8w}fU5!`XpPuz+xL zzWRWLL80V`o#bzGi-OigKz2=n4kByF%N|UX^MXF7Mru-=+F~bJ24De%CAI3mm6eD+ z_{yW{e1AFwHCP;uu{!&@*2AXIwG!BzDfb37i^@W$yKc>Vn8@zLi~$`sYxBC&IH&+t zL&dXI?@Mxf(*s0%+$0QUh3Nn>R3Gz|0v1#y-u?mR9(&Wrz7V_PhrF+#ve$${R~798HJUg7q#v$9Luoc8-~E)%gHwQF1ctIT;)W23f~;?SArRV zYvXC-b2yb78*uwubpDZph5sEDmD4T8m<5BVOO`34ox@9FvO>5WDKDP^sy+k%XMSin zwlV#WX~tgot^z8Ed`iX%bwX;h$_kDlh^_}b7;4@ZhG71nZUHqKbnTpl;xXERkomo4CuXzExqvSC?ee2zfXBt~ z8^GzOw4-o6&(}Grd~bAuXVOBNUzUvdPYLz| zyt}-N=Pp~{DueI=!6yEvx|sI`T9Khk34kZo@$b~>Ty`MOmqspVC8zn@3?Z`uZnK6f z?zi|io^KC#fmN-%{?d?jUx7NYo9vRJ7zWLq_g5qx#QbbB+201jSFD!Lax(+V##vtI zX)~m1?ufPTgPZP=cO5NmW<|a@o8WxTh!L!ZT*lLAHbg#yA1d!posjQaJ&;c!+C*v={9+IB5=W!0-n#JdNITE4Cd3NE6bCw-Ldx=_9f-_n_m(y zozW=C=v}gW`W&68F~r`dP{348Se2Pt$~e}0m6STQzlW4K*ri2D{wKR5KhYzh-t+!p z7wk4h>y5l(^mll0Z1tD>CDpTx!ZirabpfIBD`&-3^_TTnP zP#!HkM)4bh5AjT1QX=-n;Vx|0rD=vreb9PnfT!)Anq%IqswlYjzhHwx`o)PQe`-P$ zF(aNZn~Qm~;CiP6!k2@uPet7*_?+lkGUEi3H0@GOcm#|*;%jgF$I3+sqPA@0em{>Y zZHQrc1h%ys+JQh>DHgjN=r=1oY^*BnOw)91>R|J_;)W!jOw5gm8ku8t2)`ZGy|f&j z)6I*ICp^*&o|5cr`;DRfG;X}&EofbsJyB?w1@Q30UOsdx@+@rh%-=(j&ZRS1X4er_ z#TqK@!?e=GLO`!DC{o2?|4@1GUDHk}zp5U1aH0k8?{~x?W#FFgKg+BkBT{}MCv|$* z_I{s7Am;f&(*9W@K0rgsyVCF9^ZcB!oK2?dI{L!yA!gu0#R603yKW$CxH7N8N91{l z(1DAv(0s_r`*rYVUAW^y=0>zz2)}zj&yM*zwEua1*-qU^ zX1Vz&y(#)!>(GP$ttECRzUj=j-_AY1YcAlL2D5}HW%gzd0vq~tc9abe>C5=6l{hVV zG$bKfUNqG|hf*eSx+PNPqzw`!shl$`+FRnWNb|mmWUj|dg}yt21mi>kPCref()@`HbxY;eo~ zi2w&_+SOAq(fuX>d7mmuGn&m;fY}iKw-@8e?AW^t8A`eln&*)QRj>eRz+t%29CO^> zQMPpc2=aq7g?8%dk;_c;GZtpud{0G6LS`j!tcp#9gb(sWunX)XO4NQAX!QXdUuEBk zmAO`C*Pyxssks@~rxbm;eeiXgGsP7ES2~C4)3N2F>@f68=f5|(xE%3PMA{tY&{C-C zxDiT6^)m(jw-Ky=j5smK&|hQjqls^Svh!+~YLQj5V?iwy+>8`QPogrhUD0;_IO)Kf z6)D5oJ{DbYW_w9V*pZylx;#-Tt1NUiq`{w}6}kX{Je^oc7@n&%;I-(?JaTjeltN$l zozeWVB9rvjL%zg2^wL7Z45<_VQ99oCaOHdbp$i&UcSiWn*2gU~N8{S2Sw>}N9&VMs zzoJCOtdb*?_D2ZvmI!XXE)GqjGiR{VG@F&~7(`+2u0t(l6|=+NA(g{t4oY2sIok~=!%n{hdw*RdT;pbQ7Ljr~D49gnj5GTNI zkH^O-eCRMqRCtkr0wV=%fergvFk}sh2*iIz`}05TJUQO&oaA{de{DSV_+r&}?CY;u z@-;;HCUmSgs9yLI@RCG%teSkO0A6+|-xEI^KG@Uu8CFBfO5cCE!L|7A;uGe?`a?gz zSDS4MUXKR&gqdm!`=Aa>Lnf@f8W@vDyE@qI#56YgXa}~hfu8@xxH$0TjXLKhdeN%Q ze$qv&UMlm)MEYm^4tAopCy*&Es4jfg`V&YUC=lLHz{g1OQ2>~<~J0^hJO8YU>L^~W!XlLn{vF&abX2c3x z8Z6CaLS&VXqbB`8goNV|r6S8`byD^@gvulVR=*>smrJ7h%dD$n{BMb(sCQHRbb=tZbR(m^;p0&f%2?^M75 zrxI_(gvww&?X4_K07=zOq(ar^S z9IA4sW6X`c({#4<=Sy0a?Vme-k&mMC!0fvdSB>T$VOh2>5T8_C6{CtpM>@lU686{f zZxhC!dii(a47RLE$bP2C{xBHe-|PsChRAB#h*WArZ={7q)$sJ(jUWqv^@g5JoS<*c2@+v3$_NZ`#7f=Mpmga<364rOU~`y6Z<7A?7xP z@hq3-_B?va^|(`U~CD34?{;$k^BxINU%Z7f2L*NFFvck5c-fR6dUuMa9#*LE|{ z4s=+r9;Qb2UWpkFGkpaeQU3O1ej^rs@0-eg38%Qz66IYV-v{5n(nznXHcJBR84L5n z1Js3JqyD;rxXOl$DldC;sv6w-heMC5bCTF?#XqLEY#vFc`)_S21%WH?+PIDE(#Be< zt(G!zB$RH|mJ+~cKW_vQL`=FhT2t*2z|%Vv->BQS`x%|M%F5$3+7^I_@U~t@%rw+A zy+iIum3-52x4%=%D=rX2n4fg~IE7)8ti{2QrcS3}}^~u_10t@?d*Z@RVeu ztWrqmPWeb?5sb!(=|igdmjU*D&m6NsiqdVPP`~D6c7RXb|K^GFDV5a%VNu>!IWclf zEhNI2MU>KIW&(>SQ%WI%jupb{?5t=rjKz*w#yppis*MilFG25nuLAt(-beiAPhFzF z2V6f>!fG?g8&UbcE(WvE)H7l4^nG0BbU7WV5u>UERewTrh z{k{Kh`LjH9oVl6Dx02J|Dk*D{m4+wW=!dw~?@Q*FgZ@zcs>U)|EKB~^7Bh@kwK5oC zienmD6k}MmENEF}W-}x6CE-x|Wqm}|V;j=*d>I*zH9vAXq@21OF~&I#G;1@3oYcR2 zqHtG(&bfc7&Kz{yn-OHmgicv0f|y`hidRgp*2`fY)BI0^ENa$TS!PBu%wa6bJP#v| zIA}O@(z}h~Czqg})%VruQGC+%N?&eow0-A9Pu|qOJUmIpJ#TJCYHX?W6Zz#`-Ptju zWry8rL*&Qa$EM!I!Cjw&l_>UM9o30_<-y9S(3yWC)%{HfcxQe*29jnmT%jUqLkGq2 zO;3pM;Ur1g9+KV>%aO|`0UpxNsWo1wyNEr+!{DE4wf8=ggyV{FUS{QKOxNJWaO)j3 z%_mgsWHzoAE9$hKF6T=(amJI2g~7wY2YE$}JFuKX56D_fDXTK2VT)8S!7!52ETyQs zV`Z=~T((##NiLGiM;92&nVn8KS2X0btXab@8COoU@MYn}eG}CmxFBo3zH#xKtei83Osz{SW)mhcXZ-57f2`p<4)~Pg zGN0sd=Xm(B?e+4Dv}m>&-JsKm~r=%>QB)0@p=kZ(u0%beNPLc z>opz;=$5GB`WY)U`yNgy_Rkr>?ssuhte-xrUppxAGmf>#)c2gHg@_v=_g3!IoM~5* z!aFs1wHKAI%+LGAsP#M?lwNF<^%|7Min(vika@B_*;BJC^DL_4!1pEg)H^RHwZ(cc zon%ANrF&T(mZM?qvOF?h1XB~(Y4aE!#+1x_9>kZ=Ugu>$sTtB#3Q(U!BwBJ|JU08L z#AMiD^)Z>N(&6C6(=)m`#y>MW*!3nW=du&m5`BX#H?7m+@Ui?8kpHBYVx21lz_hph za))w>iM$)mV^PN&2QepTjr8pvL(2P8!Qec2JTj4#jLe}$Ni#}3BtKP3Jj6W7 z@3{7RC$a1v-p8{;xb>Wq>vVY6jXYVb)VxDe6WbS)NsVZ|se4|tyZe1lfd9I$rT8C$ z=j4=9U^J9^_PKY2m`IJZW@cx8{w~s5SdEpM58lob5@RD*l(=z*aeDrkzES9^J3J+L z6AUbvOvXus##F_Y8Iv&>n5|f=ZMLdeSga;kO=?VnV$GV!|L1o}eqI91?SE5=E&ho9 z_x3Yi%jXLJYke|~RDzJLRCKkZG-Z5>|20jSNtOuAwj`4hL#KF-vbfTO)+ExHBw=ui zI#A+gb}O@~98t$Bl<&mg#gtA>2*oz0TT9He%WbWx(=05*D@odzD5iy_G`DURX|9&R zhYVR)4(QJ}j*V{ToBGMv=c6ZUO}I%Ebab?Gib=sqs8hKxQdyRGGRlytB_yJj>4G%g zlyI_UrGGe5$l8QiMILn@?ox`9Vn*S^%AQhrPbMWi+2XLNHp+8?)@~g%1m;d4?Np{+PU z92rg=FvOHak}UG6HQlo7+01aV0tMx3FVKgvlnoGC@LNTZxdnJI$Scse?r zF_(84#gR1rM@zHTcT*3;)21ZltYd3tn3INu&XYKwh2@s$+Ky7pmbMF2;e#!$Oqgkn zsZBIe&7`u=p)iSQM54u#S}G?4F&biJB#Dz|q`*xXdoWv;n@q_z#U@ovB+TMwaHqnX zP|Is6LfbVh@f~f_@fkx5@T@pxP7I`&%Oxbh)ME&nDj;17nnZJig$^Puhe&pvl98uQmUN`rouAnaAs9*Y*-=ktCrGTRX-Y$xYdVKl z4%L45tUt211IVNC)O&qU|Hms~YSObbYBV(#U}i#QS(Tb>u(F#4RaugHC3QV*1~9V9 zdN{a_YPe$1)L6?u!t-W6BLsaic*ns02gH4#uVq(6!Nuw_7(Z!4d6H!HC{Ia3ihRk6 zh@oYcWrra;SYNoYf3TnKBl0A7gp3jrB>%9H+K;Y3RCwctGbDCM?L+eE2&Dao{?GlJ z@8196iVDdxn$HhhR)`T-fBXZgs;;a5|NsC0|NsC0|Nr|8Pxrmxd&bw@&K2G3mfhj& z-uKq?UoNk^n>Z*BN2GVR-MuS(F|x09bY8%Fy6i5U?(P+RA33kKscae6%WxCjW_oB} zcPd0m$lq-}9*%C^uJ<_eLbPR?&uk){mouG>UpIZmb>qIJv%K)vX4XV^o4(mC9^5s`sWw(RYXW$rs=G0E~hcE-Ky zuA6;wx371EJ>Bc)eXb%Tl2NvO=i7Ph%e>Cr-uBk-Hj6$lUGnXHLW89&+i~3P-Q8WD zcJCVQ`A?pGecyezuI=UTwl?P)?#;Qmi%sASZ!d8uZrNJ%{dv$xm5dgF~&)4QFwy4Bvdc~o)Ff{J{a zYVVPEd*4c)`_*AuJ?`8z`$pq0dbd}s_uoC-=9i7L&;~2p%ddNORsrtYxnpk8KqbGiS6$7_k8cWK5o;QIo=vx z1E5{gemPOp*~$}$^CqiGp7pa2GdR7nITf(eMxpdp~1LIO0z!k&hy_Wgyo(8P5+6k=q1YzZh!q`<_PdOj<^3BDPQl8&>={B12%$TpdJkm zXSC=npDO_IbQ=MKLg{*dI*y-bg#}b7IxdIYQ$)|R>*eCCSqll+PHIZD_)3bW{ScLnJJ&y7H#$)Bo^#p16b`tZ;Vm7ELuP9U$mJ-!;0`c)pg_rDL;nj_FIrHr|%1k@d^vCalaU8!f@v3&)5;d1n0(<^xMx_|GbZ&OR?Vl5(50mggwr}bZ z`C;ib`ZRk_Ot}wxqi%*c<4r&C)0?gB=j)z@uU*LF6B5dbRjf==1T_Q~EWh4$r_*Cf z8lqT;A|fnFNO$n|u7CH&ySbNqn%bpJ!+aOg2_ydaF8Nl#N=3DY$@rEv7`hbCe&xk}1aEP6)@5kp*Ep@5LyWOQZUi#}BkKt!2S2@o2vG6yZ zy_hzL!KWJb(zlzDr#kBIIG8KptlK!4bMaDp$hU+-qrBZE^yQQGKWj(sk89tMw;t=A z?bYuWYIQpwBT_z&|2-$N!%IEeb$8=%*!6bf+iKQgn@=LiHO&K)zb!^lP1&;jsbOJ| zK6A1_oH*)2f_U2N^r@rt zx-uM+wYRDt3K_vXEUvE73QSPQq@a@XpoE zI>sTPHkuI&37ko~Z}P%>JK)^Y6)Qr7@Vk&%3V9jCTR)FVd1!h{cyvAFw5De)7$AAv`TlS8rg^e;?Bdpo6XzS% zkq!_cH%D3OF~VXp&`RhwBYu-&6O(Y6AT&A3WfhAX(;nkGIiO&9w{j?*yL{gvopSr! z#lI9Z2^|Wsu~?8D^}7({XgDDai^dP27SW_NtrQPs>*hC}n8V)tagMJx@yCBx4UKJy z2jf#}Clw?g!I1o#gWVfJvR=`mI}Y5tK5r(o5%<%xe$5=MTWs%$>vzu8Y{&J8Q2HJ; z7{lZmvXbznsSsbasCN2`K59N^qBfOf9U!ghU;2 z^k~|oA0!{?TG}fx(vuJTe|;(K9+K(PA-4)NPr>?D7<~pP)DT=k5aGbuY^;TdLIi_K z7LY3}KZfr;Tg%foGp2sN1 zzd~SyAnZAwqKp6X(kZY)Xh9B)orM}$=IiK^i3Bv9saCPESiu|+A<~W_tYNHQl_%qER~CYZ{`2j#!$lRpG# z87v>DA$Q~$GKPHh>Ui|Qdzc$S^h6_MC?TMRfwb8PF!4%{$kE~Ejg8R+RcXj4ZvaU%?Hg^ZiFML2%73#_tuLdgf1q2X}RC+twTVjURZIWnN@=#vIhjpJ3!?hcO zVx+_pFs`c28AaZS;z7hh*+0rOmw*~$V?UYxORm%L|Agr8N4MU6T{?0ICG&!KWkoRC*!3&a*z||0XzUtm;|BD6;|Dg+x6vnc)qWs zL_-8_*uaeyghJMAjbdf^j+>CMV*t?$l=iSdiQAug)oao=XlpqHKoZSC`~B85Dl6?; z`{)yzU)Pq4nFo;H&!?dS&UPw6PQrbN5(fzc+Sq_kG88ESco16s5Ke{6?^f}kz?n$T zx&T`?d>a=9=SG1kPj6F#S_vjpo-^^yX@>a-Q@WvM#DYVy2AeZhg_#zvxuzgPUmUOO zAlU3WIU**(2#c`_ZJRHsU{S_;SA;JqT4f}GQ2?Y-axY{;Z?DDNYE~T1Gov+@&^eYk zb%#Kf3j1rzRMg}N(3*xHQQ(i3IUPhQZnQ=jiPOcB`$Gzg?mjw+iLO0gwcWOz7DRR> zLr`s|pAH=E+*mysIyBTo=>`}=%976rG~H^u`~3AfI^8uB=YyQt_B7NoxbfYiPu+>a z&puyq8#WH;##+iIkX9WD^%yUEkNl%S2)2NoJgNqSbM&Wymt~v~K7{UD^p_LV<8cWh zssLDasb6XY{G2a=-1?hr9ctBtD%gv|nR#s8oE^d#JQ=W~eK4KLxx-^Wxa~dXfyQ}v z*}ZJ(i9L!qgRVf*o2-62KHU-5bizvKDI{1ew|1SnnSzPKHPR1n=4Ftv+mk?S*{nYNup9!*&`i!kkCD77V-ykCnwCh$8N+qCG5TOdi`a1 zFJ8mnByS1*sB{%!1IDL1s<|5=RZR^0jz*a%Kxv9CHXWNPe(JQp#?u&HP#v z&*UkUP&ME>2JWG6d69z#5$1t(4Ej8pbkQ`zr_9;C+6-4s9XW!@@_S4*R2>j5Vt`F4 z!9hqsnUJooeb3ZL+!Cl4GfFs8s)I(Jf>10J1lEMMR2>coH7xCQ42NCw3f$5*C{!6H zcr$3y&QrAy3+Pzc;|B;jRF2Als66d@1jFE%tny4JLU8{RqzOtDnkG;sXCR2&?V~`0 zmNBu&$phozvYcGtY!u)V*JL}X!Uryf#KWowBElSoP$9I*+TdQ($UXz9gB~|N2J^nt zCv6PnAt99Rcbc8U)PZvtdDIh^ z1yJm;r+Mu=v5^K2z~g|{9TX@Oxt~gqpnHT4q6dh9KtVacybJ$?<0L(-juC+-7duM^ zhz11rkZIG081d61WUm=oErDENJ#%^VZtqUNKfeifCE3ZsO#o_xKEe$_`DKKQc|@;F zru=44dS_35UV=%*ARj^!a7;`}h~!(CA?MoFgIyrT0!$&f0CeUV$1+3WS)joO06my? zH79UbN^@$_`w;ArF@Vm<@TGh^y$u2A8Txm|Bm(V-ao2&tqGf36evpI~6deNwY>i`N zjg~J|qsXRkYf-kDBldOoj}Hp{;?m%i3>H)#6g*I+Lt#P!y9XT>Fxg${b zIgFhKB^1m_@xw^dNmT|}oYqibRxG~Gacsk6ixArm`g=qd&*(b{F97H1?s~;R^ai*c zMGEUqs4sb7M5G>&2w8zE0&l_e8^P#pxZux=b93LokmJzqX*-OAYX&}))I>3*XJqJP zL^OGrO9!)K=<{S##gWp~JCcn_nV~pkX#%E-84A>dV}Qi zImUG4{(hgOYB6hj-bv2zf~os2DLK zb_uEJ!7~bvxr21V1yH`P-RVc67M2hf#uv)C4S+ZRtrgc!>KuoRV)A+?%#0q39<8LS z+1z~J4x7c%5WxVbK4^$w2~q+UAM*;y)*jNt1vy#UdF(bY89)%gdLV8o7eZt|U&%(| zR|E1B^?_-RLfJm219T!hmFa$Eo{~UuqpkXl0s{?N+uW7HnP&U@{m#q8&WXRyr&DFA zN>`LbKSA}p&mKDZ&}&8@yB5z?Hdu&uh(ZI{5NTt#*v5<}6k(%PMziy4)6b;nh=+Ai5Z9ntHU&>mR{?N{<;)S= zd(s$KjY@-mqD;#w!fKVALtygHYbIn^DuU#Q84)1~pm`@yRlJaCx^QxB5Oqj27qWuN@Kg%?rCik9<&f`3^}An*$)N$=(A=0y_<(--oKO1~eJQ z0i!7s>lO#B`&Qb%?hGv)M;bLb+Ar230@z1r(m!U=!7+VEGDyO7*J|ayn?_yJW0tmn zeL?OHn@2r^^v;L>*!P+mu!>ZYbt)eM$cJM=B?5#I?|(24JkFRslRhiBStkS%w>|J=*chDl@}O( zgvmzpikm2SF;({5Vtp_UD0N#m?>$JA_F_blQ` z@#+&JQ`wPvdXrG1JBDb{QEzdm5F-T3GJ^{PHhT!CsD`{39CS%Zi+aGmv|u4;1&qTK zE7;g@m>Ti9n0r(q%PG>)DorAP(CYb|F|x<5e?jp*Ji2i~HI@VYF{NDe_*@tlOKAS1JW96esmYb4f zKz4R^Fcfl%ky+$wAiEHA9~{KS=WtM@Rl!PBhu$!njn=U}_h&e7{C)3CUn5^E?{+dr z`2-&)iV}hvWtgGzSlm##)&po@DIDq6Bh@!Nbxr$VK0{wilfV&dPk`G3>$>3n4bLy_DG+5zGn#$87IiV4oy@p++A0}RZaN~6Ql z^qTL_6KkmTmXE<_K_L1y&jZU3Q=u3EphF9Xfl5C&`0IQ7+9d4lcha@&j(e_C;D|DR zpP92iWc{#5xm41$&58x^ehQMZrvbL%9gL6ZcoO}mXithgCqe-(BnlmZ9imE|wxF0Q zcMu886NenjaoF; zKtly@2JalrgOH)iZZgYI+;#%2#&khJ9My+C4`IyJ2gadIMqMTG`u$}uV&=u*Ccu|0 zRq=t~8uVQ>MB)(+vE2sD&3W@N%T0r5VgnQc*(M{1>IuG1ATxo7%^`l=bL94!K8~lo zv0FEo$!xx6CwiMJ)L`zv6zU#mjDL++}dIdp06245?FhKx0Q0tt&rtIwho?- zXJi#JI-4B|l2qI+>#)hos0PDO3*xbxR)?IN?P8KjIEeZgp>R;WHK6uMzkjkHB4))P{kb{_0KkWL<_To7--HNIC%%Rmiv4hw4wx|GOo~u1R+F%q%L4S1ZtZMY9FU(4CYIG=2VBCWz zxsxXj2ZNc&Do$Q*hc+SQQ`%6D&tujEdAV=!pI+PJT_c>#L<*2Xsu2+ey&bLe?KSmV z8D8Cn+R51LjC=c(x_(WDHCnFnE5wDIvu zl|)~+q;V~^qiAs+k+e*qv`Q*QdI(nRk~i@o`uuEITi7%GJid`p@<9|tFu=CjC#kWf zsaXtLOWlP|_c&*>Jk@ESIe~))BDZZHGq|G*2LLqFLr+*n%rKlz)6RX#lb#a0-{Sa& z8H}A6DPD;5IU?mlLGw_H8KO26Wh;a;7`j79kplT*5J90n8=-1|mBP>7R|z4#Zgo5? z6QrYMV@=+U)4`_g(wQ&0q>4hN0nI6u(89(V6H0+X;+uANm%(C58B{|6m>mfcjrfZc zKxqS;C}{&t8(xMHvIq#JsG1iQ9V$}&;GmPr-muy@<%5GaF21>lS$uNI4xm}JM<$Yn{Z{`X9!t~$5ve!D1ng2 z!fKaEs2Tei6JI1nHYfePcCY~&3kB#$B2H4=0HAd5dQ!wE2K44?P{_Es_8(}JAw0Bm zDi?1KbYe6ozqe};&AYLNyYQchzt#Dxy8D@ptc9;PZobBG#!senL(h&LYHA?$fuWh+ zH6NgoTxt!?GoZpJW8H+HEu=`%`n$R$e~Flr4?a~#=R|(=Yu$KrzCY3v4NUU5X>MrE zv1n>(?BU8dL8reBe!<5#k3i<}>^2R@Z4p${jCFRL-5$h5HfD}fN)kyV$pqI4sMO8B z4|rU&S+j&h6<)geuam{FG+Q(a>}5ALP`q8R&2}Qa@~g^{bwQH0@^fb8hh>WEuxh z(369i2kM5qZt8}IyrLT2sSTiko(ygavI$%os9Eh7*D90?H&mPimGc*>_J2kWLMAyAo>2}>iS z+!jiUlqvG`%M%($NqdAu^uVM*B4i2|1cO6B*wV&CzHl9NY@8dSZUh8z|9`o})5@MY z;WWdf!mK^77q!#TTyTRTG&;>K(7&vV`YA~EN6f^p-pG_{>={DU=sC22WwOx$WYp=?FtMKP8a0&OA zC)woD0^gPbKZn{Bo{Kv9u*Z+4p^%$S#-)h*&znOK#fy|o*1{k-y~{6pdj0oHugM&^ zCq7JHu#59KUa{e}AVx9hv207zxZwbFAI1uh5Xy763TTPrnrWE>8XXWfBLwYO$Sf>^ zE(DsIl(fc0pcu;1uAW%UalYG0i3yveLq0Qv$ zDkCoG`LT%8iB&k3VW&dl1r6J)9-B{ycvnTV|9;6ZR6}GdlZP7u6~SzVJ9IX_wy-r9 zEr+19$4H+?#&MC^#P*fbQ-d+l>}z^}o%xU?pINO7{*zz(nVcI3z`4_7yMvMfAxy+P zIAjYWUFbn1z1g%NgVjU4soQ?UF}jEjd9<1=uqJ(jLI;sU=IbieLl6&}4sY6~gb%DQ z3}w`7m8ZTFbRo)IAsvYyK3EB`LX|RmPv|%Qk=mkm8SMvQ6oTStSSbja!UhSdUdzag z2vhU-7~@3>Ka`mJrqgZzSFGW`ztuB_)xJ8yprc5`{7zae9Y{Gm_s=_hLU|HmBFdYI zy>M&SN(mtPT$pG4lwnk4)}H zGbAy~w}TCD*3ELmxpDp`8xs|mAppfDFGbF&Bp*Q_i4(Y;dHsjOF%TTA7rO_%u?2Bk zcY{16F(s%uK$~!AK|ndDi^tJgfR8_uyE{FO^2dWgLY9bzns{2Pu^&7cYV>)7_beKK zT?i0}+EaJJpHwVuZNQ%XbzFi7Anh{msD&jScvK`qaWlx~InHr&-VEd+Sx}DSmW^|t zEj$`^zVGmR_4Qv#!a~mL=%dn|$Ee<5@guR9t{x?_TC*;g|IHE10>5_+Fh~r22VvGNJ5~ zqF~<*JFz4bW(~1Gg2b3J!SPjf7DGJ!*OSQ%j7-SPxn!EKdQ@kgPhfXq7E(MTcU1Lc z9vFU~c=piczPp;zm2GJ8B%2r6gM-skLdkVJ)jrzAhj(0lqqD=KXT`+wo(sNVT=4Ku zqDJKWsH8J~77&AcHGqGE z1Z+X$2`mvZ7;P}g@5nI|b#6zLHXg0y#Y|5`t@~5;aOmY73(v27yOu$0M3%%t*$}c$ z=?XHsF*uiBJva5aUBzIoT;Zp?>!YZloivpWs^MJ(BtnFOC4u>FhaG>rS*`68*Lg!6 zyYH!(WK&=wHH?crM9XV49?eb@ni$8wRw^I79ay2?e}2@Dwr>K5~sq+~2pZU9sUzhh2pGxmGB+ zf+H)V@O={8xEl`g5|&trC2#r;4g??>j%9mbdlt#+;~DhsFZLkY?%28cqXM00lv-i z@nz=P8iau=p!R!?#7*9Pr*J0&i9k^c(+#Ejiuiswnp+>5iQ{PsBj@IIDreSv4N4OB z>u4?2$*9*1hmX50BcXcTp2>%g40P_0zcWWeQU=uel|?83!LM?uSfEhI>nQMFqzwV< z;zGtw5K_^!8|}cC7Z&JDU4cX3Bv=M990W;)o+;-q5HSPT9|*J+!$JI=B!bs1UyaJYV?1eA;b@d3k({yY1b_PCh46NK4?LP$$4Un%tM<(xKQx zm564LF7RTQ>>}D$**mAJ6X@xXZ6(I(z90CTC6an^Jcr@aTDy=r!>};2K>FB!E&4asZ!YoX6YO%p{;o2uTlx!9BL_gTauQWPQA;@x4DLX<#x9 z7?IG7?OF4f$*cBMLYuWR4{QnWE?u^VT5Qr;f^o25YgdggL1s2~n6YWV0W!UxU!k!-v1ap}uyOSTz{P z-zFhYhJ&Q3&YBy+-7sA0L?X z`phw>qoK&5nG8E_$(GeC6`GUNIUGY$E3ApHP(zs-K^N}}(yrsbR zhP9}cnKa00M__^Zx&C7R67M3#_uP{i_X(1O$v>F?L%K)d7)k9g8#?2AeD-Na%&FZv z6R*yX0&yuEyA;z_qvh;&_PxBMI-|Nh_HeGKf>(rvoqeAfzEu7zC0W~x&X2WEMLQ|k zd^tv4xP#p*qwwBgpc8#Z9k%Ih^c?yOFNEyyWD}&_2I1Xz6<+Bv@*f6)7oH3GBPQjKs-`xi~#^DGet1 zj5k?<^OGn%=Z^gqvGG0|9K9S)8pFD7Vphk!_X??7CN#<8meBROWWKD&WUbe``93<5 zm}mENP|t+D%6MZL(4ddywE_6Z+CHEdeJ@i-;|`*zL+zDm8&(9g1cUwp3sQ8o*@zjU z%#>O#W(GulkRBM2vT(%+O)0AU2%$y6-VX`0?9VNDN#M-kvxriv0v4{U^&*4?lsE|) zp-4igC@V&>w)r&N!;{{QTenXxCMLFpVn6plCWFC1b@VL=Ua4RVM#`VrE(w@)O7&=_DXOKb}8^bj;mBCe)h$~%are3p4C|~2mA`GuQd_PBK z{$A!xt`TObjhL#Efu{A;f$O}OHtuLXkP|#ykv1$Q(3yRZyrXE2B#%Fz?%LVrX+mNu zCPHwCiMU`48QFpMnLhm^^Po7xudW?-0TT>AQeqAgRt19r3}vAi6FTEL8FxCGQ#i8u zODOhNA69ZJSG^)<8P%~5rk=NeZaN1I1n5 ze$4IX%lV($;jNd7e7W%3Y1ZDzf_XG|llqV2EDfv zs`FzZjL=B~Of5B42^5Q(D4y20=Vn5xsBtR&sA_(G2G17_7L1;iBHPH|?a|^NpZgn**Szd)5%`kH)hXBQQp_1-69tVS$ zVbtKrcYug$e^#+tlAt+jJ65h?CL6d_0l$I?j2W zsl7B)rutcBh_Pz+Vh5OO4JLI)k}}CR&`?X)-xyKv9z=;zsKF$Z2*d&1k!QI6E$;E5 zCnNNV{*I4FY!!=qloRn#pAnCqyJ-9{EwPPgXlfa7C%U43P6|j=h^GtJ0WZK)$ScJb zV}#}4^3#lJWftjXItQS2j}L+7cMYM&JRs$L{FyqQV8B%YjO)rMJ4wg3>qDz zo`uaE=ty)(Fi)AOV_WotvKlsE#RpAf(i`d1Vul^~iu7)iJ9jXUahsh~Mxbx>GkQRN zm~dA{S#BWcQ^tT%%e0}`90vv)>W+zs0#W#JVmT2Zc9BTl9t=)hfdLNfY(kdmu1&6u z4|CV&T2+VWzD_Xu>#v*K=^)`PfUuGQ(ed=XJ6%r9W_BI2P>X9K;SvZ`9*%Ofe28(L zO$LCShG(8hW(T~XBcie~=1~3NocVD-f0yD#P$P(2lc0Mfqd`-FAu||CrGKRqnvVyI zwCZj)rt{k+sI)s(rc{)?5Z+#a-`zta$t^*Yl0Z5`EGvkc5^b28v~3FdV&|4jkO|PN zzm1v3l?tucWUy+`%!Z52t7nv3LfRrU<5#t|CN! zr>VRmi`okyq3}&{#2xMo&U%N3=k_t^uhC zv#ITeh`|InGuFtUH(}39&Ey#M03aG#BYmT_WVPMGwrQY|vLHNw(w>|1OSTaK)^&1Z zQzi}>xkhpTpmC{RaMXxX!8K+BM*}pu%$~xerFBSDqM$V-1AjLk(;Q|nPKX3)YRf#t zhefoc)Nsu#VzXw=n^BnA#XZkXEZw<^vc^R*7qeSAvCj&5#56#W^XGNe%mXUOfWsA0 zxFZIJ4fZtlNXBkZ7TIOwUmui{3np!+(qu^Ru+URokv!J9#5-RAXyq82G4O^%r2WmL>h2TjH+VUkqxrsi#n zV%E2C9cW#*s$s+GcxlSrnd*HEcWWDYw9t2neDv3MmLS6ZVRxh9O5q)k1|6=^A{ZEh zub~biBakO6%K-Vj>BJ*3!G!333A9N*^Ofwpi?f1i`DG)T8n!KREdI%U&}& zbgU>e>Y|Y0seB*{1Nj&jtIWoi54V`ow`BTtHLmR)9em`oc=AH1>^OP47cM|&u%Ue{ zDa;^S9pw3s1mcCt=dJa`w*?S7UzM6@PGDfrn7Us4J1pW&nqE^Jh}e=yM4{~M9-+)>O5c77y}Uf}OD4$V)bO-zHKarlQ)s6E~SXk9WNkKhn5y$b|ZbHxRxR!L#Ki=Si!V3FnY|6>bM}- z>?L!ANCP?HgR`C)XzvP#XrUYm9L+#?6zV-vQ_50tY4T@%aB>@t z6N&_#Qcdh`Ow{fVc~w@7f;G4NE41g|hSp2q4qbfi%W`RYJU&D8&Y( zf>@jrtmKWwE3~LMPfe0`Yf5~eKn>73<)iu$>mAeYDt8v{?^Z4bl33aZuGpz>IL9u} zD&7X?sdRe@V2=)OF$@fLof=ut^ZL5=HVm>3<}wbGn{&Z2cx-3H=+K6F9L;GJWOjn& zg_;~4lCs~lx!h1Y7e3$R%qiZTFm8DdA_ArZwn~se!O+ai!N_KYGJBu0*#cH{LTw#< zxY>#{e=r+hS6p9NB;^LZyXEano?ute@WJkD=gzmTRB5)w2%Cvxmgjv(vX&sZF_*Kr zyjN_ysBCClI%TBy%;PwCe_1EyerLw=S^H0(OM5*Od?`&$xDdoiB``=gfZ&IkmRJPk zfKjo{c9GJ#TVm-H3_R%&Z|9W4g^ZDk<`=cK?V>^w%{;mJ-0SEJ2z~+;Gy`%?WRqTasK%83?1VvvP0av!=R#Ri`|Vp zan&RWZLR&DU3YMV9X!6}Ks|X$wljJ8_d92QF@)~{1`H6A`!j5gl2g<`Bgc-wPl*6q zK%~EzaoZ_4h9)BTeCsiyg(=CC&Lg(kt?`cr8R8@#BO}mbNd%GT!8V$rnv#+DiZz_l z*%87)(%R@KYW^3_1DK%!^#K9Iz8)9ziXc$(6F?JwHMYKvyz%MZt_#6r8AUBAEN03QM^+0olSGM&C0Pjw2u_nr zh-6KZ-1lQ|ZPu5GiD#+N-KM#1d(wboaXE@mNU2cJe9vRSwU-WGR?J9jWR0g1YfY?G zFbR?9PW2=zWKbs=teUS;)RCfCf#r#UoQvDP)>`P-7q162IsGJ^U>N|jmJ(5MkFs2g=%;Y-1K`DrzTsu z*CUS8yuk&&aKV{IGeQOmHv_+3=`3zWEGFmWqM4Pm;Mz6i-A8kfb?M@pFkAfmH!a9W zT7h|`s^>ou>8US`0^1Qv0Y0%)MRcx4tkiabHveS5&F{)qfFuy zTZlCDai-KKP^Sk2V+dggJPb#9^g$+z(XWEyIPq^3lT3=72G4oCo7zn2r8WIbZ+XEd z1`sHafJTcXRca6uIT!5#$zB0M*B~%j>?HNyAG4beHW(W%SVF+?+RR=UNTDCPZ_u#Q zLBf&SJ84S^)u{py#RD-KBId`^^H>0gjmVHDkc9>IQKo{0R620o5>FjhJ6N>kabw=A zqd`70nnF?|t;{o#Guc0W1ns z*vGC>(DAiR<_;DE6h%iBD|v^3uOARsOywh-HyidI~g2_gqGPhK6J>1o6+ zq?B-G;Zo^$ENpI*y$PMTMx79wSxZD$a*j=1L4vC7ZtsYU*F;Ppf(Q&cB;sd$ zFj5id?P0qx)C8R&S-jzgY(*S2cF`hQe0i0eDV9_NN+en*Jq@$WrkiNl%11OI(MU$G zAhzvEExyP#Ce}NnLN&D(bK-bgEfvV^atpZ>C{jjAP0fN)Gc}#a9`VfI2cT|J?|TF^ zG%)D<9nq*g7;O>J#x?c0V2f%t28}KKad#&60ivZLFP2#8ph_1`s1*?NDGz$S4WW))k;_kysJXboV>4!2pO! zbTx$n<6w3i#zw4-^)5<6C0Ys^<}Hn_5s_-HNVugX(p^IXxmHBGhDI0_0ffF<%1|IV z79?{uG76jG`bd)V3n})KRLLR+Z42MR^olbdJY}YMz6GHaMIo?wArWYh<0WF+OdyDx z^(KusX>n3O!>-WItI=J|a?V{_>zPu-_ehgP5OD0?$imTxTAhpDmMwY=3u?Kkpg?#U znUvgNY&YICH`;~o5e&PCk8iJf*JS5*Rxc3h5Fib%0Y}O7RJ9{(8D2?VRprvb+6^z0 zlGjFCv`K9=lYVUrk*E|yyxR4tf(SHOdo&Ow+3kyRrW!mjGS$(x6m*LNAs=I26bj)xYoJ54 zUt-%RlFTMR`PtG8i7zlh0d0Y?bamGal2)}SRE?c>Lo%}gmRHhRY;?E)cMpuO1aiTV z?xk0Hv!rr{+ep$$d5Uo9or)-4sRxW5+;v@Bl zPIk6rxiX|j(&_ROX z{7sWxaDlMk)gQpc^Jl_mzW47j0R^}nOzTl#AV9`Mii<7siNV-8hV!_I&s~{PA40Zi z7*2t|8s1OErTc3?3sz8Rg4l;7)UMG{VelaGb%EwfeLU&N-cie}@X~PLh;e@5C z83d%V$tYp{4QfzE7GWQ9geVWRcFD+kNO2q<{}(>#-KlHv|a=s)Qe( zDsv%%KURRE3%RcW8|JCjE3WvRGemAJRyovJOET+5|CgA#Klm))^dw)-UpktqPd6%~D~u8laF&z8?Fl{imly~|DG(Wit@4P-hcNwQKj z^X19Xc6V&-c46;n7Iw(?M&?YnJ1yXGjU35TI^53t39`ajFAq~wo{CU}jHGzTDO!LF z>^GH8H-wW-Bo1tm0BCDGJs=qd$%Sr{X{OZ@1XQFfPh(CPmbzi#n;}8!*&G-I;Hi#N zR8b6X#|T0g7=YCADd59hq6jSV)5pJyfMjfC(4db|g$(TLnfql)D!u~>;c+>1g$MUo zzs*sR=*sBSL z5PG~zfZeEd#`WYP0~ZY(7syr*l7bQiQs(e7Nw&HkqT?q#)X9PDNCdH^W7l8Y z`Hv3^b-cF?(MJ65EJ3o;nlcw~P<4#c^o%pM7j&X&V=dKr=1Q@H1dGN=(l zR(5pFVcM`86%XIbV2Slm5b;Y8bz~|KKCa0M0omy_RFBZI1P09wT_Q@>iW-Kv`Yc<2 zd5~n{?4accPyhxnNh!dXfH3c~(!$+c-|xvq*sLfBPLI*{DFZ*B52N`A=jFgQ29sNE zj>Tl-1gRBDha)8eG!2~$1K6>ju&rcW$2fKwAVC&-MT*u)bzwXF%PEZPnG6SE3T9ly zueajr{GB|w={gMi3dXB-imm6-y4P~$iINGExSh;*Gy?t+@1~{(RNGaklo&jTm9GM_ zuvB(fF;;;L>D)daQ?5|l;s$99#1_sp{x0#DCzuTc|@tGge^XV+fErc}y$vMAM2h|VQ z{H>5hN9?b-4zZ#4b$?N%>@^Bw+06e6sgJEeJe6P_PfwA?k6KBOVma z3i>Tm=8Xc}9>MAYBmN{W@8&>w8lX@^w9Ere4nP^BJF)WHG|2Kf9E=wrdENZPO@k}t zYkddgtNyR{!=(T2%kp9WscMh*;SUI>Shga6m5L5uw@_c#6jU;RKlIB3bM_zePa?`& zEIg3;Ie9f{n(8?0e!WOsW#?Tp4xMtxE!{c#@BP}p?00Ky*I?9bkOm0sO2iK);jlGF;UP``{Z`k@?}~@hEQ!FQk1?p0m5U+6*68{bfIv zAM_wl?7=8{Ptr(u3TAk5Kizpwf6WmQC&W+of%sYd7CxN_jS$km#9R7bvd7c;MB)Ac zuNv@nkW=WFas5B=3V*Xa^340bPSMNn^FIr8jDD9O6=e_d~GhJDtz9^ZbG zGfyFs=0q4LaL4_&v4wnkH2WeggQsuWNdBZpbVuq$a)|e$Jkc14{*p)1{)T?1pyTQy zKgm#ofK%8h?E91L{x7;_f6v5*3f8kTGe7kb<&F7xodr*;D=<)m{IY)k)BMepGk{Z= z18_he=`ad-r;)iQq7Q=sByrA9VNz;Uuf?laEJ%{A^#hPZ6`kCE#Nu| z8)Bf49EkggJqMCGfKcz*-iMh!ZcoI}`+5j~{K(@H&$^JW^_(%fs;7C!&bJ=n+#XH| ztv67izn#~x(=`15k9e3YWbDE4hco+2vvjj}dT|NYFzZg}ra2PnkilXE)Sln=5#eS& zcHi>;ub%vQ$Zohtk^TYC%p~>LqCtbVDj9XLoHcBdW(c1eKOxiw1}4#i4K&FY^r|TI zTIlrJvdTY$5j?CUo58R_EFQORrZYTCQmlhy(+rsrIuwSA{t`h3kU&JJf1&=6=lKfEewX@PkF;CUw;6m2x!wnG=oN( z5u_V-a>p{v(CN!IG+nG5vmni5c5VC3n<{fEzv#W^^uN{br&`m~E2$yj3nsrU@Z-i2 z$+FR03#y>l17t)s9nk|oJ;D2t?#eVlheW0{#=V`dR8n;?lro745$K>P2crXEY~owu zVFK3HmQWsejjr4@O9c%`fepZk)ZiszAN1)BN(O94!hq>_@E1sN2MO#Z7r&_qZ;>1| z{~9^(2wr#Wt|x>q67CQcMiiv`7PzoEtro1clEU>9H=)$}^fYud(KHu9G;}mH*wD$A zd5!~Ci9!vwZhynP6#hTo;-~l_`@Y^k@<+9PzvB9+d*A;l`H!tZNBj)`FdrA<2gLlr z?*OP457a&f?EXNuWCWkRN_l=$&^9;iEO`pW*0%dFd1N=dP&*LGeWvL01 z7Z>H+<^j>%G%8>!1uY^5Io+k2#sXML4q9r#;yy}txS!@Lr}`yQdHO!@sW6KusaKFD zhXAz!MS}EORH6DVbr3LHRTH6QPgp2*e7rlDa9G6z0Q4$=@Wv34^JlOFvP z$kb5Y0_{zVhQ&1s9rQ&uNX>Q3_8TZ&6R{qQ6wwgDQX~*i&_gLvtc{75M%z$pLdzo> zjApG$%_hrev7xP1MN-HtmW5QbklF_~`xCY~ald(7GAJ1~N;vV_JU!VWdb{FxWq_>L`GVjhIhX`l&zMiqYtUL`U1Jzr@=< zw{xD!E0GV~{!>f5jQBm7@>p`Fiu|E>)q31*=X`Qak#Q^dlNFG7>b3s;Pwj==)W`lA zhRkZv(6>;vT_D+sIqMj%K5|UI-5%aV=VE3h%gbn`9ru{ONyK_YLb<(B{qnl*w95SJ z%%a;L(lz@a!QW|yhSPw^YqdR4Tc%p;%hfYm<3Qota)Dn~e=AgUem1DlvH}m7J0OO(gf660S9Mt{PYD0Rb)6TZ(k{RDzS4?~~ z@ZhiP`m=`^2eVOb&F%xNl3>vqWX9wj<_@rAXX$urAAildX&#xH`zmPuLWw@-qEAO; z7BYbUC_&$U#AX|%XPlUnxD5Qy(hIMjmrrexDtk#U?5UYr=iW=(=QinC%7!Oy)8{8F z7a8_@n{MEws9?&KTOaVx*HztWzanl=gX8%8dNG{anUnKVB=U$o=khW_Z>g`|LBgI6 zENWRmO?(GBBx6L6jS{^w6ET_%PE1wkDxhZ)WuL+@nDR7!R;?5A=6>mAbMf__=Gk$I zV-iJHUjl@kdVrK;klZ%nXbzzxhD@@m2ZOd(*#hRe+@b}Vh(}utf^vOuR6gf)?3$8f z8kV*v!AmU~c@p#ei2#?%=+5={{+?{L@v8ng@l3hV& z`$GKJQB3UtqE?7qOfih%^|k-xu+fp6ityux&o{k;wHHAa;COT-&G@Y`zT8W`+c z7{)_{1QIcpDyh`hlR3ZgB*WVJFU(>dPTLi(jsm3Zh02GogHl=WLY^O? z*(mJ?$wy1GXG;x|sapL^HeuoQwR;~-N$rqTiRwGMxfLlCy}H>eqhK+TDX0u2n!$k!uyM6 zhFQaC3ZjNC(mGJl~+$a2RYb z9fo$Y2x}qS5N!d37a&y7HLpJ4Bca%MX2Y}c2n`+YF$h8Gi=*xbKza|jK9GbHz0_92 z?7Ps(1Jmr$P@s;7CK$L$M4Twun_zI3eH%o-Nn(->r76pJ_G)pVx(=v2=G|M&y+}47 znb;7Bz&I8I4h4ZBnLR36auBUmyKuK)SuU7Lr8nNzwmi9a?c`j~Aa{B&PlSy4UUq~r zph+ysGvcW5(WXI1z-)l_1JTfoZy7{m{f$$s-BJr!-JQahVLiIK*P|=~8YY;M6=LLI9)0xoAl}E^KPOY=-b}2KOn89K& zY6DH1ues<))&T~i_YTB8rhUEVEjh6f5D=tELiqWtRYQf8+&$)1paov*?WJ3hp%f1h zDtf%j>UbL&_Q$MB)4bp#w2DB{laR^i_8L=Jod=`@dj8Y{?cMplkO!Cg{{tigm-Pez z)Bcg{#J<0QG-$C;jKLCuVl1hMK&q~a51+@&xO)&;$??MPeykztHi~RkPA!%;TtTQA zq7BGhm9g&92Tl?O(hQyO;id>+iOfJ%>XHQtVB!us=7&c~D+(Ot!P9Ium9=%&<(_%l z$k`Q(vzsW*Z7Mm%I~#4Q&hIXux#Oc84=|@Td?cQrDbuIN)7}x~=S-3j_eub{zzwFEGE;Xgc?P$W6Hm)hevP{Ym)7c3AEy44=rsqutczot?J> zfv_Q5)3dbLKK|?>$62%+V|)81zj61L{!GM5q&4fcc9&iMsFGVaX~)?gbYbI1Wkc^% z-rCaPV%gTrt8FZZC4KVaS+=rIQC#`{#Ba@Q_ksU31rvSC6TjLqS|{hWMrY+cKxPLQ z<`A%B2E_kWFgQ>p|HpK4i2%QcQnhq6dk4T~5)%XsM1$makOf}@R6T4eY=dN#PL(HU z_oa;6gzd?m^xQfRBdTJ4BbP}c2YTYkZ=0~$Hti?4%?F4@*w~TgISdX$Yj$7>IFsHL zE*KG2tc(yr-gihLYZ6fAE`4YZFJDm9x@0N?hdBX3(H^5JhtrCL2SbR48P?qrQ%aEsyt)xYtD)*xD71)&j<2W(;{7!9 zO8!HIB+EP>VK9FY@fhur*=&+XTrE=rH&l2D4O$~)b|5t&8kP)}$!PzWiS$2bN0$N; zEFbVr`LM3h>!G?{EbnD{K>`;93(BWL2^)x@EjEtGwmuL~)8p!_WU+~|fcmXjd zIwTi`L$n`#5$2rCgW>>{LQ{67K#zP)rUY(^5r$TlHdh@<;9t6th>9a1rXaB&!_Iyi zko~F>O>-m=k|aCd%tJl|@v29M2B4k$*?VKKcgUmQcLvf-Qc*yn(uA9k!OW9y@ydjZ z=0@d0Q1uh{(LrSS57Klh@-&nqQbA8Rw|pRYND~N2&+Lr4QLrvz3D38@Il(+utiaR1 zj!FyL2p!3C9ky!w@0a==)SuZx)K@d?CP;!D349BfX+sZMu_3+`%8(MP{hI%d%Ea5wn zE2rM+TsoV|o{V9SM3G)cJ;@(jIMN)UnXyJquw58O1;1H?+>{{yuugT7V}z(;K{^eP zLBXH$|D`01@a%Sm99wtV9|wWb2^04|Gu;R3ENU><<*~Qc{Ur)y@FE|af4Zl0Wk|?> zvVNN+KUc@k=X?AOFYTxgvjZAGlX0hPx`RL4)Y!}Dg*C|zzuF+yMbFHdAOC}JU3CVj zcFE)zDTzCx^1c-Js?3sF-nUr}#Lt>jFH;<0**I+oDFXDdAT}(PS`b3#3bjsoG}R?G zEwLBjWYIww;g(GQmF7ggJzMK9SDpr>C63phI-Ez8{Qj9FBS1#K#tY6&W?_c%Z`YVr^(X(o&Qc0Kwd=n-+xBENN16e=S z90K6hbLXp{zI!N!deWDo-1Cb<eHI;AjX_?Af%A zje^M#KB)T+Y~e;83@q$>V|qYs0SKIgmWH&eI0)MWP*MW??~4tIO1*TDZ7BsiqL5~W zciRU<3y4jb7S9BZR2_mqI>75xn>r+KCw!b`M9{qsE|AEexC{$(?Kux4LZImQJPku( zv`Hu0dL%3`*jr-1uPA~s5=;?Ewccv6OB%4V46L zRA9;g4l@$OpincrOCcc&p$sT;xfK@jcdnM>3b4wIJeeBuj7h0x&Z~$*0%0u#k$N*2 zqUmDArDm5H^C;ZoF$J6M)y#XT3&yW?x0rg;tM$Bf@vD-O&v*Npo6x1&Y1yz$5Vk zK^K>r06^?OqN;?V7{OIll3`(a(0Y+e(<9AheWr<0|1ID0KkL8N-9?oR zNd!C5C!hO%I^VyWN0rk4*|W+2`S%&z)Pn$W59F8m$^L2|qNmt@r~OXFf59L?Q2X@* zGt4@X>@=l6=n!{$XVsF3q5k+v2l*bD1b`6_=^#Y=NCiAr6Z1c?%klp>e{dUcQ9rL= z^?%fRAr3!=|3H7&{fYJePg9{Eargdu3E3zAqp)-eAF)65NmM`HgG2t^qyMM*AKZZa zg2<*|og=j&fAZ`yABWmVq`<_Is7V0-se=dJdV~If{+TsAvpWu_&QOE=6lEAF5{bh9 z7que?+2=E)j?8?eX)My=-}L0b)*quGDEb&Ey{x~0e6ZIu0O0z=ADa6tP=XEgmEd8< zK7V*txe^Anl+5~voekk$6 zp#x{wd{?v>MiwA{fr8Zj`qEVQNyPJ~M6cj~1Ltr*rcKs*NqwveAC()Df`9T}1v}r! zXZ!;!L_orpTlrzKLr+AF4@i%ViDjS4bBLQCr|Ot|eu%`8^$XMW!}0trw>JHx#(v`f zIcUM_^%xK4lPMqK!x@~+il{yUxDozK@=Ge({OZ{JTs!{s*zxvuUvnSD9{(9O?)<}2 z8X@){bd>%+U-EEJ(EFd`-)HWc%3$+2Ql^k?h$6ZoA|du634VWg5Aw5UZI-ba(>;Ya zsVb8v4Z%aq&(c87z-p@QdB41M;}foV8T$WmwX;%vId;+So=M%a!N{!Se=hm#F(c zarGnfH2&?Bas;Fwod;C+on+W)?Gz-j@+DM$0R5&1NAXzXe>yLS`Vu-4KfTfSuiu}7 zeBNKid-*=qoYU%9S6q9#eaortrmkH7FRhx#^F|Hbj1xei`|7 ziIQ(d{?^F;x8k3n&_==KWKVKaJ3o;=C@=kwp*~Q955$f~!x2f6O@b+dl8gf*pgAK;dLj*N757@O@M!h?;(U)3Q6fwAL~eH zqRwPj5o**@$O+%SDa*ALUOA4lWB(EJCXou9tTLeK^KZ}kr zmO17?A@X44L8;-j@+2ST`aTbl1ySW+iS(HYa!iN;4b6!}ldB?y2s#uV1P3sU;+?XG zggKZ}rt^fdkfmepJxAPr2f_%0@AMbF@rVZ~^&dvr&DqSP-{h_7%YF7p@NRc$vwfWp z)@O@#FpbHhR8*VYB>>UEG^%P)iC`^NN{E9^1<=_D=u#Lh9ORi0M$8*^5<_%c8nQJ> zpL%90PwqNu^>l9$v#5B8(G_2n_!oD6?GsK;bY!S-2*cF zKcM0MW=OhO3Y9X!K_BF>qP2yL`J01KLXte62Ktu45MY@n5LfU#&!POt!}lORC=2|e zhC}xpNQ{Dhl$Bz1e$!{O@%uC7_v5eF#$)iDkK+A&p$3pP^1Q6!mN>?WY;m@TVX zKi4+M1gqo@0P^(`9+D4X^CdlNbZRaH7XTPUL)O0VK(Wr_VD5?=FmpJsGAVWWPDuYP z*WS;{U=f`kl~?5jrP|qP1WOwsB!fVog~BD*uU@rl2B8LnPGQ(>V(>)vtI*-fEx&?kNU-ZWuG4FB9Z$2Jbj&;cUMpJDt#oQ$m~rfkC)hy zi6@TmVnf$w+WSsl%>Ia6n@zc z(%-x7Fo*S+f#7w{9~tK(;t+V@*Zpo!y&;En{Uy|x|ClsUQ4~nam?)-EBx9owd95ZH zDzRKV}%xaH}M;&dQ!KwZ<`rif(v(Jama3y9pE7 zQ0%ZLRqb%a{(C2N`==T8kVI{9oV39ZspBN|!Y94p_px5Y^m-`uKcP?NBt76J_Dv#T zAb6?yzBL;hi5Kb=KM5b9??s$9`VYHBe=_7(_?PspS!Mn+`Q8uKVMjx_?T}84C_usV z)g=5hW%c=;p7BG><_|1WAJR?|x|O^dC!-X%YF-!Dt7X ze5qi--5y8R#5vf_%f^{YtU$Rqi0_`D=NQ>O_7!pC&X?fzaA=R6cje{DGY&Yb&B zjOgX1Yx5fc8U4`tzp%(PAH5&ieb9x>jHUk1kE_r6e$Q8D=lD}EnDY5OShtlXnBRRk z;~#~vS1WFE zKi2$y9SBj7b4hMozZJ{Fwnwlmj^2sS~H__dGbCyJ^~ULU7ef|5)T1SlRcQ;5o( ztHdKm#x5t^`_b7Oc|W`Pq)v8Z#fAQqzp4i3>tsZ>>>jT)pf)oPVFD_hhxZ3%A?_3R z2k8#r-`|6nRU|72d*voR5wio%A{WdoxEKWb0)}yed29|`2?_sdZ7Xy5=2Y_5P?3H$07j!kgMt_%a*+>so|Ny zRr^>2`a|5K2j)>dqMwmVJM_`t-}45);-A+*^!iAHSFU>9{wwtPC%ez1_7{iqw_&g9 z2)|>s5%NTQ@v-iofxCAY#5xTLMmzsu)coJ5cQemEp|f7|q(yIq?* zXWZdfTDIJy{k6K=F4gte|8~C?&oi%Y=i)}|Qo{cy^QVxf>Bd~cgU9_rPn*(76(s-$ zx~KS(fA=>H!A~#|x#CJb&zcJ#&U{bns{Z5NqX55JL;DgNNe|+YkH!5@r9Ow&{)(#x zTnU1wr2p9UpYDEh=00Nw=-By?5&Do#BWg3AOFKvtRk z6Vj&{a?(2@YhE6^q`}H{LXbo=3&p?7F_WPN`efshzpMEP1NEQI&-1|^Jh@)w?uY#B zA2FXUu4CM6D3mGkB?lm&N(cTKXgz%M)e>IJ&BKbWL^P+!wK|o5{E#?HLMU^EL)=2? zP!sgTPx8gy%Gd+1?xfD9X<@9iTL!26-@5C>MJNr9IIU=v7r~Lv2^gv1Q4!%;Q&b)u z=Nf{4xhQ(nI8TcbL)+CkJI(?d!mOX=Q^ra}AMtB1b~IYPF4IT@^#sFVLIe4a(iS&_ zA8;Hz&LC_)WK=0g67(Ehc-63qcXx-{Pxj5S7Sl8=ZDnevGG%5hlx-=4DU!mG69WY? z1WL!|EI|)6iq}Xn{2Y%-HmNHDH~SoS(+`##>GLysHWX@*J)7F4Gt}#0`{jL20)$!; zy*7nKJTkPBz>$zx63oPofk=uZKJh)?Z}Uise{g!teb>qM{11lT17B{p5`4(;BJ@MR zXn)5(!$!QEOt5wrl-FuJv}u*vu^R-yu~Q^SDJs=|^5j>wPxdTTs)kihf`&gPA1NpL zw{=Gq4a@8*NHh_b`pZ&aV~7YnVc7w|Udl8Ur$$cGu_Onx_VYip{EdPOkL2urzk4*a z?i;Rd%UvC(XKF6Pi84T`jYxI^2Icf1>LEYRDfNGZ|KK_yU>l&AUXQ3So~8RB{!)m9 zke!P5q1vJ`05pg`$b_ANkLfjCUdfdHX^Y~Y+Rd4pAKP5Gdn|$Xz132bV2`pxv%B$P zpZH=M`*fk|m#IROrm2lfNG5Pl#0euv`9h`(LiAc4&m7n&$z3$*OtQIW$FE-q*W2Os z?IBWWxan=5^>}oAiFRC*`sRNr28Y>Ur^xA=wW9C63-R?PKg8!a%;Wf;B52zX6j*|+dbRAH z>_@eyzoI`ikn(|UBq3NH@&UKm?GI^z@NjGyFNgN0(c?n2q=M}P2E?Uc`%<=FwHyof zh%ed!h=_EP@*v4S6tHi0q+(Q_o_=gkBK7*&Ll#X65gO5koDFuTZ)*0V+AhKi%mZ{p zI9_0Z*wffTe%M{mO}jBiC)R`Og?9q`20nrj0)2=gKeLgmF@;SrQ!+~Op960~A$`Z9 z|CSOWWr#h@20~*6&6(KQuI$q_8e6TH5nmh zXl-QEvCQP0Pl><+dnPk8mQXyM6;pL?NL8gRCUVS$hys`JUz)8l_6VJY$7Mi>1WWRX}x5R zzQ&$0xg6@{HjcV$Ssgn2Z{i$ce>)kQSk%o(erM*?ZT<_1SR^MRH$^`Bke}@EA?h%9}`0S?jOi8b!q+z zKdB$|EIp-r6K4|>X(ZVP`nmVbAH~E>Jz)AEk|`?01U-G7rUCd6c>V|6Yk--8s7}H> zo{TCVAa!N=vibz0V-|z*C{P-{KxmLTl{JZQ0;KgN9-o}E>N`D2fqi0R`p>Zb z?Ua5}1^`8X49LkW*=8|O}sc<7p+3vfBso$sqBa4`6>+KcZx29r z9ima=4kbfZDaB zwIP)SfrSDf@E|r{K8ANnn2QSjOg0+K)Y%u0dbX=#8wL0GMG75(Gw2GIpmSk>g-(+< znNfAWy~Z{+imn*^B(34Boe^BRhgqiTF_zy9DN>^bTBJ2d4WTrVDS(YK6BxKblGrg> zvQpHAlWdrffnUPL?bc#H*r};sfg#2S zK$+OSJ~&US-g@N0|$px{nIbPWtvLvDK(heQg)1*N1v_-eE4kgXZ=fk={;FDQ6JgP?jTsS%*@ znwpcbaZ%AXI<*I%4vk_ojfzMVx{$O=q3*W$1!M+MJu)uQ?hjq?a&-^2%tuHGBD2vP zVJayYh4AS*rkLTrutzr(baSNX!>zRYJHGpKk1`BR&hFH5F{dfhhY;Vk2w_9F3kQap z-AyGy$iy9pTp>W2ih{-pS5d);Vn?!x%G4YqXQ{rDo25N>?_9S-5Say>T%%l2J z{OJTgO1c1Yfrv#6FbFchrisOq)9CvC6$X%f(59XWiy`fJ(FN*=1x`c{5PJ36yFKN}&`wx%bMNihGshey`nvwS^*gv|-7P|7TT&s-F1E1K_ z*M!dX;Y_(Q%(cYH(Onpt`#+oypa2soSR^zz|k-TyuOA+oK0 z#n1ic)$v|buWd!Lwo+!Ko9#<*_@nBCkCdW|A&UV_f)L=aG?54= z$?jM(+eg{3(ps6g8l{dgM&im%O4Ol-($p;l)}$t|Hdr876hgB^EQ3bU5rry{m}5sY zV3M9-;&Ca;!i7mTFxn1MyFnxhVVa<2m>az&bBNkdTctk(FKJ+p!wHvo6Bm^dj(Xv!3=>bVM zPHEXmPk!5p5eTcWf~|y3(gV_ZoWVR%yLrCt-&9S6g!|O^*&=S|p&E$T+*mUrox#lT zF^DkOb!`DU=P7es4B;D(gJN8Ju!Xv8T5p-AbF zA*&M1jT1vC(nSbE5k^XE!>vWj5io&3f?i^Dh1h}_It2GriM)V5;o!PLmI$AL)G)}C z3k-}B)j~xP1BiFog;*-1JQ|W}Ekd*$qi0tDH62QYMF1H{R5iJ%LEnclC?^0zK)khQyy>r{GV!Mb>~k{A$S0S4&kLZ@ced!(p*Te2S^ z{Sb^K=tY8fyMhxP(6am zhz~1Dok&|I?7i#*NJ6FApaQOGEDR+|vPmq8$N7Cn4qaCz1&=XV$tOdn$I8MZpPFbr zs4pF&1QajNW31GBj1&(jMK^XLCIhCaYKU=%nH$G($3Bl8zr79LmXk021Ge5 z2Jh7&)V!&30X}F%!n+B_oZ3i3+hCqHB%DzD&o_32*<+}9G7r{N)stYdc)Pu*8j;t& z8hc6fDrqUaj6Hosw3}67#I~Q<{m_g;%LtzSDYzJM=2i} z@qp|v2o(RniQ{w%$EQF+LE%vpTE9Ec4F*6@kxCk`kDK&Pe+P%$gg#|Kw5;EJqpekG zZKJ!aVuvvoA7r`a6{akw_Z;^X;{+s;0VKr~koY!@gw2utW@77f>!wIq_Uvo5CSYc& zGa}6>W{RsGI6Ztnz>JkDf~H1-5P9~~nMOjTkZgNOp!c?jo<0#HnnhKsU}%wt{hkd? zcd6N;ar(SKrQ^r+L9irY4ix?AnLTc0eI5N~J~wi{{3YSg5QI)F8e3%4T_{P0 z6u}jGTwP@&7@E-=PKLdAE*c>QqWeA<1^GP7=%^HoJVfThAapGl5Q2n_*fAhO%y^i1 z!GKRGu<~FT3lC5XF#Q|Hg7QSeF(S+=#duK3DyV90S~aBQ)9qnCS?Xx)b+3;aiRr4e z$b3wBC;=jiVuJbLNWkR;GE%V!)CgXtq@ER{UMEctgSId!Bw|Zq4P+bKVHi%8Q_xFW zst}w2Bq~&+4S>QzbH#mRga%Z!O>5VrWjL|KsEV-U#o)ypB*hO!(asZV(;Tp(?0C$@$*;dBi`&PG5#u~3SP*<5y+cD)D1?y%y``P)UO^!? zrAY{kiu5S-N>xnurd*Vg3&PMK@rjJ?XFhWS$EJuSCq@C{Bmxb_ca^aDH!&rZYAoc& z#g|Mk8H~v}vAc_Yg%=E&;~4zt@gY1RMnb`T2_OkE^&x z6A73D!Z9F7@r`E23_bUYrYp^LhnvkDQqjSLPvL@S43E?(Mz5$R&Q&%&{ojWyf6|i& ztyLG^+f~^7HTWi}?k`v$gAwJU;@;Xqv=o6|#&pyy1)HQ0Hi0P)3KEAgSj6?q7|5~) zrIE}Nkh+t~9EqY!Y%gi`>Mxw5(1<>wQYq&sVkaQF4v6RieMAt^7Z46U%aP278go>7 z%644D^)m-rnMkV>_3^XzZh1+$)h9lV=TXI1K!GL&O|2>{#`Z1J`IiJO2!VWS9z?FN zYlNB;Y{C)X-Zx9AT-6MI99+{hv8kD6W@bAq%J?}Sl*3!o+OreW=_H&Cc1RKFjUF^H zz*P1QUJ}C}jpihO6Oe|9sUt1pp{2?aE z29|rv7?AvCLw+zbF&}QYXbQnb+gAq{POka_|Yla}w zxCGJr%sG#2M1$8I@|h$?(sjc(g$@t0%@3o2YNn8hKNOd z=E4w>5iX9>1o}cddI`~xas-^i&>=!!#F$MD$x7n{CK8n3WJ?4+rP{sC)z2ZYPKWRL zshEEM2`V@NJC1%Iy02(<5A3u>toQlAc}78(QV7^u3JMl4zm^mm6et`D0gFQ7BA~*E zEUH+jg3RYuwl0DA#Vq1v!3SD=9vRj{csms3+qBtU2r)XsP2&|RAV|~|Fb$Bxpyaux zwi;M7AKDrS76zzfs5%aSse>iaE|wc0m75S82uBXIdD+_?`K5F_!lh|`<~GJH!o&uo z5$I#xAS!_rF|#OcFqML&33wnhk5`&NZOVHp28p*aLKfx5*vkfKtrvyGt{CYCHrz{E zCir-LDZc?q^1^Gf1cFJn#@lZUlR(boJ~~Br&_Hx>>27)~g2F8j1q=p!93->XG~J+W zLKm4sAZqYnXz6VW5_4uSnFCkQfzkP(zSH3LwrX{$qRCBZ0jdOS*=CCWtYk^G5-DR* zaBVRJ=z`D@B&IN&QwGW-o5?O&|L8PUf`idO(Lu7JhKMc&L~=wOKn2lJ)DRtnUCdYi;^;K~0gN7M@*DwSVIJcrl@B#L_k*j^q&=|quK^x@r6A;{=aQkx2BiOZx-EKjfM5Xf(F1oaD0e>-DOr3CC|d(4Bod8It*NC+U!sMFCk z5Qh+voKXSLns^)y7Yhzorvw_S;0n<03e2lSw zck~(mg2Q86T#au=M^H2;C^4Ml zIvx)e#+eYdD5Qpf&_h;pyOAofMI^|i>hZyL#^JF?V3UBR`b{iUsO;x(;Ao(-w=97n zp+J*#3RS4guxvXt0dRG?J2l0|7tt}N#j2Fi!G;GAgcOV<i zCdB*nL$MGGmg*U=$5zoh3GLgdOKQCHlltX(9vDwbZ>(y~SmuIMiyO<2HXcj0HzT$| zvaOn@e8JXP5@N%m#Pey8?^9|=jYf4$hUnH4ye1NlGKl4Fo}HV`A}G_ev z%LAouvaBxiB5d7qMW@p-v-jpvOgZoT~0cAB%z&qQ?P$-t(B4twJ%G2~{3 zjZzW{m?SN$An9RCDsGpsX_0JXBi{%%_)f|~TJ;2t3s%`z@^pffngTYdaDN9EvdcOQ zFH6$#Gf)&vB%emaAQxe-xj`;FC)F*f09{~F)?$v#gWB#z#2T|n7BL4P1VY-VDLiwF zf$MvdISO=-axhvD#6wzf0ehavD=Bw45X=D9I@|xim6C(I6voO#@^$P1++M?48{SzU-FD zmQ>;4vG_Q8_~uvSOj7tjq{J3RR)}*@Z_^RA^#Ndmn0E&b6iALin0ISYN4mUy-m~oW zZ80@NLrSi^Uy{%)Z>@|KGnx$`>_-Y2Dj70X05^rvX;Ok~0OU>tp;ia3+Z8G(WFMPQhO z-zb>y;}9^INGlSvb6yA?OuDRRa zp>dBOca-A+9VQ4g3&YDkAuSzO4-58eENmK{2OapvkX+9rS)_hBMl`r=ZUrb{V-FBH zLtdkjlI+}j8N`O5vM^~2#wlb8lGY|P%HX=iC3JRCDp`e)kXC}{1|*efY&+$_z`=T_ zeKj^t+$zU)vP%+8l)K^1Fb;-;t_*_)#Jj^<1a_1P0F|38qEUiiiD)ojE%r%-7D6ps zR>BdLEwEq>Fs6ft3zC?q__-;FSekEE>Nk-M3j)aCmIE_akrKvqbQ;HLoW8@&S;K@T zY9M19O^<28BqB$PCaJZIr&?(>JX&yB&1LU7W373^1v~B89KazJ0DBG+#W%;jkF&Ha zu_1~C@v*=R8RCSD6S(npIM`&C{Paa6CEEho$6Y45*lxZC989c8sZ`|M$xM;PMH;%u z5DmB(XvmQzWVr{-A_t{Uol-^t6nW9pA>jKG%|;LANJ1BlB!Q<)Pz>xPdL@^#l>m*s z?R=vJ)zKs&2iFKfB`bk)B7vd6+EF;UEI^^W2yp>WhbLl`L@7f$Zft2H5_FM(<_q@ z#1nYsL#NIloq$NGgov!Z57&*4AF#09(X}f>y7Y7>YG&9@`?3x!olxM&FJ&21{m{Lbs!@|X?A=o&5&$9|Ta24# zfupGm8jNH>hz?l;sf1~E?l+K15Xg$~_GN~}Xi!MDk|>5Ozg(+M;Kl7I4Zk216C3Mg zn-{bpV9*$PQOFO1&B1+40%uZT!p-1#pfZF82_#{KM)lS6+q=$oledwfnuny%UC4}> zo2niwDM)Hmc(mGRNvV1rnZiyS`#735XnGd%P>3}MQsD$46{y;T^<8$62N(Pbp_ErpqGT6xhfD3tj4q z;fRedk&>^7S}0~G2L_=SIYH>HMp_+7N&oa24X_4IWdDE%dA?G1E3)==H z*v=*ELLeg>4-XGgTV2i7YedCzO&}!!1mrG-%_DiJTy?H&rM6kFElnwD$CBz?*Hb%= z;FVy`^}q>Yxkx#_s_h-{%Yv}h&dV&}tZZP;$kQ8LHygZ?B#!Dg!0GVCQzW0@S*_?1 zBWDJh@2guYEO{j{Hkm1QO0KOPT6rg-Xvoy69r`gy)b@5rUCe71-4bl@(%DhDM?)fp zKd~sWCYUxIgdN$^3m~M|3HQi6w7k~EAzw#RE1?HnhZs8ORyW8s9KAjeN3KF(Vh>^0 zmXhh1Nd#@F%B?~J(qxr4^dnkQg@Dinh%~2k(}+&?=3BK0fT$pP_C+wz#iX%BGS99S zVQ1V|S{YqJgBeMjD4tTn?m%?}$s-dgkh(IIPWsX%k0Jn6)zuqi6dFlznR8G;frv2S z2?i#Qrk4kAPt!fY1>(bp3WGw01hCxrwZ!-vYDkA$9Py4SGE<^fQL`A3SqKUTJA+0B z@`9cggoGqxKnY=l2ea>-s8zaS*7NVf!|IO*+T$=di|r1y1B_6JZ%4Kf1}q9uw_Avo zpn4EkF*9NRtVp3zzRzrA8y0NoqEvSzqmAu7FBw%|xBrzbfV;MO8cOsTHOySyB z>SOKbM*$uXMtw1iU6#Y8=Qx;x>SEP)I76m3RW@?R2CEq1MnNQ;AONKULl~EVvi2i~ z77C0(>_qfsV)cBQ^KCY#^nboU@E{+x8pg-ju4O%$axl7@nk?3AEX||Xzs{LV zqbZbQCRJgqoV)!lk66ApPon7X;W;HEQ($$lNGjOy1}A&mzDLr9k%r%vM@LDM`{UDS zH46mc7D8-<|BWkW$Ud=CpHBmKO8rnu>O2bW? zLlK&@X{s{Fg;Ifq2})^cNlKQQ|8OWTMP&tOR1>^FnjandO)L;%D6=(`T{OXIA`vPv zO4)nneW#9-PiA|=nP@b|TSaU}oOn^l^H{u|uO2X19Rp?F74R4E1R!2>8wV^{L0XKo zg9xBHWZ(fW#QNVH$)oE2$BGi&nouRM}N`*zj2?ls# zbu{7BB^tOiQq)fgp8Mzt>Xa@t5uC}ynY4jFbxhZoYx zv9&(7h%z^&n-i7UI-a(r<9F8GH$O^Xr4w@-(6ONUao%CB(Bas0Zk4ED+90Yp-+whp z%h8GB)rRWD98_I+rJJ!jaBj=MA^l-ZsVRg%=y?2^ z0qRAzQRsvm7%W;M!bk=A7d$Cw^~pE_*}(j8zrV*QyAGv>yOO%GtC+(yNIB$RO1y)# za7~U1Sd87r1eC6@hNl^nO*xIm+8eo!G{E4^I;4fQW@0bNC{R#=&lwa9^U&wfnX5xF z)a3Be39 z3O#-{5&}E-@^NHxE>Pwqr0Hx?GhP`%*kmMfNVvfUr1Hs?(GsUp?P^HZNg$G;en3dj zfnlG|DOqrcs0jvm3?oqrkvo9k(Ipf>tfbXOK!gJO$!V^btilpug=f?r6nxK&M}*`9 zgA>?6u|r3}tKne|UA^mIVS@u(hIU8SJQeiK>)z?yz!&ue-^{iE;s_ZWfcLYKULhYR zznc=ix*tJM>3CU0lLbbkAhXn~A(Sa)kjoZ@qtR!Em!r`fVbHo7{W_V06sx4YksS~m z7(wZZ0wl{!m$BcnV?FC(u-gkcIw*|U!SrtgWfnT4I3D3aWXTx5iC#^fsd1-z;#bVC zQ%Q-p1Jgz`TlL=Pd-KF|5J#~DPY;n%6flq=5P@n``6PJdd`>IXzgT!$7LYE%p^;*} z;ohc5g+y0y49-oP4`hXqvKy09O%GZm;g37;shC3|)rjMU0m%;FN+2bCG(e8)EK}Tn z)>NtJ7-W*k>EwCIJxo#ipQdGlVXd26F@|M{mTaRmq_s^Yqgjn9m8{I!gBgQcUy(e; zux6QLs=sCa9KWMK;?+X?6qD@LTNK$+wjnHN`lfq~=@ggCx1`D98r;Ic=w{3$BNAwBUt|6PO0I>LH-xC7SvuqFnXm0*!F zQpCVgf!^9B9TWIQAVEPM#KllI@ebi-8lo!j2?fXl$H107f+;@JD)oIx{>7q;Oj{F8 zt4&PCQKDdNm9}ZInPyguvW(1Y-_t|-juY?q863EU;A#h~_6ms2IvE?DQGD@NeuY2@Q8om0teRhuGZhy!FuKbbct z0e++#crc8>`(yncDtPCuPlC;VIHUO42@@qPib)a`LHxge@cI5DyNIZVhv(|9LS)<3kyytb~G1;p& zP&BeFBJT}p8`zItKb}W8K7*W{ifqDQsOC&ao)RaQmhp1 z+Iq>+9}D>3Idd#=a%}O$;_;N9cXM}}=05d$>Ozrqb!?;R-c8w5<8SxUr?sH?>h{6} zK)t7<)Pdt<3m%q|g!tD~J*uDbB(g~)T?f!1A`fB6=NzCtFRugfP+s#tGagkA@lHWj zd_$j^G$sJbMMuxJ+ZA?|atUD-%HNi215 zDyr`288%_7sNTSRm$Y|piaycdbcFDMCi@Vnj9=!5u_FnKvJz7_->T(@m`Ny zL)N8vPa3I-yQ_FOiix~aL$vWCZu(e|XAf$qkgZcKp@0k_R2z;U$^g`iHy_YIME@Ud zDe8Slb;$^{jHpCWU1comMh`OpFpZZS3F|Wv?Mfv>_5Q$Ya|0TM(G-yngB6j1W{3F>?Y)9kX-2Ek>ewV5$w zVWg_eW{qhiWW-wv8zjwMCGq@LrTiJ&F~*fuX?kGzDXMSo7C0DfH44lQ5TdBTl*Xh{{=|h^ zun^4&HN9ds#dD`^x17Tr8L6&U_G%a|GTM@4_W7(31 zB?l#POR>S`@`Ydp>7PWJYF*I@9x;oA1u&yqNbnZV?5R5-OtC>qg{!vA=+2z!ir@s; zwyIUCEVpDaj7kP5M~Hd@6EMju3t~rO($p6iu%RHKAo>aQWrm8FB+YbQN z1p<;46w(SYHxOjiAQ=o}TVpUJf<*z8(e^(_1nYVNOry`;Oc4j2V+fDc0>apV);@s6;#(@x!@;j7mvVPTVoTxroN1N_5)uP| z*+CYy<&v4!Rst(2QjZ9z1&1M01l3dQAXy06)IM;B`?Vk@6A6U--*3l{*I6}LWY0dH z*Z0o`YHHS4rdlVZcMXyr(QEbo^-81ef0O;XkAwA6R0qUU=Ya3A0ow5=W<0CfVS=#o zV5C-B#ErOem@Rfqast{P`%q{`lwuf~8MvlT1TENw0D13+a=%gbCj^=z5wrbaY!o zj&w0-Me$Wtsr|7sn` zZ=qPWF3GjW6(NDc#jeP^TSzYD456TA1r}^U0lfS*o0*P}D=tE5CXSbIm%8-s&uF}? zN{YEu%;=NN95g65?4fdsIM9Z6NXTak5=*KMj`y-DLQ;|r;ZeElRir9hG;K1q;DP$t zdpz02Cl*1IftmSaWu7xmP==-8P|{)Ggk}LsNh#YeofpJU zyy-C$pav+zNei+GT(p!5ZCAHrOL%zt>&CQyWJhmLN@VDWCl01ol~4`j#zyDaZ@~w&+W-W_ z#$zKC*;nNJJb4svolwk+W1)eJ1|68VQ7H37fI~wm*&;D4M@u7_VM`)&rd5RH*L?Y(n|V(9>A!^@=QC>U>LN%_Hr>fPAk z;b#ddNbrj!f-z2S4C=fkLWM<=84B82XVm!bN+aK4B>UcqSZXK{kuPNu6-%e#u@*)k zDB7TgbTYgs9^$5@6vl#p22sB`J+S%GK{hyKaGf!SCM4=nk&!w#+~A8oUrZy8d_;~B zgcJ{EAw>p7d_aeJ@Z02_O*->;_eBNW>~U0SqBi z?}mzhs!e|}iLFwSzdd~*zO5wk8lS@~*t7Au*&($u%O)(Ero%N^mT9rARNC}P`*H{5 zkoZ2((vl4^T#qf06=DjfP*NTVn~94flRuWDG(PnG7$iTkXf54 zw5HwFNC-qC8d>`}_~(_fehcF2PBkNpN287<^c>l{<~DN0bM55q4o{bYonOxAz^Ro< zkn{lEf$Ko~*TGYBnCloB23AZND*^|RQUPFyf<;mwc>E$sB;~mg4)rf&oV6rP67~0} zI4gYi%c`{YRw@oB+%^(WxYZ#85D&SlNGeE z@Tejo+%;de8+}|Jp@94X0l);yDB#l`|!VN@W-{X=u@5QDI1y$}0U}_CG`Y`DtN1 z&v~tEU*IPSiVZ?;aBxtG#vNqh)a~7{t z@WG-n3E>h!BsfBlc8>|u!EBCW?B8s!Ju{WLwNs5W>yA~J_|sa4GMv{79%|fM8_DO4 zEYafDvo?2KVr)xs*{Q5^O4CYnBb?#8shaB!H0e!k+GZv-)0alVi#J-Wl1DQd)^;b; z$B#MH(W7S>c4S3{wbruhmC2gJ6Sc#0xzatpI`!?Gk3BBtbJTG=xSKoA>`abU#+1Z{ z78VjEi;@SYKY;KK(eH#`L5B|m5k2gy&_n^hk78mY@9Y3k=7K@8Z(Ne9ma#I*g_!Kj(wN7-W$^YMsGhWTgsZZ~aPOd1p3SHG_C5-c(oVD^)kyZDAZ$F8`ss@-lqV%IDWR#XWucm~ z{hdx)W=xMWJ)f)Rq&v9=C!_-CmBTOOXw^oUzeP~LI?AG*rTf5h{cS#)dJ>dteDGV% zzlsQm8AIwK2VSU18K3JSA;c&r^@J+x0(h{mfdU6>7vqxuiJ)^M>|?T0=wt)^Qa$W( z<$yhqkg(5krhbU}Dnc5YK9l*u?5HN7C4;pNL4zav12uDV9K_6U7&lNgRFvHSApqEf zdXS);;CtX6NDwH$0Rk77^%Kpb@PdjRK!`$03|7kh9RAtS15po1^Y#Pt(0B2yAB&xu zvp8}5YMVs|=C|94ck=Pr8m2&PRV-;Bwy(Za{TiX-wIfDE%36=X++C_W9Okzr%`UYo z(^XA@<|@2sOLK(nCCpDXJV)|6>m?V>AEQ1pQE`-G-A<_Zx5a0m*_s}@RnhUoIU>2g z8a32%GZHMG8#WQkL+{!lmtv0=MbH>|ZSndJ^Y4-9s|a(1F_Z|!omW}f%}{;|*Cp!8 zygJURn8q$_S}N)KG@CUE;B`l~qwXN)Bx|a;LnIM3fLTFZ5hzF$Q=^VR5wVO!n<57Z z1p3JL5a^l&ij`D1py=*y2Y@S`lVd8l)4~2Io zkF#!p&GKK`<0+_o!cL9}9QjIg;j#Dr|lv1R$wzE9fD@hhuXlb%*x^l?cF_V7>JoBq=&SMOwEm@|f zJ-2C?#+B^dg9<>^At41cRS7aM5w**!W=yqarKVx1*>k#PWZG)kgWYvBn)%Q5q{K_j zW@|RGYbDkGZxBhqghf}g*Mg(veuT%Ghwh>EYh}9GA2z6TQXZB#;avfu~^g_ zW@fFKFg6UuS(`T4hMQ@!jf}EcsKnBXDhx1|S*Dh&H5kFMZ9$rYG&2=hip*x%R<#+H z&}LM_P?$oIScIiQm5Bz0T2Zl>rdX93md%vF+g8$%+z{owMv=Std2)x6hL7`KI z1F{R+iP)p2yIhi(d5YFKsy1<%hQ+$&mf}n%Dg-7XX2wW}u*@=CFv3}=DnyywVWm+v zAXm+x&0I0ol~u{>~RF@+~Bb+Vk|D`R)$oV2s2fUHXBPcjcKI|CRkw!q$Np~ zRt6x6A~LfrWty1LYgv0tBJ!sxf3hzJ-UP_0_qQ2mQIQcDAOZP7U&|eeD}1Qa z`xoF)s)yQC;2tMp6a=?z0)T(d{Dmb-pjE=1OvyF0%O82aL#Jgi1N43n6qn}Q-Fq{;gZa!dn9`~v83!;naTgFZhFi&SI<#^2mrQT^hfLIe!*l>})BnKqRK zY*dh7NWSQX~j05u^rfSrwr2?bmB-^l0_ih zTE4s7_QIT)I(o^?W|gTR=Ro03KygTvXwb3*6dOwpZVcCD#{9!=s;#BA-HDo`nMd@c zPiKU4?S3+SXg1>(WK7E=Mubn}MZNCS{WTBYNi}0Ek_A!F(-988jE!o%^FJS3U=7Mh zwHS@0s)^Vhq5<9?Pr}zoU=WJp4Rkq%p7ccWAx)DI-GkvFqt917x`nYk&e@dA#x7_; zPd25Rfn&^0-N-LF1mHjl;vNU0GFR9@AXOa&i~Qn-GNHI*??P}*2hl@>I}~`HvU7x? zVk9j@By`A62?$P4FnQFUcl6{9Q{!Ydu#03#)a?-e1LKJ(=r0OQlm*^^R3KYJXauAv zqY=ZPQISz06JQd!jG!jQfQ8_m4C}5@o%&^0=?tVBPo78RC&dd^cB$cvc39D*a6iI4 zCs$~n%28z@N<62Uk^XzY+EP@@@JHsqq}EoWAGnQ~m_gW{-+*yM`zOH&aiI$#S1L*x z?mC^7+N{NzrdgvkX+aT83F2@LM1M;Xvk45SlGH!d z6HG(?1INJ=v$d*OVpO4sp7kdsh&_n?3Li`d*$?0L{LPQDlqP<6@Nf{scPbmSKPkZs z2u)(fA*(Me<5WaiioOa z2vLRjdkyaR!hcEIvmV~u{LIZ$lw9T1EC5T9+ju1qC+wg})B>hUC zMM?U$$uE{;y<`=@s?1hw)tUYN3EAgm3Z*eESIxQOlem6<6(pEh(eb6(Tb@*6zktV!bg3WnoYFXs5Z9SAEV_H2)*#Hd;Lyo z(fY^hL^Mv#ozvajQnk#NWNSv)DXk(Bd#ciW%)n5CR4=Vs)LPPr_Ry)#DX|WJSp0-X z`!#>XgZZf+G=A=bnP=BkJk&onq+j^iL-`mc!oGiTxfhxJKQ2}0uB3cog_s#>SM=n% zD-|ATA>>$-P;_8M5K?Be-tbKPb_1M}=&OI!lv?xwc9Cf}-bayi-nT#N4)dbHdL^*RAHN1#)rb|JR5&`*4(nqdb#IBVr4iHAYwW2wM{a%0$m0`F*kGf!|B zjdw&0lY&6(LBt<&LJOg^BxQ<;6E-f1LD3>G+ir&g{3Em^O1e!PEoG-cuy`OpFl1p^ zQ_w*Z(~y0tPx=0N`)}{NrAO}0Vnc&y?ms3@$bk8jTD2O3QV>!=O%JayO%Ohz3mN)Z zByu9j;pLH*a-_^LB>5)vMGP%a7Zg($By9j8h^BdgI#EX@KV&=M-+m+usZMZ*5IDsQ z$xIV6`rjA5Q@)5z?+N{{_+eE8sFY7oqw^kTp&oE9Kr}I{Oih(tb2lxekvq9+MoNZM zr430c#4GlJi-1#_mTMXrq_fUVqIOehjoDJ;Sfeef%;P&o(x%3-RHD@6*@ajFmLMT!1)6NuXlOREtu`@Q!(?TM z7(n15#3Xl~@TEq7KjYLX%(;qdfO`~Q#lXX}BD2m~EiItSzj z0rq<4NYxxM;{!0vUR7mO(HW7-!fjSUKSQ>-NwUKw_mB7r zNhKq&;HJtOh(=(3J!fcP?@-Eq-`RW@!DuJetXTuLoIO-=3`PDArUUs)x`~NS5MZ}e zFk`?>Fc0b=IYbjsXK);7-)01jt&W6BK_=1un}+#du7m)WE?u}L=olNAAp8oFNn%tf z3bPMTSUbNs5~2LCKja$Yu+*{W5AqFDUtq8vuTw-s8VnDl0U;67>o$*j9`8vlZRiiQSmmHyB z;)B68VMl1Nq0*)}QVt+x9z3Zbq6}!tu<64*0pzXBJg{OVK*a)I|ATR9Rj6!xqJxlw zM2pWld|(bwiwo?TaR`YOIoqqotH^G2I_6i4LM<~ZEkCGobrxx{huvbA;rB@?jtD## zAY%mxggMHIk5{1b4Uc9?2iHjZtcjK))P1|8)7GSH9?2Pm`k!(2KHv6xK;&{cp~zra zJ@6*KCn`9FN77|Z4o9f(1P_@MKT-FA`q$dTFpx_$i6qEO4EiVejp6Vg?<4RL)E&vu zG#t4=#4tiK!a-3Eta-wm&TT(1c!v8ytceR02u!NbMo0eX?h(fiQB_OQ-PAe5f1U_k}!<33Q<_XOCXp@Vrxwx{;5+bH*RB0X_Ct-Lz1~jYI5FeKz~ z_z=-ZKvD5w9*iI)9P7^^lOV-%NJCL39XR!9TBpD&Gt2wap%Y&nuh z6JWVC^-dJCgU!NDbB`k(ExT^o6Hwl;RW>^Q=y)|6IEcDaAqp3B1SC>o$Ili?`@Z*a z_ImB+8WYUy{5;Y-k|(lzD!qD;c1ei|)PzrBwt?=FeWEHLsR0aAu0%VN;1_^|N%1lK zNe)r<`tt+bR1ZGcRn7(VdcsHNvG4fT*#bsvp524*ej&~*vM?hEY*+2$nh|J~PKV}z z>(*O2FFGm@$=nNgRYHf@A55#j!Qs=u)g$piLGER6SIpAA$+3}vB4>PLe6^ZgfRRzk z5<;2;&}Sv5iLX3!j5%JiIo6zT@jR!E&bD2#rHsd08-q2BXIwj2+jpsqn-(5C8Gg&n z%iTC;jMaF>-3R zJOn=V+(+#BEqu??b@)lfA%Ta7S^njPEA=0tTr@89-e}J%p5aqx>8BZAnJz&0qp%-Q zDk_?K)jvdl0B#fPutEI@bMQx0WWPQ{{dmNhx5djwkg27U5ZX7{yKvo0V@kR)hNjm> zkxsKpL@cC`Vn}wj5XD2IXx(EqiHKM*NBXMK8fjrC9~Tw(j!Gvly+(P_#O5c7CYR?y zg$ws|MEtArQV-4iZ22}jB6UYldWEt5&#Kz9U8Ix6-7K+DUcTOMQ&}?zu}oU^7&5{| zrV~1s{k)&DM=E$Hci$L^>JM37tDmXmUTLqVIrE3Zqd4S+-C3Oe=R?)KQKOD=^W%Sl z_1>A385YZ!lVTdchz(?rwi*~MEH;cSRWmBog*ZtmSeD1@1`tF*!Vkx^!)KbW*2u>> za8Gq!4#jC#23GuY>gQhg(d%FynX&)9( zpD!{WJbhp-0V@h+60JY|A`wP~t7VRcNZK)UJ}(LL)?Q3rdZ;!WW#@_G$sU*6O6QzY z(-(|~#)G-^e0d4ST{Y#-S=#jZHa8JN0KoE3DGkcX@Kpaq#HeWoI8^;>BL$MFH%ZmJ zkh8$9qihQc2e(gyRXV7Fx}ZoOHRTtuh98xu)ll~Sbo^*5^8hNsdd|W|Htt9$bO-o$ zsEN~Ip-(9Q{2wpN^^bPs;b`6X=;A~}7{woQ3mHHkgBOb`V&Lsb- z$mLRT#hEIaC7GmhA}q`x#&Q*y!W^V2N@Gxl6s?d63W8Cw4H4FOu+B%-qi(lvJmajk zkZ2fTkhDn}72}LWh(-_yWgZx*%%^JV&~>DEdoqTyWf3@$R!|X@LUX(sa8rQX+p4ZC}PcvA=6`oMGXZdVSr#*wSidDm8=aR5yV+YceP`9P=-l=#dRSVFDoRj*)$+5?7M%@2ei<@poC#>2Y7q(qmAi znT;Mv@4NKxT;4^dW^j>#`NT@`j;X{(O)MD^NP!h81?AaV#xB+hAJ6 zNM@)NfH2j?x*(0tA#t`q$Po<8^VMNVpMZO6%XwMQyzfqWj{>ei$okzJUAmt*m1t195_LV3XMeIp`T2>Wc6dX zWv^Z+>`MG_?Rl=vQJnWt_gSovy~nmxRG11=4=arV5o9ABC8HwNEg?&sF@w56HX*|e z8{|%2852er#?xsOz|ymZ+YQ^|mW?Pdhsp&^4e-IH8U;*X(?QXsLRS>`Yr*mc!l3}E z+J(J%ju)*X*4XbOJZFy;XTX>x6B@=q60j&1oY;kAdrE;J$XDQwFw?lu6Ac)I5GxjP zoD4^e2#K56;t+(2CSjO%GG{V7r@kGn=T2dqHqFEb6GtF%A<9RbVsMPH=%Eo;< zs-&y}ij*(nu79eiV452Q*fAHxxu0MsASbgJf-M42ijV#!J^;bedv#xJ9jZ?<8x4VG z%_eD2GIKm^$(UyGryph#8z^?9+Q~GqWg}O^Hfg}i%W0z@TS3aQN9yWYCcm^4`7i>(hd&T@8hPOalvXfr|w2^4fdr;0A2uZaus zK!G&2Hg3wwapjBn^y;tX{|D{#PuqncZ6zrX*;RxdvX5QwPa#wWoAO3tFskv9GeHa zBodk1+w*PS!`7zMw0X-qtT_QcKET1DwVHy-8!VeAel^V=T)mA#RYdgb<+$8_(S2Z_ z(jQr$u?-{>B#}rjx1twW)>paU1 zTMc9Iv390jYIN-#I?J=M!bcoI_^1iJQqTktim4=$jz`Zb4BdoVV!O8)q9n9JI2I9{ z5f5VfvE=c(8^(A8#6Qm987x8p3@e!Ynex?h-h*mgYWE^N#cVe^*jZ~@uTRQLm3V25 zQut`0@WwPmwoz>Y(Xa$UM-@d-;$Y^`Kg!K_qfA&7ppp;)V=$4|G~dE}?w!uje7 z)`75<5*m4)XJvO3zyKY@AfbJ@bd{xqDBh=Ly{iy#uskmEHsVD6O}Z418zF2Qgs5*N zA^<@iA2etGMo{D&2BD*n5V$0R9^x@tr43mjrsquUgM+cU z8%r4GNSTeh2N=*K#6@Z`MTnr~f&ChfF(2-&8$SVufiki&a(xTz@~7a>in31+xzuv5 zQ@$#B9*OC%;bUcNYC_ew#$9A`vV3tH+xaFQ=+G7rOAi?}S&ER1r2t_|7^qauNX(JU zO^SvhjcOGUrrTjCMhk!-CQ{Z30}{1)t+tCZx^(k44Ch@~&dJXkTP(cLuE^O#r7;vG zEK?OB1ju1#DTv7=solZ11Z!;4b3@0SJkfcrq|8mTNv+Z08ab-fS56x^E+09RU80q; zqPQ>RjXiv48u_Zcau$EMiHA4{kn7NW}lW(m<%CT0NwZ>-j7_OM4?DD z(0R&#HmN+nH$v=~#k5{&M`g69xL!3Vtc^n^c*>9E$p1S>Eq@^?@C$6`Z9u*}A0;rc;8+CmBE z_4-Ld7vuFHasi|_fBO_d$np~xrYaBm&Pb>M`M{LFVFpXdsdJ@sG>fTS!U#M#8XgDX zJHI*m<8#*g$m;sir=!_LNl7L|9`GDQ^h(_r(Ty23`++p3!h{~gc!;2U2*pp^{)6+M z)?wMsNAVn>k_q?(h+`k&w+$GjA{3U5MtPlwnJ+gsO)ShaH8TYP6cCY^tEe?PDpw+t zTE=Nqu(DBfi9}+XqwD!v`;|0407+Z0VvxhkW0ZiWA{Y$l&3o**wq==mHsdtu=Gn1^ zjhi<0-1Nh>y*+uxIsQX%ZVn^74KqO;c*0Xi(MmxyixWXKL_(eDY$x>r)&t-IPgi1z z{Jn+r|!l5%9$S*Qfbq+5XI5 zP>0nu52`2BvGu-D^+ec5BWC1}@IM|E?nHeMgOrkWhge2GTL!Q-ZM4-dDt(^q&SquP znhG!@@E^2(cqZXyVWGn&y5Y;^dc1f)X+O*Up2*wB7!%B;_`Hr9W5 zhs92M%-Q#IpQ^v>nYPs08pX1DFjA|qCnr|eP^ACmCA>Dmaf?byJP#cl%-lIXxan1 zQ$YUag(-nrIk4da2R$2e#Zxi0@NUpZ8EEA zRjMsXW*DWahC!&1WEEymU3D_|h|mJ0DcC0;)w%+q8bgvNbg_P$C8UOaybRMFh6W)L z{rk)pN?jEY>H#{zLP02_`(Kiu$FT>_QBd#$c(6FB7#t;5rYMSNDva7|Y;7fNR$7xX zOk|CTjM|1}GgUJL*kdua8&R^B)RMytWMws^))O_4!n8St#VHJeZu36Y6ZXGDq8@NC zpEL0zsAeG$<=1{A&>wT?6&7zIbFy1S$+z&bCuj%&c%X&k`(NEC zL=>dPk{~xMmsBCqg-&VQwO9DX?^GUOAI^w}fSCxd2|vvU^5uun1Fd@F@A<|%zgDzJ zx+57Tztwfr@s>kVG0t`yN_LqXfiZL?W)lodMTDvjOlhrb(?rZ=rGqtj*K!zZL@-vs zNI=itYtBkCDL$$WK!K721pN&Mz>Z16wD@RX+)ao?0QMwPnNbt&T?|AgVTi!O78rzT zXeNrV=wfe9Xb=z4(~jn3s1S;TY)U9njcR@GA8%YW8q#T1>k$~~vthyTCueLe#JEj6 zhh{n&UsUY#w^>im>WLVeKO9NLx?nM2^pq{~L9-z%zz~u!sHaPazkr*=Dt7e&A%Os~ zx(F}!%)>A(9E5r&@H4_dqy&1zd7}D=d647-`G<-DLa@LVYAKI6O1JFNy69=p`q61v>D-(I4rRAMjyi6^W(!&%Ivb!6M1$Z5`9F)uySN2FIA_p4C zRY?_75K^#nQHx=dCWKW)T9f;phv~9BQsFH>cyV@hWeHRRH0Da^uK}r>`x4qmxUu!442~30u2|~sR zFf6sFEY1$MG@Y|rr;-i_QgxD_bOug?N39e511ik2Buo(#B0~hivlOXSKum~9DF~1# z8efjWM?keMXNqP+f@`-I1cRFjcy3OyJzF6`^s$wKB|MMsngiNUKx}^X1RQZu=k(X` z{u?NVVux!HMNFTdYy^lRg&33|NA86bf5c3T2ifl?0*-y(^F#cHkK;ZzX_iU)-%6_$joM>Q<{8XmnAWkaF!Y2a1z80XF&izDUyiiUVHHVR zVa|fZgi6Iun&hpllx{_s%!V8*0MmW>!y^C{eOJK6C`CQKm*8`~nzqH=zc;Jf8e16KXiZ{@cMr? z>VZRZZzK1WJ$dCtJc-l6Hizk6UnF}(5P#YyMIV_pCWIKRLsLU1k*WNd>9nY5ftec752v-%^L<}1C%Lb1 zL7a7(|6v0Vkuy~YzZc}l!y-o`3}CYiYOd1ev04smZbmI8%`WZ;vniCVJE` zWc8ApC9+oZooN%K@SWY^^+$HQIYUwrWp4^p9I^TaTjaStMT`6uE} zo2%8Zf55+q9^>4NN$1a}oD`?8&^qumazf4Er8Y4t%`20g(8m*A(l{FNCQgj6TL)vNOogCu1s;$8I(c^0i=5fe7?*G+Rg6g1=Ob6 z+z;)Ks)E}VA@cO`bVaHEY5%q#v`!*Mz`kgpZV2)P7m$JPKu672?M5BqdgJns@R~=s zr)5WHiyKqHWZuG&4!TKwtf6!Yf`wu$RSKYWuL>T+zI7iV^WT(v52YUa?HmF#1cx$>e6Pa7ADhSvkA5{ zX`05E#b#qM{Ojtj8?FSBbVeYFKb0M%KHEBlk@oK^m$G_K*Fok)0hq#?f>8eG9~!D3 zKutPSyaTr<|j_(Xkpl(rKj_^i0~i{ND?pJXX^%{QL(Zl&X|q!@4T+&3AVN|AHDDE0 zCVA)bNBIiXk$9ie10YaPbRGvA zxI|8^=kc`N4e2zbC`?$ZAl zA0X!}cKruKm680Ixi+FLslGV+?yn8n8bXj<5mZw^STv{FrH}_6gxU@$1Ud+VLA#q? z4nmPkYI}{T)d3RfW`=!vR*{74GU>v#FPsNahR|yVOr}= z04ZXG$@h|c>snbs;U1EaLXTmh(+{W)Vj_RM9*RBzI67ixh=%$Y3;6@5z!OpG?G*Kq zTmc13mnaA5445V(aE|w>Dr9Q?b}Wf2BKp=Q5BQ~Z)QX%@KT1eo$J@)~Y5BqSe_`%4 zp7Y!SJ=~3-UqXsA(|kql{3DlWT0lMn4GD^vhYmuwIE)<PN_j_lLn7zzwG^rT|3_CkM0KOnFpm9T-gW`w#>?h3i;i~gbf=j+7NRz?itqb`C zACN$KNIVG`kPvqR9wgut>827~B3TkeI|v=1N*&CFp!P!5DJw!r5)9cC??MB`e*#cE z?CIn`ou#FWUf>g#;LYe+2wL z1<4TE4HR4g8lnN<1F#^ULJsPIus%uYPfJHe08=Z-Du<>O^!gAFFGzrdfgfzGpujK; zv7jLdBE-jcviW;}Nr56*l}A3)7ay?zK49XWvhtXK`NQgjI~fH%jCwU8`ko=+@B2ra z?B&0U_7_9u84(g3ZsI!QQk?p+7lKN5rcW65cX#RZ^B;5;oin|ka-{qx=28`=Pg-C= ziJDO8bR!fWy+IIS!hsqU#J(vipoELCUrmf6fArgf=+vKvY%l?)&ZB|+vW@pQk{2gFm z1c8PGQv%%bPuN0^pjBIf4>5%if0q^kW>BCRlngY!_1NntS30ijy0UGKI)v3l`-l?8 z0S9Pwjlclr2&#so2@}tNyhvCep%_?D?u(ekt1L}w%~$DabYNtVP!SBV0#zzR*MX!q zQ@D?03FeIFJ{QxMxiYfXtQAg;(Y)fjgHEB(v6ctHSr1&BU@sc6P zead^>UqJSRFu@>j4l3y}2MHOaGZxilps_JbYL+yMLr5_;X|Y()mTIk~8EI*znr$yU zn8yq4Rre|Rj|AlqaUKK^LnJapL=pPO?0+9FA3^=`K~#jHB0|7K6A-~Nu;KOOBJv^_ z4|%-7M~X0+Mo2iHwSLk0DwO#cqG<%gOi@3algynpBvT(dr_5a@mu1+`IVTvi-t$n| z+gkCYwl61i^{VX?Sz8&Z=6V~RcEw=9z2{jj*{F-iy$)BZd(LwX=Q+0>$u`w&t#gTH z*^_i>(;cF9twx=rX2!5;oa3@IFx4{TaLzfh+EB1`##s!^Y}B;LW*+r;s;b7JS(X`T zYD3FgjLdZGc4X*b!GjKaMHBhuPvh!8jq!j#H29tMr^an+w%e{L?>}njX*w!RT&*@a z(2kurTDAH=2X_#DWeM`0V`_S&N$g7!NK(Q`Jow2W>l8Rp8nuOsTDfIoAyiQLCLZQdzV*?p5|Zz#Qx?i~&^=clj9_`l>8^qO64aJ@HR{^I zqHoCy8E<+H%PZ-Xw1T$byiym7uH^xc+2jdIb%O^-O{V)z$SDS- z8jGVbnoWw4s^>BdI2kvEtVb+FbCV7%Lm{e=)fgI00Dq{GF?5R>9GV(G0l^}oF$Dv8 z;!iq5=5Iu-qOkRWKC_6F`PAeK1?=&S?F>wafdYC9!ZaCUtd@C%!6SLs+I6Q=r2&2| zD@Ihs!2+QJP&Tav*-tMU$jdxtQfjNqnANatYPUO#8oPMs+m9d5hpZ~;bA9I1MSghL zj~fmY(+%FV+DfQ!RKU>w3Xq>)d9R`TOftkDGkS0+O?`mRr>2c7U>>8_2{^*Y;18L# zqfiVQR6S4!QwpQB<*PSX2j~Br{6_e=i4Oe-kzB$%7~`-!8SH>EjUIhj9FwG=?t4Ni ze(|HGT9U^?A9D#Db}nu+oTD zIS-DHcS@-HqYZdQAR2-Wkh(th1tEZrbt^FQ3he_eCXzZ#UD+g^lhHd6fJ`P<%^n0P zF|3+UWbS~H8^GC?7%@m^X)r}nP3Vn=f-qN&H*VA!l0@m4bFhcej1k!ccK%e9%Azdl z5)Z8f^$6aZSrZ#=n8=0oRWf{zc^I}~e$r>2&?m8Bw|tc zHav)7XFLBP(GN_07JUrosQM6de**Uw3q(NPBP7kgYLylh(!(9LJb&; z!KBYKyDOL`%Q6yBC@5>L12lq57NjBtW*=p%TERk+3o5Yhn;GR^{c%7cn~<*n9FVhs4LqX!To~g`Ei|lA*sPnS zKxofNvPE8v5lM)?dBsEy94o}(i4V6RXpUH>?Pw6N5C=E|hcJ1zM({4?TZ0 zLRu|L4ssC!XcHP_g<;jB;XPV=hFFgRe(fFVNeMfW(Y{O&Ls%K`hNEE+88Zz9EL}(2 zq(p`YmI&1{L}af_Bm$~`N|c5&SPY;?U9*&Y`ozAkX<}R9t1S9nYlJ!xCyoTm0g!Qk zVxP#mN<@?^G^mz)6AD9?d2o@m-<_C*Zr9jDK=_><{Wf{0Av29tyo1cg3Min6+&FMD zA`XZkJUh7&V&|djmSDXK0vFUHWb5$cK|4OkfH90Y86?DU4J5G%iOT0vl?qJ~@JY-e zs|w;+Z^Hv-%|?Ri0T37VEL68*G89lTrWM%`3!MmaA>c0w8QgSvjSKHa{)TlXhN%Os zv(1>_oR)^D!lO0atl5S;I~t-ym`VT#bmXeUmrlJX;VFnJrj&w`4&LSue(G3*;7%Mi zia|~hV1+gtCn#~t!vzZg!`@sOwy~zQObhcg)=t>|iJlPx)lOe;WBd)z6rw@#A%#7QZw>NI?yGp>6QcUGWx z|A2|+B6mH8Z zN}KSra#-JDRDu%IGyu&q+i&nf6OW!`NcT3vAsdy~lsAn{mv3s_@zoXGcSXx_brJ}q zfx#m?#|n@ZfQ4zR86exx!ow~Y)+H@1>z0a7&(Iwc~u*Ri&>l1f=In+H32|F`Pl=XYX}*`*xiq1`2z7KKwY zNPn{3Es=5zt%@g7JC4+JOuYm2b)k==_`o6ptyCbiBZ)B4Vl^jH#8BLEuUCU^ggQy< zUp(-z@6zH9*u)@E{ea4#G=u9NrMaLGH7{pE*ir-)Y%WbO6ceO}jJwmvxu0S;WkUM9 zkrq0rWI~G^oQK$Y_GMG6NPQfM)gj-hDPh(uJ_f1o@#t)+&7Vc)#D2%@pNZF)PaGc_ zyX8w}>NTTXg{PLTnpN9uSE;t%V>_5~S{`mu|o-NhfycB2}u;1ue7DGbfr% zf{tzpJdJ$UMJeyf>%!tsF!?Lrci00O1~drki5(TaO_BjaHDa_tD;;HQ{KI^Fbn){xq)|PL@i4-!Z znNd_p2B9M8RLmqKEs$e_N=0;Z;j?JUIaykgLnLnAH1PR1L(KEZ$jw+`wp?=IAbM|^ zntu+es)gE{l4q@#2-HVgKu3+smJwd*vrkir><_kC-?<}GkqenU$0DJ&;lVRGj=-JD zBo~{+%+10w8w?OZ0R_jXaG-N|9S&wmR*Q#v?*`{HdBobxn-qel1u9#gDs{B+njNSw z0-TAYN#2?tpo#kB5dB&BYw{)38kdN30!91B_uQfPpPqC3w8(la5ZDJOyi5W5C6WGx zCf%M%{imb%HN(B_L}o#csW>DucvL@xiw75hNPkUtY_IccG^7wkr+?0Mx=aH@Mne$2 z1W5SEpop;Yrwj5XVxOEm@6hGV`9$-NS@N*TJ9@?l3|0fr@Ah?UIDNlHUnU}0QV0u8 z@YHl$O_^aa%NbJ^uuL@pGaSqMM(g+=cnIYKAy45dW#{mCMS zQ@_hTE8}(Ug%jGkot=$EOZv#gB$`n42Z)6NivYF_YBn~P*^*qpg+`C3>99R%>}o)Q zVj`v_Bp@**CKuq&j+4{x=Ek3dWRpqusqs{Yr9CcL5wfAu%~%>djc7*BG)E9@>awMY zs)qIv^*P}-_`Td82HLlskDrbX>DZT*;62p0z>ES>_2Brr!VM~IuX!xZJsiktzm^&np`^_{&B zWIAbN&UZ~(@yo}K(?VwFTv>~EQkt~Iu0t`hUKtn{V!5OyA%a#V1~!2oxOj5mE4`Rg zTn1QPUcbAuWKMtwj4{K6V^$rF4u{P%!8kCmUYRW|4E-~#&x#}@kTRDbAMF%2dwz;? z1m1^l(?8SNfpyDT#QeA_zS-CUR3wlgl@Ak(=y^K`K2WamMBYl7DU^dOAuK-YzF_>4 z#QZ(ar@Kv%Qevit(SN8r`E_#-^Kt6?aHV|c__z-OVt#f{Y)rLm*lSU(D+%~yVz;nK z>C!*J|8k}hIELr$r?>e}xAs;y+cN$KIytGDyRM6z7*ILXh4Jz3^6Yx}-YJpSWD!|5g-&Ft&1S!@jFZ`LpVag!xhZbopPtgTRku089x@ z(t||q4R`qBvO2>Rn$s;&+Y&&wJ(1bWqXhGx6rG_Cp@k3DrEsIbPSF-hF(%rK zp0ASP8nQX`V3}ejg?$cSnGSC>bStW{K$v6*9wdIh0Ymum56wIzP4dLr{hPJ1wqU74 z>XeMuy;j4o1-N%tSd5hUi&7lO6}QOLM-#D09v!y4nUxjhmSHP zIC6Z`W+tQ5Z(Q%g@6*O!jB(_4Q9}*{Mtp+`;r4TV56eU^tVA|AB#xRG<)g0BLoJHg zoLH80f4As?cm~8kVETn;T?xRs>V>znXjX1hWfD4SY61eaWhsT(UKnb|V$@_I^3bX@ zOjxZ<%OP!Z$itaUjzZ7skg?SSV+oTv*O5;;kL%QMrA zIiXr8OcsR-R*IHPB|}D)^1`|pTSn6;TiGat_i#cuEXv?Sn1xUXnoQMrwGr9kO>|^j z1rrVo=n4pN9gH@xqSaT}Bcc1l*Gs;n!=Og0kg0TXaDu6Z$4VM{5G%C96SGo@WTITO zN@7iouEt!E?}C6Z%=KS{@LY_%GSbT#V;(;kgr^nW+rdtyDe?0O9dS_k993A z{_tcj*a8C0tl5Ri!bmu7#Ja9QxiC1zMjKiZ_Cie2EYP)S7*dS}3JXKs8I}?n?GjqV zKSBVegpwN&o-J(ToRul0N?kC1uM;J8RteEpo~rsfW35p>2Sq%}UwBH133p3paholN z1i<1=YTuE;edSm%zIVXlQhFe1tSppDEyE>*Hal2}EfH!%0k4srBJ2WDvJgOMX;YO# z87A!IQYA#O2w~jK%u1nx3&|>uQ)eveS}ZyxZ0V94S-V77JQd7^HR?i6HKHvj7Kj#L zmH;3%NjoE>7B+OPOEjU4R-!m>qkhf={qbm&RyNoTXv8&n!Cjvu8kw7Nb- zNKpPn9S5xxG~3>%i0os)sUw~+%^bv>?GiIf5=bE>@n!d`Bx@M74Gw#ya`bb1-i-!H zGp%fB&?Y4tjCsniB6{84$9CaR@udk8fY_iAK)t`FtD!-IeLW2$h++;YO%QOyYDB8g zj?|mMLMzjsBX}L*qP!kS9csuk2s}(SHkl`KU3oZmP9A#U6%5ks@%A#R2+AV|Gaq$9 zlp{J)W$0}X?RFDLC4o{$heIg5XO{WZv#rU9Gire3y_m4xB?$zxAgX~em`nqKASbe( z@&~03k)y<{2ZMsI(V^8xi^ng644hAq?_|`SNT{dvr=+G$wJCG5DDvr z8s0cMBZQ+tYE>FF9>uQXnFKWCT%ZUqYb=@~9|Q=LA8hKtqpO_mH6yp+itWF&)5e{8wPu0`;Z|g2K_BX!#Q8m}65Fc+MxhcUDHWykKUXpC4aV^v3&GSJ=d~ScN@wybHkBJzrEanz zTEbT;V{K584gy}82GW>-5;>G-GkD$MXD#j7Cw%j>GfdUAhsKG9tJ2ZoWuG|hUK!Re zGIpC8+n&Aa8a>Z>m|C`KFEJ(tgWdM+6fLBf=NoQsns& zu>xiuAyAJy(}UOdA;T1BI6j9{fSh3uIRhRffi_??W>%Yo2tk<5Cjut|N$-?U_!-C+ zn@0)3(kUD?Ac!DsLt@G#{o;db9F`p&Cmnls?96P%S0jU2BCQxbAbTLb`FcPrcvc#) zm7o-Xu`V2V=vU%Go8Son7*-)XLKUzEq$-Dxs@tuA`G^rffhXKBj|_7S!QgnA?2}JH zd`o{?$H*rUh=$UO1t_A)4{j|CK55*{lFuCi`XXc@Q%f^{aAKnbG{o6$3ia~()^C1XPW@nn};_HZe375Y*EJkL+kG#_tp9l_07fz?rYo+3#dZUMWu9ci1?1OtR( zZ%*Sc8_`xL+#-=r!4KFCniL_O2LT_%R<5N}kyGvw4#$w;POw6rMVcJ-;6drjw5)`YBB=fOkn>897;OXY(w~Gfef1&q(65GiYE}4T zr`?ulzM2*G&vi&|vg%CB>5!g$bt-zqA7&u`J`jH0RpzAov`V&>^vbWcfWOT@(ZTf8 zes+`dG^gLrufA0Lv=6LKCMZ)#5GhF%PuLRQY6sJ@ZFcv#7rI{prX878Y)23RcB+Zw zc=`n*U`b%kb*6V;>pQBo{JG!1n~4`zsB7kY)5h~!eTNTlVXmH%AuF&e@(r|#K3({r zK18VcMW$UsUlNFLz&gXn<> zEnl&wKFTJE!W`Em(F+AmM8=>VR=D<7#l(9w2?QY?#CU5GH6=<^UnXF>0_^eQq~|#8 z9o(|gns+4HjWM!(nbO&+K052hy2;p16XF~pqTXIiLI(;ek~NWFi5Vgi13ajyPrkV9h2WW}32-*QzILURSc??Gi7s~Y+kc*S_tF{R?d#d{7#aK;s?v|`wzb_a*zukTm10a9rqad5`lO|3PShV1JruNUOTWG!gR8D>ngEXj>upV{x5G+!k1jdnQnJB?e($;?}A z_7B@s`mhQm(IHU!s(Q}4#C!?tr%(A|$v*iLV0;V@Ihv9^RH|%;!Xo+UWE+RxAY;Uf zW*Vc{BA@{#Kwz~1f0mqKz+iATki|2V{2#N!B#eVUt0%Uug-V4;s6doN5X1wT{;$%p zs-xBf;6?(GRs<5r!P=exK;D9jq>`3XC50co3E;4@h!CRFPSOc*^kvZU-Y9xDgb;*D z(T7ZVj}8};EQdr;IC8ugenRws`9yCC9>nm*&q$2Ti?PyEG=U?S1=*n_6Ld-ivr4Mf zfW`>Mq|zlGo_NSGH19cxXBxc@OqOtcx#u|x*>zCS1A!(qvyvKe8Yh@Z1#2K4(GX@c@bC(CzD9s4G&F zv?IwC%&BiwDBepDK0Uvdc2zkfsmKmp0%;+J69{r6BrI67QH`c^S58^NYC_7?Vb<=l zDRE%Ld`VR>NdT8{kI*~ZKEEUneXV_d;vk^X6i<5yfWIN$)yP8*LznPTFk`9qcC8;_ zbywOQKE&!ZehOros%W0^`%wFS#QT0xKtuU?sB;IJfOf2~McM&K4`{HAc7U&FF%L+H zdLz(-!@YNrHg|WbiIc%9z!=m`Sx6WcP}F4;kVc@t%Af8RWDf*Wtqf8Ztw|uYh@;v= zpe`SyQq|Nli}XxKm34lMSk!=_Jc`tYMDjHvL&cJ{1&QdIL@IkVW72vDs(KGXN28VW zSz>;vFx6H1nL}A*_fpLLN-%1s$23*?rKMPEu{%<~Q8Fxs4D1zS7wQ_TXBSA!{Z)~& z$x+m5(7#hfp&zK)T>V!|PGt5+u~Nfdm$M|F?TfkbhsX6#p+Zso-}DprPw}675et-Gd7{`%vS_*Ik#KQwdTlF~R^eL%nv%db9Id-ZHbwjFTwC}Rxd0tCQA~C4FGqlbVfp~)f!;UMW(A|QorQ7YB+Wf-(>!W zv@aHxwOVdr5TOSZ5|BzoF#z;mN6-zA>{*GT##po&H5c_&CHL<;$O#fm4Xu?21v5K} zQ@D}G`s_v^ePQ~b{)6$@_4w{n$qOn+<45*S*ssG|3d+@*v4Ge>$N;{7m|wRn<^*qr3UE!BPCRaf zWT9a`z>Owsjg(LLr|6n)kywQYm~(&NKnPToazP!Fx36Q8^c#x*se)s*WFNam0k}_4 zOhXDNRXe0HAt9({Scy_dU?#mufQE(y(;`t!tfEUCnGnU;l4ZnZ8c~KGjLJVaNA{!& z59Vnx6V)%|NDheyl8hJlzIyV9Y|+-8k#-erMTQoPBM0aukHX1Q@|hnyD$27ELt>XYKv4@Oa6|tb!xKH6^w>cGgBlRQkj`* zvjbUd+COZ*ls&=kMT)9*>U`_#tf%dUl0h>@D=QNysct32p_lh!F%El7f7GtqrsQHZ zqG@^3=8UR-G^--~U*<3DYPJ(2DAHzz#toI4*tAT_lWI0p`F+}{7*B5j)g!NfdQXww zLU#5ij7Ue)Sx=<1>S_o-b&>j?cl%3e;DnK^kEZkrbR3FT1(_&ecldU~keQ}T5fc6b^-7WQ9PhEW< zr$&*`bR6e8EVBWhOWdS)vM}>3s99E1A#$X5_B@>&Jf83BhQ?w2M&_Ebvj%3;tY*zW z>Ph`)lz7?yiSW*%FCl-&jC7Ab9FY1a^psh>L=&&=e@6=bi!Oi0iSCZ3p@aTB!blwZ zfpm%1ZpW!qM)Xx6_a5K9)9z$B-TbrMyMw32luvJ*kyc@<43~697^-aDoh+NYWiQ z`8&}&x9=b%>$~irjuPe7z#KPUE2X(5YXTrUf+wh9fPn7~E56!?qxx(gE3luuWR#8K zgG85lTtWh1Y;qI&4@0rx$vnmM3B%|c(S zG?`_l$jOzhD>E}NTH9tO46tiapj7|5g@FWp-;NYXhROM*NqC4C-9rAKU&YDizHkh& z4^^k40Ll$j;e0s=B;U`}4}-ybl{{nDa71#4ug+ljIZnWOWvSSxhQgHf0;KE_4rNLR zHl-7#8j%SXkFo$`T#QnRASS}?avE^}bp$L#LDj@Q8?iBoq@<>EO(M>JaE=@>qo`S= zA)C}8qX?lsl#Nvw+}lWLG??~VkrSq5vwj>;y&=90(ajAi_g<6wsbz^PfkQ`d6G7CY ztdt{J)|P2Daw<&JT=R=Y6eJjNq?V15g0fWrHjs!Jh`$wvIt0;V7%gclwqYnnF+k8o z1644Klbs^K7|JU`5DP^tA`?Q41WF`Yk`hD>%Ik@kLDsO}SGzbCRs&_S2vm?DED{>R zmB|5sQt}PKv*4{G(9b!50L0)W4u%LTjbXN?>8Yv1cx|~V(;1EVR0@?=tFl&UXVivWjLZggIxfxYL(4(XXKqLgn z<0Ux)m~w-7^f3+{P%4xLSt7Afk|3P!(CFgKMlSU@>VTWB zP7aL5H$)STdEOzzeaY6pfQkG(FwXc14}*^xiWK?d7=(KpPzfmq+*PLpSzI0*uV^y4 za*2+zIMKRNG%`)WHl(s5hYX8K3fwv<6z(E;7zIsmmzRDO;KWLl7WT zVId%kE9OYL+$sRZp1!9o{Jm1dVO)6WTTl;>HW4E!AlD@=>H$v*1WKL8!0n<@VLq|Pig|QCPv4pmk zGoug^d;^}yC0ECm2qJScNMNi>Kqn_NprNuqk3PgdlOLYIb5rRGA2I;%I}|_ZC5c8T zm8fJ18DnU+NLgiBnHa3nAsGLgqWx5QpSfi*qiL-S!jl6DAdxZ8ogToIQ`&>Pd!L$p zXhX&ri<8(aJHx_lys`OMpRj^I0}tZwfvH)VWSm4c2p5` x@jqGZ{?pC|zV{15-)?ntK!5*GgWw&2f+m~;RD literal 0 HcmV?d00001 diff --git a/charts/kube-prometheus-stack/charts/crds/templates/_helpers.tpl b/charts/kube-prometheus-stack/charts/crds/templates/_helpers.tpl new file mode 100644 index 0000000..0a7b795 --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/templates/_helpers.tpl @@ -0,0 +1,20 @@ +{{/* Shortened name suffixed with upgrade-crd */}} +{{- define "kube-prometheus-stack.crd.upgradeJob.name" -}} +{{- print (include "kube-prometheus-stack.fullname" .) "-upgrade" -}} +{{- end -}} + +{{- define "kube-prometheus-stack.crd.upgradeJob.labels" -}} +{{- include "kube-prometheus-stack.labels" . }} +app: {{ template "kube-prometheus-stack.name" . }}-operator +app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator +app.kubernetes.io/component: crds-upgrade +{{- end -}} + +{{/* Create the name of crd.upgradeJob service account to use */}} +{{- define "kube-prometheus-stack.crd.upgradeJob.serviceAccountName" -}} +{{- if .Values.upgradeJob.serviceAccount.create -}} + {{ default (include "kube-prometheus-stack.crd.upgradeJob.name" .) .Values.upgradeJob.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.upgradeJob.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/kube-prometheus-stack/charts/crds/templates/upgrade/clusterrole.yaml b/charts/kube-prometheus-stack/charts/crds/templates/upgrade/clusterrole.yaml new file mode 100644 index 0000000..b83e84e --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/templates/upgrade/clusterrole.yaml @@ -0,0 +1,28 @@ +{{- if .Values.upgradeJob.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-prometheus-stack.crd.upgradeJob.name" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "kube-prometheus-stack.crd.upgradeJob.labels" . | nindent 4 }} +rules: + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - create + - patch + - update + - get + - list + resourceNames: + {{- range $path, $_ := $.Files.Glob "crds/*.yaml" }} + - {{ ($.Files.Get $path | fromYaml ).metadata.name }} + {{- end }} +{{- end }} diff --git a/charts/kube-prometheus-stack/charts/crds/templates/upgrade/clusterrolebinding.yaml b/charts/kube-prometheus-stack/charts/crds/templates/upgrade/clusterrolebinding.yaml new file mode 100644 index 0000000..1e8cd83 --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/templates/upgrade/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.upgradeJob.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-prometheus-stack.crd.upgradeJob.name" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-weight": "-3" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "kube-prometheus-stack.crd.upgradeJob.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + namespace: {{ template "kube-prometheus-stack.namespace" . }} + name: {{ template "kube-prometheus-stack.crd.upgradeJob.serviceAccountName" . }} +roleRef: + kind: ClusterRole + name: {{ template "kube-prometheus-stack.crd.upgradeJob.name" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/kube-prometheus-stack/charts/crds/templates/upgrade/crds.yaml b/charts/kube-prometheus-stack/charts/crds/templates/upgrade/crds.yaml new file mode 100644 index 0000000..ca951f3 --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/templates/upgrade/crds.yaml @@ -0,0 +1,15 @@ +{{- if .Values.upgradeJob.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kube-prometheus-stack.crd.upgradeJob.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-weight": "-2" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "kube-prometheus-stack.crd.upgradeJob.labels" . | nindent 4 }} +binaryData: + crds.bz2: {{ .Files.Get "files/crds.bz2" | b64enc }} +{{- end }} diff --git a/charts/kube-prometheus-stack/charts/crds/templates/upgrade/job.yaml b/charts/kube-prometheus-stack/charts/crds/templates/upgrade/job.yaml new file mode 100644 index 0000000..07b2d08 --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/templates/upgrade/job.yaml @@ -0,0 +1,147 @@ +{{- if .Values.upgradeJob.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "kube-prometheus-stack.crd.upgradeJob.name" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-weight": "5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- with .Values.upgradeJob.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kube-prometheus-stack.crd.upgradeJob.labels" . | nindent 4 }} + {{- with .Values.upgradeJob.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + backoffLimit: 3 + template: + metadata: + {{- with .Values.upgradeJob.podLabels }} + labels: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.upgradeJob.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- include "kube-prometheus-stack.imagePullSecrets" . | indent 8 }} + {{- end }} + automountServiceAccountToken: {{ .Values.upgradeJob.automountServiceAccountToken }} + serviceAccountName: {{ include "kube-prometheus-stack.crd.upgradeJob.serviceAccountName" . }} + initContainers: + - name: busybox + {{- $busyboxRegistry := .Values.global.imageRegistry | default .Values.upgradeJob.image.busybox.registry -}} + {{- if .Values.upgradeJob.image.sha }} + image: "{{ $busyboxRegistry }}/{{ .Values.upgradeJob.image.busybox.repository }}:{{ .Values.upgradeJob.image.busybox.tag }}@sha256:{{ .Values.upgradeJob.image.busybox.sha }}" + {{- else }} + image: "{{ $busyboxRegistry }}/{{ .Values.upgradeJob.image.busybox.repository }}:{{ .Values.upgradeJob.image.busybox.tag }}" + {{- end }} + imagePullPolicy: "{{ .Values.upgradeJob.image.busybox.pullPolicy }}" + workingDir: /tmp/ + command: + - sh + args: + - -c + - bzcat /crds/crds.bz2 > /tmp/crds.yaml + {{- with .Values.upgradeJob.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.upgradeJob.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /crds/ + name: crds + - mountPath: /tmp/ + name: tmp + {{- with .Values.upgradeJob.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.upgradeJob.env }} + env: + {{- range $key, $value := . }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + containers: + - name: kubectl + {{- $kubectlRegistry := .Values.global.imageRegistry | default .Values.upgradeJob.image.kubectl.registry -}} + {{- $defaultKubernetesVersion := (ternary (printf "%s.0" .Capabilities.KubeVersion.Version) (regexFind "v\\d+\\.\\d+\\.\\d+" .Capabilities.KubeVersion.Version) (regexMatch "^v\\d+\\.\\d+$" .Capabilities.KubeVersion.Version)) -}} + {{- if .Values.upgradeJob.image.kubectl.sha }} + image: "{{ $kubectlRegistry }}/{{ .Values.upgradeJob.image.kubectl.repository }}:{{ .Values.upgradeJob.image.kubectl.tag | default $defaultKubernetesVersion }}@sha256:{{ .Values.upgradeJob.image.kubectl.sha }}" + {{- else }} + image: "{{ $kubectlRegistry }}/{{ .Values.upgradeJob.image.kubectl.repository }}:{{ .Values.upgradeJob.image.kubectl.tag | default $defaultKubernetesVersion }}" + {{- end }} + imagePullPolicy: "{{ .Values.upgradeJob.image.kubectl.pullPolicy }}" + command: + - kubectl + args: + - apply + - --server-side + {{- if .Values.upgradeJob.forceConflicts }} + - --force-conflicts + {{- end }} + - --filename + - /tmp/crds.yaml + {{- with .Values.upgradeJob.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.upgradeJob.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /tmp/ + name: tmp + {{- with .Values.upgradeJob.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.upgradeJob.env }} + env: + {{- range $key, $value := . }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + volumes: + - name: tmp + emptyDir: {} + - name: crds + configMap: + name: {{ template "kube-prometheus-stack.crd.upgradeJob.name" . }} + {{- with .Values.upgradeJob.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + restartPolicy: OnFailure + {{- with .Values.upgradeJob.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.upgradeJob.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.upgradeJob.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.upgradeJob.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.upgradeJob.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/kube-prometheus-stack/charts/crds/templates/upgrade/serviceaccount.yaml b/charts/kube-prometheus-stack/charts/crds/templates/upgrade/serviceaccount.yaml new file mode 100644 index 0000000..30810d5 --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/templates/upgrade/serviceaccount.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.upgradeJob.enabled .Values.upgradeJob.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.upgradeJob.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "kube-prometheus-stack.crd.upgradeJob.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-weight": "-4" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- with .Values.upgradeJob.serviceAccount.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kube-prometheus-stack.crd.upgradeJob.labels" . | nindent 4 }} + {{- with .Values.upgradeJob.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/kube-prometheus-stack/charts/crds/values.yaml b/charts/kube-prometheus-stack/charts/crds/values.yaml new file mode 100644 index 0000000..6de4baa --- /dev/null +++ b/charts/kube-prometheus-stack/charts/crds/values.yaml @@ -0,0 +1,4 @@ +## Check out kube-prometheus-stack/values.yaml for more information +## on this parameter +upgradeJob: + enabled: false diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/.helmignore b/charts/kube-prometheus-stack/charts/grafana/.helmignore similarity index 89% rename from charts/rancher-monitoring/charts/kubeAdmControllerManager/.helmignore rename to charts/kube-prometheus-stack/charts/grafana/.helmignore index 0e8a0eb..0624330 100644 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/.helmignore +++ b/charts/kube-prometheus-stack/charts/grafana/.helmignore @@ -21,3 +21,7 @@ .idea/ *.tmproj .vscode/ +# Helm plugin tooling +ci/ +tests/ +*.gotmpl diff --git a/charts/rancher-monitoring/charts/grafana/Chart.yaml b/charts/kube-prometheus-stack/charts/grafana/Chart.yaml similarity index 56% rename from charts/rancher-monitoring/charts/grafana/Chart.yaml rename to charts/kube-prometheus-stack/charts/grafana/Chart.yaml index f19407b..ac7a170 100644 --- a/charts/rancher-monitoring/charts/grafana/Chart.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/Chart.yaml @@ -2,34 +2,28 @@ annotations: artifacthub.io/license: Apache-2.0 artifacthub.io/links: | - name: Chart Source - url: https://github.com/grafana/helm-charts + url: https://github.com/grafana-community/helm-charts - name: Upstream Project url: https://github.com/grafana/grafana apiVersion: v2 -appVersion: 11.5.2 +appVersion: 12.4.3 description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.com icon: https://artifacthub.io/image/b4fed1a7-6c8f-4945-b99d-096efa3e4116 keywords: - monitoring - metric -kubeVersion: ^1.8.0-0 +kubeVersion: ^1.25.0-0 maintainers: -- email: zanhsieh@gmail.com - name: zanhsieh -- email: rluckie@cisco.com - name: rtluckie -- email: maor.friedman@redhat.com - name: maorfr -- email: miroslav.hadzhiev@gmail.com - name: Xtigyro -- email: mail@torstenwalter.de - name: torstenwalter - email: github@jkroepke.de - name: jkroepke + name: Jan-Otto Kröpke + url: https://github.com/jkroepke +- email: quentin.bisson@gmail.com + name: Quentin Bisson + url: https://github.com/QuentinBisson name: grafana sources: - https://github.com/grafana/grafana -- https://github.com/grafana/helm-charts +- https://github.com/grafana-community/helm-charts type: application -version: 8.10.4 +version: 11.6.1 diff --git a/charts/kube-prometheus-stack/charts/grafana/README.md b/charts/kube-prometheus-stack/charts/grafana/README.md new file mode 100644 index 0000000..fe826d9 --- /dev/null +++ b/charts/kube-prometheus-stack/charts/grafana/README.md @@ -0,0 +1,583 @@ +# Grafana Helm Chart + +The leading tool for querying and visualizing time series and metrics. + +## Source Code + +* + +## Requirements + +Kubernetes: `^1.25.0-0` + +## Installing the Chart + +### OCI Registry + +OCI registries are preferred in Helm as they implement unified storage, distribution, and improved security. + +```console +helm install RELEASE-NAME oci://ghcr.io/grafana-community/helm-charts/grafana +``` + +### HTTP Registry + +```console +helm repo add grafana-community https://grafana-community.github.io/helm-charts +helm repo update +helm install RELEASE-NAME grafana-community/grafana +``` + +## Uninstalling the Chart + +To remove all of the Kubernetes objects associated with the Helm chart release: + +```console +helm delete RELEASE-NAME +``` + +## Changelog + +See the [changelog](https://grafana-community.github.io/helm-charts/changelog/?chart=grafana). + +--- + +## Upgrading + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an +incompatible breaking change needing manual actions. + +### To 4.0.0 (And 3.12.1) + +This version requires Helm >= 2.12.0. + +### To 5.0.0 + +You have to add --force to your helm upgrade command as the labels of the chart have changed. + +### To 6.0.0 + +This version requires Helm >= 3.1.0. + +### To 7.0.0 + +For consistency with other Helm charts, the `global.image.registry` parameter was renamed +to `global.imageRegistry`. If you were not previously setting `global.image.registry`, no action +is required on upgrade. If you were previously setting `global.image.registry`, you will +need to instead set `global.imageRegistry`. + +### To 10.0.0 + +Static alerting resources now support Helm templating. This means that alerting resources loaded from external files (`alerting.*.files`) are now processed by the Helm template engine. + +If you already use template expressions intended for Alertmanager (for example, `{{ $labels.instance }}`), these must now be escaped to avoid unintended Helm or Go template evaluation. To escape them, wrap the braces with an extra layer like this: + +`{{ "{{" }} $labels.instance {{ "}}" }}` + +This ensures the expressions are preserved for Alertmanager instead of being rendered by Helm. + +### To 11.0.0 + +The minimum required Kubernetes version is now 1.25. All references to deprecated APIs have been removed. + +## Configuration + +### Example ingress with path + +With grafana 6.3 and above + +```yaml +grafana.ini: + server: + domain: monitoring.example.com + root_url: "%(protocol)s://%(domain)s/grafana" + serve_from_sub_path: true +ingress: + enabled: true + hosts: + - "monitoring.example.com" + path: "/grafana" +``` + +### Example of extraVolumeMounts and extraVolumes + +Configure additional volumes with `extraVolumes` and volume mounts with `extraVolumeMounts`. + +Example for `extraVolumeMounts` and corresponding `extraVolumes`: + +```yaml +extraVolumeMounts: + - name: plugins + mountPath: /var/lib/grafana/plugins + subPath: configs/grafana/plugins + readOnly: false + - name: dashboards + mountPath: /var/lib/grafana/dashboards + hostPath: /usr/shared/grafana/dashboards + readOnly: false + +extraVolumes: + - name: plugins + existingClaim: existing-grafana-claim + - name: dashboards + hostPath: /usr/shared/grafana/dashboards +``` + +Volumes default to `emptyDir`. Set to `persistentVolumeClaim`, +`hostPath`, `csi`, or `configMap` for other types. For a +`persistentVolumeClaim`, specify an existing claim name with +`existingClaim`. + +## Import dashboards + +There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method: + +```yaml +dashboards: + default: + some-dashboard: + json: | + { + "annotations": + + ... + # Complete json file here + ... + + "title": "Some Dashboard", + "uid": "abcd1234", + "version": 1 + } + custom-dashboard: + # This is a path to a file inside the dashboards directory inside the chart directory + file: dashboards/custom-dashboard.json + prometheus-stats: + # Ref: https://grafana.com/dashboards/2 + # title: My Custom Title # optional; when set for a downloaded dashboard (gnetId or url), overrides the title displayed in Grafana + gnetId: 2 + revision: 2 + datasource: Prometheus + loki-dashboard-quick-search: + gnetId: 12019 + revision: 2 + datasource: + - name: DS_PROMETHEUS + value: Prometheus + - name: DS_LOKI + value: Loki + local-dashboard: + url: https://github.com/cloudnative-pg/grafana-dashboards/blob/main/charts/cluster/grafana-dashboard.json + # redirects to: + # https://raw.githubusercontent.com/cloudnative-pg/grafana-dashboards/refs/heads/main/charts/cluster/grafana-dashboard.json + + # default: -skf + # -s - silent mode + # -k - allow insecure (eg: non-TLS) connections + # -f - fail fast + # -L - follow HTTP redirects + curlOptions: -Lf +``` + +## BASE64 dashboards + +Dashboards could be stored on a server that does not return JSON directly and instead of it returns a base64 encoded file (e.g. Gerrit) +A new parameter has been added to the URL use case so if you specify a b64content value equals to true after the URL entry a base64 decoding is applied before save the file to disk. +If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk. + +### Gerrit use case + +Gerrit API for download files has the following schema: where {project-name} and +{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repository, branch-id is master and file-id is equals to dir1/dir2/dashboard +the URL value is + +## Sidecar for dashboards + +If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana +pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with +a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written +to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported +dashboards are deleted/updated. + +A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside +one configmap is currently not properly mirrored in grafana. + +Example dashboard config: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: sample-grafana-dashboard + labels: + grafana_dashboard: "1" +data: + k8s-dashboard.json: |- + [...] +``` + +## Sidecar for datasources + +If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana +pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and +filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in +those secrets are written to a folder and accessed by grafana on startup. Using these YAML files, +the data sources in grafana can be imported. + +Should you aim for reloading datasources in Grafana each time the config is changed, set `sidecar.datasources.skipReload: false` and adjust `sidecar.datasources.reloadURL` to `http://..svc.cluster.local/api/admin/provisioning/datasources/reload`. + +Secrets are recommended over configmaps for this usecase because datasources usually contain private +data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those. + +Example values to add a postgres datasource as a kubernetes secret: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: grafana-datasources + labels: + grafana_datasource: 'true' # default value for: sidecar.datasources.label +stringData: + pg-db.yaml: |- + apiVersion: 1 + datasources: + - name: My pg db datasource + type: postgres + url: my-postgresql-db:5432 + user: db-readonly-user + secureJsonData: + password: 'SUperSEcretPa$$word' + jsonData: + database: my_datase + sslmode: 'disable' # disable/require/verify-ca/verify-full + maxOpenConns: 0 # Grafana v5.4+ + maxIdleConns: 2 # Grafana v5.4+ + connMaxLifetime: 14400 # Grafana v5.4+ + postgresVersion: 1000 # 903=9.3, 904=9.4, 905=9.5, 906=9.6, 1000=10 + timescaledb: false + # allow users to edit datasources from the UI. + editable: false +``` + +Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): + +```yaml +datasources: + datasources.yaml: + apiVersion: 1 + datasources: + # name of the datasource. Required + - name: Graphite + # datasource type. Required + type: graphite + # access mode. proxy or direct (Server or Browser in the UI). Required + access: proxy + # org id. will default to orgId 1 if not specified + orgId: 1 + # url + url: http://localhost:8080 + # database password, if used + password: + # database user, if used + user: + # database name, if used + database: + # enable/disable basic auth + basicAuth: + # basic auth username + basicAuthUser: + # basic auth password + basicAuthPassword: + # enable/disable with credentials headers + withCredentials: + # mark as default datasource. Max one per org + isDefault: + # fields that will be converted to json and stored in json_data + jsonData: + graphiteVersion: "1.1" + tlsAuth: true + tlsAuthWithCACert: true + # json object of data that will be encrypted. + secureJsonData: + tlsCACert: "..." + tlsClientCert: "..." + tlsClientKey: "..." + version: 1 + # allow users to edit datasources from the UI. + editable: false +``` + +## Sidecar for notifiers + +If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana +pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and +filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in +those secrets are written to a folder and accessed by grafana on startup. Using these YAML files, +the notification channels in grafana can be imported. The secrets must be created before +`helm install` so that the notifiers init container can list the secrets. + +Secrets are recommended over configmaps for this usecase because alert notification channels usually contain +private data like SMTP usernames and passwords. Secrets are the more appropriate cluster resource to manage those. + +Example datasource config adapted from [Grafana](https://grafana.com/docs/grafana/latest/administration/provisioning/#alert-notification-channels): + +```yaml +notifiers: + - name: notification-channel-1 + type: slack + uid: notifier1 + # either + org_id: 2 + # or + org_name: Main Org. + is_default: true + send_reminder: true + frequency: 1h + disable_resolve_message: false + # See `Supported Settings` section for settings supporter for each + # alert notification type. + settings: + recipient: 'XXX' + token: 'xoxb' + uploadImage: true + url: https://slack.com + +delete_notifiers: + - name: notification-channel-1 + uid: notifier1 + org_id: 2 + - name: notification-channel-2 + # default org_id: 1 +``` + +## Sidecar for alerting resources + +If the parameter `sidecar.alerts.enabled` is set, a sidecar container is deployed in the grafana +pod. This container watches all configmaps (or secrets) in the cluster (namespace defined by `sidecar.alerts.searchNamespace`) and filters out the ones with +a label as defined in `sidecar.alerts.label` (default is `grafana_alert`). The files defined in those configmaps are written +to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported alerting resources are updated, however, deletions are a little more complicated (see below). + +This sidecar can be used to provision alert rules, contact points, notification policies, notification templates and mute timings as shown in [Grafana Documentation](https://grafana.com/docs/grafana/next/alerting/set-up/provision-alerting-resources/file-provisioning/). + +To fetch the alert config which will be provisioned, use the alert provisioning API ([Grafana Documentation](https://grafana.com/docs/grafana/next/developers/http_api/alerting_provisioning/)). +You can use either JSON or YAML format. + +Example config for an alert rule: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: sample-grafana-alert + labels: + grafana_alert: "1" +data: + k8s-alert.yml: |- + apiVersion: 1 + groups: + - orgId: 1 + name: k8s-alert + [...] +``` + +To delete provisioned alert rules is a two step process, you need to delete the configmap which defined the alert rule +and then create a configuration which deletes the alert rule. + +Example deletion configuration: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: delete-sample-grafana-alert + namespace: monitoring + labels: + grafana_alert: "1" +data: + delete-k8s-alert.yml: |- + apiVersion: 1 + deleteRules: + - orgId: 1 + uid: 16624780-6564-45dc-825c-8bded4ad92d3 +``` + +## Statically provision alerting resources + +If you don't need to change alerting resources (alert rules, contact points, notification policies and notification templates) regularly you could use the `alerting` config option instead of the sidecar option above. +This will grab the alerting config and apply it statically at build time for the helm file. + +There are two methods to statically provision alerting configuration in Grafana. Below are some examples and explanations as to how to use each method: + +```yaml +alerting: + team1-alert-rules.yaml: + file: alerting/team1/rules.yaml + team2-alert-rules.yaml: + file: alerting/team2/rules.yaml + team3-alert-rules.yaml: + file: alerting/team3/rules.yaml + notification-policies.yaml: + file: alerting/shared/notification-policies.yaml + notification-templates.yaml: + file: alerting/shared/notification-templates.yaml + contactpoints.yaml: + apiVersion: 1 + contactPoints: + - orgId: 1 + name: Slack channel + receivers: + - uid: default-receiver + type: slack + settings: + # Webhook URL to be filled in + url: "" + # We need to escape double curly braces for the tpl function. + text: '{{ `{{ template "default.message" . }}` }}' + title: '{{ `{{ template "default.title" . }}` }}' +``` + +The two possibilities for static alerting resource provisioning are: + +* Inlining the file contents as shown for contact points in the above example. +* Importing a file using a relative path starting from the chart root directory as shown for the alert rules in the above example. + +### Important notes on file provisioning + +* The format of the files is defined in the [Grafana documentation](https://grafana.com/docs/grafana/next/alerting/set-up/provision-alerting-resources/file-provisioning/) on file provisioning. +* The chart supports importing YAML and JSON files. +* The filename must be unique, otherwise one volume mount will overwrite the other. +* Alerting configurations support Helm templating. Double curly braces that arise from the Grafana configuration format and are not intended as templates for the chart must be escaped. +* The number of total files under `alerting:` is not limited. Each file will end up as a volume mount in the corresponding provisioning folder of the deployed Grafana instance. +* The file size for each import is limited by what the function `.Files.Get` can handle, which suffices for most cases. + +## How to serve Grafana with a path prefix (/grafana) + +In order to serve Grafana with a prefix (e.g., ), add the following to your values.yaml. + +```yaml +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/rewrite-target: /$1 + nginx.ingress.kubernetes.io/use-regex: "true" + + path: /grafana/?(.*) + hosts: + - k8s.example.dev + +grafana.ini: + server: + root_url: http://localhost:3000/grafana # this host can be localhost +``` + +## How to securely reference secrets in grafana.ini + +This example uses Grafana [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets. + +In grafana.ini: + +```yaml +grafana.ini: + [auth.generic_oauth] + enabled = true + client_id = $__file{/etc/secrets/auth_generic_oauth/client_id} + client_secret = $__file{/etc/secrets/auth_generic_oauth/client_secret} +``` + +Existing secret, or created along with helm: + +```yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: auth-generic-oauth-secret +type: Opaque +stringData: + client_id: + client_secret: +``` + +Include in the `extraSecretMounts` configuration flag: + +```yaml +extraSecretMounts: + - name: auth-generic-oauth-secret-mount + secretName: auth-generic-oauth-secret + defaultMode: 0440 + mountPath: /etc/secrets/auth_generic_oauth + readOnly: true +``` + +### extraSecretMounts using a Container Storage Interface (CSI) provider + +This example uses a CSI driver e.g. retrieving secrets using [Azure Key Vault Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure) + +```yaml +extraSecretMounts: + - name: secrets-store-inline + mountPath: /run/secrets + readOnly: true + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: "my-provider" + nodePublishSecretRef: + name: akv-creds +``` + +## Image Renderer Plug-In + +This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/README.md#run-in-docker) + +```yaml +imageRenderer: + enabled: true +``` + +### Image Renderer NetworkPolicy + +By default the image-renderer pods will have a network policy which only allows ingress traffic from the created grafana instance + +### High Availability for unified alerting + +If you want to run Grafana in a high availability cluster you need to enable +the headless service by setting `headlessService: true` in your `values.yaml` +file. + +As next step you have to setup the `grafana.ini` in your `values.yaml` in a way +that it will make use of the headless service to obtain all the IPs of the +cluster. For example, use ``{{ .Release.Name }}`` to refer to the Helm release name in your values. + +```yaml +grafana.ini: + ... + unified_alerting: + enabled: true + ha_peers: {{ .Release.Name }}-headless:9094 + ha_listen_address: ${POD_IP}:9094 + ha_advertise_address: ${POD_IP}:9094 + rule_version_record_limit: "5" + + alerting: + enabled: false +``` + +### Installing plugins + +If you want to install a Grafana plugin using the helm chart, you can do so by using the identifier of the plugin, for example `digirich-bubblechart-panel` will install [Bubble Chart](https://grafana.com/grafana/plugins/digrich-bubblechart-panel/). + +You can also install a plugin and a specific version by specifying the version and URL of the download file as shown in the example below : + +```yaml +plugins: + - digrich-bubblechart-panel + - grafana-clock-panel + ## You can also use other plugin download URL, as long as they are valid zip files, + ## and specify the name of the plugin as prefix, with an version. Like this: + # - marcusolsson-json-datasource@1.3.24@https://grafana.com/api/plugins/marcusolsson-json-datasource/versions/1.3.24/download +``` + +Generic documentation about plugins can be found in the [official documentation](https://grafana.com/docs/grafana/latest/administration/plugin-management/). diff --git a/charts/rancher-monitoring/charts/grafana/dashboards/custom-dashboard.json b/charts/kube-prometheus-stack/charts/grafana/dashboards/custom-dashboard.json similarity index 100% rename from charts/rancher-monitoring/charts/grafana/dashboards/custom-dashboard.json rename to charts/kube-prometheus-stack/charts/grafana/dashboards/custom-dashboard.json diff --git a/charts/rancher-monitoring/charts/grafana/templates/NOTES.txt b/charts/kube-prometheus-stack/charts/grafana/templates/NOTES.txt similarity index 100% rename from charts/rancher-monitoring/charts/grafana/templates/NOTES.txt rename to charts/kube-prometheus-stack/charts/grafana/templates/NOTES.txt diff --git a/charts/rancher-monitoring/charts/grafana/templates/_config.tpl b/charts/kube-prometheus-stack/charts/grafana/templates/_config.tpl similarity index 89% rename from charts/rancher-monitoring/charts/grafana/templates/_config.tpl rename to charts/kube-prometheus-stack/charts/grafana/templates/_config.tpl index 8897620..a318199 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/_config.tpl +++ b/charts/kube-prometheus-stack/charts/grafana/templates/_config.tpl @@ -55,8 +55,8 @@ grafana.ini: | {{- range $key, $value := .Values.alerting }} {{- if (hasKey $value "file") }} -{{ $key }}: -{{- toYaml ( $files.Get $value.file ) | nindent 2 }} +{{ $key }}: | +{{- tpl ($files.Get $value.file) $root | nindent 2 }} {{- else if (or (hasKey $value "secret") (hasKey $value "secretFile"))}} {{/* will be stored inside secret generated by "configSecret.yaml"*/}} {{- else }} @@ -85,7 +85,7 @@ download_dashboards.sh: | {{- range $provider, $dashboards := .Values.dashboards }} {{- range $key, $value := $dashboards }} {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} - curl -skf \ + curl {{ get $value "curlOptions" | default $.Values.defaultCurlOptions }} \ --connect-timeout 60 \ --max-time 60 \ {{- if not $value.b64content }} @@ -125,13 +125,21 @@ download_dashboards.sh: | {{- end }} {{- if kindIs "slice" $value.datasource }} {{- range $value.datasource }} - | sed '/-- .* --/! s/${{"{"}}{{ .name }}}/{{ .value }}/g' \ + | sed -E '/-- .* --/! s/\$\{{"{"}}?{{ .name }}\}?/{{ .value }}/g' \ {{- end }} {{- end }} {{- end }} {{- if $value.b64content }} | base64 -d \ {{- end }} + {{- /* + Overrides original title with a custom title. + Deterministic search as title is generally indented with 2 spaces, 4 spaces or a tab. + Escape characters that may be wrongly interpreted by sed: backslash (\), double backslash (\\), and ampersand (&). + */}} + {{- if $value.title }} + | sed -E '/^(\t| | )"title":/ s#"title": *"[^"]*"#"title": "{{ $value.title | replace "\\" "\\\\" | replace "\"" "\\\"" | replace "&" "\\&" }}"#' \ + {{- end }} > "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json" {{ end }} {{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/_helpers.tpl b/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl similarity index 70% rename from charts/rancher-monitoring/charts/grafana/templates/_helpers.tpl rename to charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl index 671058e..30322c7 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/_helpers.tpl +++ b/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl @@ -1,32 +1,3 @@ -# Rancher -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. @@ -94,14 +65,8 @@ Allow the release namespace to be overridden for multi-namespace deployments in Common labels */}} {{- define "grafana.labels" -}} -app.kubernetes.io/component: {{ include "grafana.name" . }} -app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "grafana.chart" . }} -chart: {{ include "grafana.chart" . }} -release: {{ $.Release.Name | quote }} -heritage: {{ $.Release.Service | quote }} {{ include "grafana.selectorLabels" . }} -app.kubernetes.io/part-of: {{ template "kube-prometheus-stack.name" . }} {{- if or .Chart.AppVersion .Values.image.tag }} app.kubernetes.io/version: {{ mustRegexReplaceAllLiteral "@sha.*" .Values.image.tag "" | default .Chart.AppVersion | trunc 63 | trimSuffix "-" | quote }} {{- end }} @@ -118,6 +83,15 @@ app.kubernetes.io/name: {{ include "grafana.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} +{{/* +Create a fully qualified name for image-renderer resources. +We truncate at 47 chars to reserve space for the longest suffix (-image-renderer, 16 chars) +so the Service name stays within the 63-char DNS label limit. +*/}} +{{- define "grafana.imageRenderer.fullname" -}} +{{- include "grafana.fullname" . | trunc 47 | trimSuffix "-" }} +{{- end }} + {{/* Common labels */}} @@ -150,74 +124,17 @@ new password and use it. {{- end }} {{- end }} -{{/* -Return the appropriate apiVersion for rbac. -*/}} -{{- define "grafana.rbac.apiVersion" -}} -{{- if $.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} -{{- print "rbac.authorization.k8s.io/v1" }} -{{- else }} -{{- print "rbac.authorization.k8s.io/v1beta1" }} -{{- end }} -{{- end }} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "grafana.ingress.apiVersion" -}} -{{- if and ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version) }} -{{- print "networking.k8s.io/v1" }} -{{- else if $.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -{{- print "networking.k8s.io/v1beta1" }} -{{- else }} -{{- print "extensions/v1beta1" }} -{{- end }} -{{- end }} - {{/* Return the appropriate apiVersion for Horizontal Pod Autoscaler. */}} {{- define "grafana.hpa.apiVersion" -}} -{{- if .Capabilities.APIVersions.Has "autoscaling/v2" }} -{{- print "autoscaling/v2" }} -{{- else }} -{{- print "autoscaling/v2beta2" }} -{{- end }} -{{- end }} - -{{/* -Return the appropriate apiVersion for podDisruptionBudget. -*/}} -{{- define "grafana.podDisruptionBudget.apiVersion" -}} -{{- if $.Values.podDisruptionBudget.apiVersion }} -{{- print $.Values.podDisruptionBudget.apiVersion }} -{{- else if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -{{- print "policy/v1" }} +{{- if .Capabilities.APIVersions.Has "autoscaling/v2" }} +{{- print "autoscaling/v2" }} {{- else }} -{{- print "policy/v1beta1" }} +{{- print "autoscaling/v2beta2" }} {{- end }} {{- end }} -{{/* -Return if ingress is stable. -*/}} -{{- define "grafana.ingress.isStable" -}} -{{- eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1" }} -{{- end }} - -{{/* -Return if ingress supports ingressClassName. -*/}} -{{- define "grafana.ingress.supportsIngressClassName" -}} -{{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) }} -{{- end }} - -{{/* -Return if ingress supports pathType. -*/}} -{{- define "grafana.ingress.supportsPathType" -}} -{{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) }} -{{- end }} {{/* Formats imagePullSecrets. Input is (dict "root" . "imagePullSecrets" .{specific imagePullSecrets}) @@ -307,3 +224,67 @@ sensitiveKeys: {{- end -}} {{- end -}} {{- end -}} + +{{/* + Sidecars health port + */}} + +{{/* + Give health port for alerts sidecar + */}} +{{- define "grafana.sidecar.alerts.healthPort" -}} +{{- $healthPort := 8081 -}} +{{- if hasKey .Values.sidecar.alerts "startupProbe" -}} + {{- if hasKey .Values.sidecar.alerts.startupProbe "httpGet" -}} + {{- if hasKey .Values.sidecar.alerts.startupProbe.httpGet "port" -}} + {{- $healthPort = .Values.sidecar.alerts.startupProbe.httpGet.port -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- $healthPort | quote -}} +{{- end -}} + +{{/* + Give health port for datasources sidecar + */}} +{{- define "grafana.sidecar.datasources.healthPort" -}} +{{- $healthPort := 8082 -}} +{{- if hasKey .Values.sidecar.datasources "startupProbe" -}} + {{- if hasKey .Values.sidecar.datasources.startupProbe "httpGet" -}} + {{- if hasKey .Values.sidecar.datasources.startupProbe.httpGet "port" -}} + {{- $healthPort = .Values.sidecar.datasources.startupProbe.httpGet.port -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- $healthPort | quote -}} +{{- end -}} + +{{/* + Give health port for notifiers sidecar + */}} +{{- define "grafana.sidecar.notifiers.healthPort" -}} +{{- $healthPort := 8083 -}} +{{- if hasKey .Values.sidecar.notifiers "startupProbe" -}} + {{- if hasKey .Values.sidecar.notifiers.startupProbe "httpGet" -}} + {{- if hasKey .Values.sidecar.notifiers.startupProbe.httpGet "port" -}} + {{- $healthPort = .Values.sidecar.notifiers.startupProbe.httpGet.port -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- $healthPort | quote -}} +{{- end -}} + +{{/* + Give health port for dashboards sidecar + */}} +{{- define "grafana.sidecar.dashboards.healthPort" -}} +{{- $healthPort := 8084 -}} +{{- if hasKey .Values.sidecar.dashboards "startupProbe" -}} + {{- if hasKey .Values.sidecar.dashboards.startupProbe "httpGet" -}} + {{- if hasKey .Values.sidecar.dashboards.startupProbe.httpGet "port" -}} + {{- $healthPort = .Values.sidecar.dashboards.startupProbe.httpGet.port -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- $healthPort | quote -}} +{{- end -}} diff --git a/charts/rancher-monitoring/charts/grafana/templates/_pod.tpl b/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl similarity index 70% rename from charts/rancher-monitoring/charts/grafana/templates/_pod.tpl rename to charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl index 01c147c..de204db 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/_pod.tpl +++ b/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl @@ -7,6 +7,9 @@ schedulerName: "{{ . }}" serviceAccountName: {{ include "grafana.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} shareProcessNamespace: {{ .Values.shareProcessNamespace }} +{{- if kindIs "bool" .Values.hostUsers }} +hostUsers: {{ .Values.hostUsers }} +{{- end }} {{- with .Values.securityContext }} securityContext: {{- toYaml . | nindent 2 }} @@ -25,16 +28,22 @@ dnsConfig: {{- with .Values.priorityClassName }} priorityClassName: {{ . }} {{- end }} -{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.extraInitContainers (and .Values.sidecar.alerts.enabled .Values.sidecar.alerts.initAlerts) (and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources) (and .Values.sidecar.notifiers.enabled .Values.sidecar.notifiers.initNotifiers)) }} +{{- if ( or (and .Values.persistence.enabled .Values.initChownData.enabled) + .Values.dashboards + .Values.extraInitContainers + (and .Values.sidecar.alerts.enabled .Values.sidecar.alerts.initAlerts) + (and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources) + (and .Values.sidecar.notifiers.enabled .Values.sidecar.notifiers.initNotifiers) + (and .Values.sidecar.dashboards.enabled .Values.sidecar.dashboards.initDashboards)) }} initContainers: {{- end }} {{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }} - name: init-chown-data - {{- $registry := include "system_default_registry" . | default .Values.initChownData.image.registry -}} + {{- $registry := .Values.global.imageRegistry | default .Values.initChownData.image.registry -}} {{- if .Values.initChownData.image.sha }} - image: "{{ $registry }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}" + image: "{{ $registry }}/{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}" {{- else }} - image: "{{ $registry }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}" + image: "{{ $registry }}/{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}" {{- end }} imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }} {{- with .Values.initChownData.securityContext }} @@ -59,11 +68,11 @@ initContainers: {{- end }} {{- if .Values.dashboards }} - name: download-dashboards - {{- $registry := include "system_default_registry" . | default .Values.downloadDashboardsImage.registry -}} + {{- $registry := .Values.global.imageRegistry | default .Values.downloadDashboardsImage.registry -}} {{- if .Values.downloadDashboardsImage.sha }} - image: "{{ $registry }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}" + image: "{{ $registry }}/{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}" {{- else }} - image: "{{ $registry }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}" + image: "{{ $registry }}/{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}" {{- end }} imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }} command: ["/bin/sh"] @@ -108,29 +117,52 @@ initContainers: {{- end }} {{- if and .Values.sidecar.alerts.enabled .Values.sidecar.alerts.initAlerts }} - name: {{ include "grafana.name" . }}-init-sc-alerts - {{- $registry := include "system_default_registry" . | default .Values.sidecar.image.registry -}} + {{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}} {{- if .Values.sidecar.image.sha }} - image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" {{- else }} - image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" {{- end }} imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + {{- if .Values.sidecar.alerts.restartPolicy }} + restartPolicy: {{ .Values.sidecar.alerts.restartPolicy }} + {{- with .Values.sidecar.alerts.startupProbe }} + startupProbe: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} env: {{- range $key, $value := .Values.sidecar.alerts.env }} - name: "{{ $key }}" value: "{{ $value }}" {{- end }} + {{- range $key, $value := .Values.sidecar.alerts.envValueFrom }} + - name: {{ $key | quote }} + valueFrom: + {{- tpl (toYaml $value) $ | nindent 10 }} + {{- end }} + - name: HEALTH_PORT + value: {{ include "grafana.sidecar.alerts.healthPort" . }} {{- if .Values.sidecar.alerts.ignoreAlreadyProcessed }} - name: IGNORE_ALREADY_PROCESSED value: "true" {{- end }} + {{- if and .Values.sidecar.alerts.restartPolicy (eq .Values.sidecar.alerts.restartPolicy "Always")}} + - name: METHOD + value: {{ .Values.sidecar.alerts.watchMethod }} + {{- if eq .Values.sidecar.alerts.watchMethod "WATCH" }} + - name: REQ_SKIP_INIT + value: "true" + {{- end }} + {{- else }} - name: METHOD value: "LIST" + {{- end }} - name: LABEL - value: "{{ .Values.sidecar.alerts.label }}" + value: "{{ tpl .Values.sidecar.alerts.label $root }}" {{- with .Values.sidecar.alerts.labelValue }} - name: LABEL_VALUE - value: {{ quote . }} + value: {{ quote (tpl . $root) }} {{- end }} {{- if or .Values.sidecar.logLevel .Values.sidecar.alerts.logLevel }} - name: LOG_LEVEL @@ -146,7 +178,7 @@ initContainers: {{- end }} {{- with .Values.sidecar.alerts.searchNamespace }} - name: NAMESPACE - value: {{ . | join "," | quote }} + value: "{{ tpl (. | join ",") $root }}" {{- end }} {{- with .Values.sidecar.alerts.skipTlsVerify }} - name: SKIP_TLS_VERIFY @@ -181,13 +213,20 @@ initContainers: {{- end }} {{- if and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources }} - name: {{ include "grafana.name" . }}-init-sc-datasources - {{- $registry := include "system_default_registry" . | default .Values.sidecar.image.registry -}} + {{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}} {{- if .Values.sidecar.image.sha }} - image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" {{- else }} - image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" {{- end }} imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + {{- if .Values.sidecar.datasources.restartPolicy }} + restartPolicy: {{ .Values.sidecar.datasources.restartPolicy }} + {{- with .Values.sidecar.datasources.startupProbe }} + startupProbe: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} env: {{- range $key, $value := .Values.sidecar.datasources.env }} - name: "{{ $key }}" @@ -198,17 +237,19 @@ initContainers: valueFrom: {{- tpl (toYaml $value) $ | nindent 10 }} {{- end }} + - name: HEALTH_PORT + value: {{ include "grafana.sidecar.datasources.healthPort" . }} {{- if .Values.sidecar.datasources.ignoreAlreadyProcessed }} - name: IGNORE_ALREADY_PROCESSED value: "true" {{- end }} - name: METHOD - value: "LIST" + value: {{ .Values.sidecar.datasources.watchMethod }} - name: LABEL - value: "{{ .Values.sidecar.datasources.label }}" + value: "{{ tpl .Values.sidecar.datasources.label $root }}" {{- with .Values.sidecar.datasources.labelValue }} - name: LABEL_VALUE - value: {{ quote . }} + value: {{ quote (tpl . $root) }} {{- end }} {{- if or .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }} - name: LOG_LEVEL @@ -218,18 +259,84 @@ initContainers: value: "/etc/grafana/provisioning/datasources" - name: RESOURCE value: {{ quote .Values.sidecar.datasources.resource }} + {{- if .Values.sidecar.datasources.resourceName }} + - name: RESOURCE_NAME + value: {{ quote .Values.sidecar.datasources.resourceName }} + {{- end }} {{- with .Values.sidecar.enableUniqueFilenames }} - name: UNIQUE_FILENAMES value: "{{ . }}" {{- end }} - {{- if .Values.sidecar.datasources.searchNamespace }} + {{- with .Values.sidecar.datasources.searchNamespace }} - name: NAMESPACE - value: "{{ tpl (.Values.sidecar.datasources.searchNamespace | join ",") . }}" + value: "{{ tpl (. | join ",") $root }}" {{- end }} - {{- with .Values.sidecar.skipTlsVerify }} + {{- if .Values.sidecar.skipTlsVerify }} - name: SKIP_TLS_VERIFY - value: "{{ . }}" + value: "{{ .Values.sidecar.skipTlsVerify }}" {{- end }} + {{- with .Values.sidecar.datasources.script }} + - name: SCRIPT + value: {{ quote . }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.userKey | default "admin-user" }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.passwordKey | default "admin-password" }} + {{- end }} + {{- if not .Values.sidecar.datasources.skipReload }} + - name: REQ_URL + value: {{ .Values.sidecar.datasources.reloadURL }} + - name: REQ_METHOD + value: POST + {{- if eq .Values.sidecar.datasources.watchMethod "WATCH" }} + - name: REQ_SKIP_INIT + value: "true" + {{- end }} + {{- end }} + {{- if .Values.sidecar.datasources.watchServerTimeout }} + {{- if ne .Values.sidecar.datasources.watchMethod "WATCH" }} + {{- fail (printf "Cannot use .Values.sidecar.datasources.watchServerTimeout with .Values.sidecar.datasources.watchMethod %s" .Values.sidecar.datasources.watchMethod) }} + {{- end }} + - name: WATCH_SERVER_TIMEOUT + value: "{{ .Values.sidecar.datasources.watchServerTimeout }}" + {{- end }} + {{- if .Values.sidecar.datasources.watchClientTimeout }} + {{- if ne .Values.sidecar.datasources.watchMethod "WATCH" }} + {{- fail (printf "Cannot use .Values.sidecar.datasources.watchClientTimeout with .Values.sidecar.datasources.watchMethod %s" .Values.sidecar.datasources.watchMethod) }} + {{- end }} + - name: WATCH_CLIENT_TIMEOUT + value: "{{ .Values.sidecar.datasources.watchClientTimeout }}" + {{- end }} + {{- if .Values.sidecar.datasources.maxTotalRetries }} + - name: REQ_RETRY_TOTAL + value: "{{ .Values.sidecar.datasources.maxTotalRetries }}" + {{- end }} + {{- if .Values.sidecar.datasources.maxConnectRetries }} + - name: REQ_RETRY_CONNECT + value: "{{ .Values.sidecar.datasources.maxConnectRetries }}" + {{- end }} + {{- if .Values.sidecar.datasources.maxReadRetries }} + - name: REQ_RETRY_READ + value: "{{ .Values.sidecar.datasources.maxReadRetries }}" + {{- end }} + {{- with .Values.sidecar.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 6 }} + {{- end }} {{- with .Values.sidecar.resources }} resources: {{- toYaml . | nindent 6 }} @@ -241,32 +348,53 @@ initContainers: volumeMounts: - name: sc-datasources-volume mountPath: "/etc/grafana/provisioning/datasources" + {{- with .Values.sidecar.datasources.extraMounts }} + {{- toYaml . | trim | nindent 6 }} + {{- end }} {{- end }} {{- if and .Values.sidecar.notifiers.enabled .Values.sidecar.notifiers.initNotifiers }} - name: {{ include "grafana.name" . }}-init-sc-notifiers - {{- $registry := include "system_default_registry" . | default .Values.sidecar.image.registry -}} + {{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}} {{- if .Values.sidecar.image.sha }} - image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" {{- else }} - image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" {{- end }} imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + {{- if .Values.sidecar.notifiers.restartPolicy }} + restartPolicy: {{ .Values.sidecar.notifiers.restartPolicy }} + {{- with .Values.sidecar.notifiers.startupProbe }} + startupProbe: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} env: {{- range $key, $value := .Values.sidecar.notifiers.env }} - name: "{{ $key }}" value: "{{ $value }}" {{- end }} + - name: HEALTH_PORT + value: {{ include "grafana.sidecar.notifiers.healthPort" . }} {{- if .Values.sidecar.notifiers.ignoreAlreadyProcessed }} - name: IGNORE_ALREADY_PROCESSED value: "true" {{- end }} + {{- if and .Values.sidecar.notifiers.restartPolicy (eq .Values.sidecar.notifiers.restartPolicy "Always")}} + - name: METHOD + value: {{ .Values.sidecar.notifiers.watchMethod }} + {{- if eq .Values.sidecar.notifiers.watchMethod "WATCH" }} + - name: REQ_SKIP_INIT + value: "true" + {{- end }} + {{- else }} - name: METHOD value: LIST + {{- end }} - name: LABEL - value: "{{ .Values.sidecar.notifiers.label }}" + value: "{{ tpl .Values.sidecar.notifiers.label $root }}" {{- with .Values.sidecar.notifiers.labelValue }} - name: LABEL_VALUE - value: {{ quote . }} + value: {{ quote (tpl . $root) }} {{- end }} {{- if or .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }} - name: LOG_LEVEL @@ -288,6 +416,10 @@ initContainers: - name: SKIP_TLS_VERIFY value: "{{ . }}" {{- end }} + {{- with .Values.sidecar.notifiers.script }} + - name: SCRIPT + value: {{ quote . }} + {{- end }} {{- with .Values.sidecar.livenessProbe }} livenessProbe: {{- toYaml . | nindent 6 }} @@ -307,6 +439,154 @@ initContainers: volumeMounts: - name: sc-notifiers-volume mountPath: "/etc/grafana/provisioning/notifiers" + {{- with .Values.sidecar.notifiers.extraMounts }} + {{- toYaml . | trim | nindent 6 }} + {{- end }} +{{- end}} +{{- if and .Values.sidecar.dashboards.enabled .Values.sidecar.dashboards.initDashboards }} + - name: {{ include "grafana.name" . }}-init-sc-dashboard + {{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}} + {{- if .Values.sidecar.image.sha }} + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + {{- if .Values.sidecar.dashboards.restartPolicy }} + restartPolicy: {{ .Values.sidecar.dashboards.restartPolicy }} + {{- with .Values.sidecar.dashboards.startupProbe }} + startupProbe: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + env: + {{- range $key, $value := .Values.sidecar.dashboards.env }} + - name: "{{ $key }}" + value: "{{ $value }}" + {{- end }} + {{- range $key, $value := .Values.sidecar.dashboards.envValueFrom }} + - name: {{ $key | quote }} + valueFrom: + {{- tpl (toYaml $value) $ | nindent 10 }} + {{- end }} + - name: HEALTH_PORT + value: {{ include "grafana.sidecar.dashboards.healthPort" . }} + {{- if .Values.sidecar.dashboards.ignoreAlreadyProcessed }} + - name: IGNORE_ALREADY_PROCESSED + value: "true" + {{- end }} + - name: METHOD + value: {{ .Values.sidecar.dashboards.watchMethod }} + - name: LABEL + value: "{{ tpl .Values.sidecar.dashboards.label $root }}" + {{- with .Values.sidecar.dashboards.labelValue }} + - name: LABEL_VALUE + value: {{ quote (tpl . $root) }} + {{- end }} + {{- if or .Values.sidecar.logLevel .Values.sidecar.dashboards.logLevel }} + - name: LOG_LEVEL + value: {{ default .Values.sidecar.logLevel .Values.sidecar.dashboards.logLevel }} + {{- end }} + - name: FOLDER + value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}" + - name: RESOURCE + value: {{ quote .Values.sidecar.dashboards.resource }} + {{- if .Values.sidecar.dashboards.resourceName }} + - name: RESOURCE_NAME + value: {{ quote .Values.sidecar.dashboards.resourceName }} + {{- end }} + {{- with .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ . }}" + {{- end }} + {{- with .Values.sidecar.dashboards.searchNamespace }} + - name: NAMESPACE + value: "{{ tpl (. | join ",") $root }}" + {{- end }} + {{- with .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ . }}" + {{- end }} + {{- with .Values.sidecar.dashboards.folderAnnotation }} + - name: FOLDER_ANNOTATION + value: "{{ . }}" + {{- end }} + {{- with .Values.sidecar.dashboards.script }} + - name: SCRIPT + value: {{ quote . }} + {{- end }} + {{- if not .Values.sidecar.dashboards.skipReload }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.userKey | default "admin-user" }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.passwordKey | default "admin-password" }} + {{- end }} + - name: REQ_URL + value: {{ .Values.sidecar.dashboards.reloadURL }} + - name: REQ_METHOD + value: POST + {{- if eq .Values.sidecar.dashboards.watchMethod "WATCH" }} + - name: REQ_SKIP_INIT + value: "true" + {{- end }} + {{- end }} + {{- if .Values.sidecar.dashboards.watchServerTimeout }} + {{- if ne .Values.sidecar.dashboards.watchMethod "WATCH" }} + {{- fail (printf "Cannot use .Values.sidecar.dashboards.watchServerTimeout with .Values.sidecar.dashboards.watchMethod %s" .Values.sidecar.dashboards.watchMethod) }} + {{- end }} + - name: WATCH_SERVER_TIMEOUT + value: "{{ .Values.sidecar.dashboards.watchServerTimeout }}" + {{- end }} + {{- if .Values.sidecar.dashboards.watchClientTimeout }} + {{- if ne .Values.sidecar.dashboards.watchMethod "WATCH" }} + {{- fail (printf "Cannot use .Values.sidecar.dashboards.watchClientTimeout with .Values.sidecar.dashboards.watchMethod %s" .Values.sidecar.dashboards.watchMethod) }} + {{- end }} + - name: WATCH_CLIENT_TIMEOUT + value: {{ .Values.sidecar.dashboards.watchClientTimeout | quote }} + {{- end }} + {{- if .Values.sidecar.dashboards.maxTotalRetries }} + - name: REQ_RETRY_TOTAL + value: "{{ .Values.sidecar.dashboards.maxTotalRetries }}" + {{- end }} + {{- if .Values.sidecar.dashboards.maxConnectRetries }} + - name: REQ_RETRY_CONNECT + value: "{{ .Values.sidecar.dashboards.maxConnectRetries }}" + {{- end }} + {{- if .Values.sidecar.dashboards.maxReadRetries }} + - name: REQ_RETRY_READ + value: "{{ .Values.sidecar.dashboards.maxReadRetries }}" + {{- end }} + {{- with .Values.sidecar.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.securityContext }} + securityContext: + {{- toYaml . | nindent 6 }} + {{- end }} + volumeMounts: + - name: sc-dashboard-volume + mountPath: {{ .Values.sidecar.dashboards.folder | quote }} + {{- with .Values.sidecar.dashboards.extraMounts }} + {{- toYaml . | trim | nindent 6 }} + {{- end }} {{- end}} {{- with .Values.extraInitContainers }} {{- tpl (toYaml .) $root | nindent 2 }} @@ -321,11 +601,11 @@ enableServiceLinks: {{ .Values.enableServiceLinks }} containers: {{- if and .Values.sidecar.alerts.enabled (not .Values.sidecar.alerts.initAlerts) }} - name: {{ include "grafana.name" . }}-sc-alerts - {{- $registry := include "system_default_registry" . | default .Values.sidecar.image.registry -}} + {{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}} {{- if .Values.sidecar.image.sha }} - image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" {{- else }} - image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" {{- end }} imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} env: @@ -333,6 +613,11 @@ containers: - name: "{{ $key }}" value: "{{ $value }}" {{- end }} + {{- range $key, $value := .Values.sidecar.alerts.envValueFrom }} + - name: {{ $key | quote }} + valueFrom: + {{- tpl (toYaml $value) $ | nindent 10 }} + {{- end }} {{- if .Values.sidecar.alerts.ignoreAlreadyProcessed }} - name: IGNORE_ALREADY_PROCESSED value: "true" @@ -340,10 +625,10 @@ containers: - name: METHOD value: {{ .Values.sidecar.alerts.watchMethod }} - name: LABEL - value: "{{ .Values.sidecar.alerts.label }}" + value: "{{ tpl .Values.sidecar.alerts.label $root }}" {{- with .Values.sidecar.alerts.labelValue }} - name: LABEL_VALUE - value: {{ quote . }} + value: {{ quote (tpl . $root) }} {{- end }} {{- if or .Values.sidecar.logLevel .Values.sidecar.alerts.logLevel }} - name: LOG_LEVEL @@ -353,13 +638,17 @@ containers: value: "/etc/grafana/provisioning/alerting" - name: RESOURCE value: {{ quote .Values.sidecar.alerts.resource }} + {{- if .Values.sidecar.alerts.resourceName }} + - name: RESOURCE_NAME + value: {{ quote .Values.sidecar.alerts.resourceName }} + {{- end }} {{- with .Values.sidecar.enableUniqueFilenames }} - name: UNIQUE_FILENAMES value: "{{ . }}" {{- end }} {{- with .Values.sidecar.alerts.searchNamespace }} - name: NAMESPACE - value: {{ . | join "," | quote }} + value: "{{ tpl (. | join ",") $root }}" {{- end }} {{- with .Values.sidecar.alerts.skipTlsVerify }} - name: SKIP_TLS_VERIFY @@ -369,7 +658,7 @@ containers: - name: SCRIPT value: {{ quote . }} {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_ADMIN_USER__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - name: REQ_USERNAME valueFrom: secretKeyRef: @@ -438,13 +727,13 @@ containers: {{- toYaml . | trim | nindent 6 }} {{- end }} {{- end}} -{{- if .Values.sidecar.dashboards.enabled }} +{{- if and .Values.sidecar.dashboards.enabled (not .Values.sidecar.dashboards.initDashboards) }} - name: {{ include "grafana.name" . }}-sc-dashboard - {{- $registry := include "system_default_registry" . | default .Values.sidecar.image.registry -}} + {{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}} {{- if .Values.sidecar.image.sha }} - image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" {{- else }} - image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" {{- end }} imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} env: @@ -464,10 +753,10 @@ containers: - name: METHOD value: {{ .Values.sidecar.dashboards.watchMethod }} - name: LABEL - value: "{{ .Values.sidecar.dashboards.label }}" + value: "{{ tpl .Values.sidecar.dashboards.label $root }}" {{- with .Values.sidecar.dashboards.labelValue }} - name: LABEL_VALUE - value: {{ quote . }} + value: {{ quote (tpl . $root) }} {{- end }} {{- if or .Values.sidecar.logLevel .Values.sidecar.dashboards.logLevel }} - name: LOG_LEVEL @@ -477,6 +766,10 @@ containers: value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}" - name: RESOURCE value: {{ quote .Values.sidecar.dashboards.resource }} + {{- if .Values.sidecar.dashboards.resourceName }} + - name: RESOURCE_NAME + value: {{ quote .Values.sidecar.dashboards.resourceName }} + {{- end }} {{- with .Values.sidecar.enableUniqueFilenames }} - name: UNIQUE_FILENAMES value: "{{ . }}" @@ -495,10 +788,10 @@ containers: {{- end }} {{- with .Values.sidecar.dashboards.script }} - name: SCRIPT - value: "{{ . }}" + value: {{ quote . }} {{- end }} {{- if not .Values.sidecar.dashboards.skipReload }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_ADMIN_USER__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - name: REQ_USERNAME valueFrom: secretKeyRef: @@ -568,11 +861,11 @@ containers: {{- end}} {{- if and .Values.sidecar.datasources.enabled (not .Values.sidecar.datasources.initDatasources) }} - name: {{ include "grafana.name" . }}-sc-datasources - {{- $registry := include "system_default_registry" . | default .Values.sidecar.image.registry -}} + {{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}} {{- if .Values.sidecar.image.sha }} - image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" {{- else }} - image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" {{- end }} imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} env: @@ -592,10 +885,10 @@ containers: - name: METHOD value: {{ .Values.sidecar.datasources.watchMethod }} - name: LABEL - value: "{{ .Values.sidecar.datasources.label }}" + value: "{{ tpl .Values.sidecar.datasources.label $root }}" {{- with .Values.sidecar.datasources.labelValue }} - name: LABEL_VALUE - value: {{ quote . }} + value: {{ quote (tpl . $root) }} {{- end }} {{- if or .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }} - name: LOG_LEVEL @@ -605,6 +898,10 @@ containers: value: "/etc/grafana/provisioning/datasources" - name: RESOURCE value: {{ quote .Values.sidecar.datasources.resource }} + {{- if .Values.sidecar.datasources.resourceName }} + - name: RESOURCE_NAME + value: {{ quote .Values.sidecar.datasources.resourceName }} + {{- end }} {{- with .Values.sidecar.enableUniqueFilenames }} - name: UNIQUE_FILENAMES value: "{{ . }}" @@ -617,11 +914,11 @@ containers: - name: SKIP_TLS_VERIFY value: "{{ .Values.sidecar.skipTlsVerify }}" {{- end }} - {{- if .Values.sidecar.datasources.script }} + {{- with .Values.sidecar.datasources.script }} - name: SCRIPT - value: "{{ .Values.sidecar.datasources.script }}" + value: {{ quote . }} {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_ADMIN_USER__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - name: REQ_USERNAME valueFrom: secretKeyRef: @@ -690,13 +987,13 @@ containers: {{- toYaml . | trim | nindent 6 }} {{- end }} {{- end}} -{{- if .Values.sidecar.notifiers.enabled }} +{{- if and .Values.sidecar.notifiers.enabled (not .Values.sidecar.notifiers.initNotifiers) }} - name: {{ include "grafana.name" . }}-sc-notifiers - {{- $registry := include "system_default_registry" . | default .Values.sidecar.image.registry -}} + {{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}} {{- if .Values.sidecar.image.sha }} - image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" {{- else }} - image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" {{- end }} imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} env: @@ -711,10 +1008,10 @@ containers: - name: METHOD value: {{ .Values.sidecar.notifiers.watchMethod }} - name: LABEL - value: "{{ .Values.sidecar.notifiers.label }}" + value: "{{ tpl .Values.sidecar.notifiers.label $root }}" {{- with .Values.sidecar.notifiers.labelValue }} - name: LABEL_VALUE - value: {{ quote . }} + value: {{ quote (tpl . $root) }} {{- end }} {{- if or .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }} - name: LOG_LEVEL @@ -724,6 +1021,10 @@ containers: value: "/etc/grafana/provisioning/notifiers" - name: RESOURCE value: {{ quote .Values.sidecar.notifiers.resource }} + {{- if .Values.sidecar.notifiers.resourceName }} + - name: RESOURCE_NAME + value: {{ quote .Values.sidecar.notifiers.resourceName }} + {{- end }} {{- if .Values.sidecar.enableUniqueFilenames }} - name: UNIQUE_FILENAMES value: "{{ .Values.sidecar.enableUniqueFilenames }}" @@ -736,11 +1037,11 @@ containers: - name: SKIP_TLS_VERIFY value: "{{ . }}" {{- end }} - {{- if .Values.sidecar.notifiers.script }} + {{- with .Values.sidecar.notifiers.script }} - name: SCRIPT - value: "{{ .Values.sidecar.notifiers.script }}" + value: {{ quote . }} {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_ADMIN_USER__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - name: REQ_USERNAME valueFrom: secretKeyRef: @@ -811,11 +1112,11 @@ containers: {{- end}} {{- if .Values.sidecar.plugins.enabled }} - name: {{ include "grafana.name" . }}-sc-plugins - {{- $registry := include "system_default_registry" . | default .Values.sidecar.image.registry -}} + {{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}} {{- if .Values.sidecar.image.sha }} - image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" {{- else }} - image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" {{- end }} imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} env: @@ -830,10 +1131,10 @@ containers: - name: METHOD value: {{ .Values.sidecar.plugins.watchMethod }} - name: LABEL - value: "{{ .Values.sidecar.plugins.label }}" + value: "{{ tpl .Values.sidecar.plugins.label $root }}" {{- if .Values.sidecar.plugins.labelValue }} - name: LABEL_VALUE - value: {{ quote .Values.sidecar.plugins.labelValue }} + value: {{ quote (tpl .Values.sidecar.plugins.labelValue $) }} {{- end }} {{- if or .Values.sidecar.logLevel .Values.sidecar.plugins.logLevel }} - name: LOG_LEVEL @@ -843,6 +1144,10 @@ containers: value: "/etc/grafana/provisioning/plugins" - name: RESOURCE value: {{ quote .Values.sidecar.plugins.resource }} + {{- if .Values.sidecar.plugins.resourceName }} + - name: RESOURCE_NAME + value: {{ quote .Values.sidecar.plugins.resourceName }} + {{- end }} {{- with .Values.sidecar.enableUniqueFilenames }} - name: UNIQUE_FILENAMES value: "{{ . }}" @@ -853,13 +1158,13 @@ containers: {{- end }} {{- with .Values.sidecar.plugins.script }} - name: SCRIPT - value: "{{ . }}" + value: {{ quote . }} {{- end }} {{- with .Values.sidecar.skipTlsVerify }} - name: SKIP_TLS_VERIFY value: "{{ . }}" {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_ADMIN_USER__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - name: REQ_USERNAME valueFrom: secretKeyRef: @@ -928,12 +1233,12 @@ containers: {{- toYaml . | trim | nindent 6 }} {{- end }} {{- end}} - - name: {{ .Chart.Name }} - {{- $registry := include "system_default_registry" . | default .Values.image.registry -}} + - name: grafana + {{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}} {{- if .Values.image.sha }} - image: "{{ $registry }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.image.sha }}" + image: "{{ $registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.image.sha }}" {{- else }} - image: "{{ $registry }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ $registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.command }} @@ -972,6 +1277,8 @@ containers: {{- with .Values.persistence.subPath }} subPath: {{ tpl . $root }} {{- end }} + - name: search + mountPath: "/var/lib/grafana-search" {{- with .Values.dashboards }} {{- range $provider, $dashboards := . }} {{- range $key, $value := $dashboards }} @@ -992,7 +1299,7 @@ containers: {{- with .Values.datasources }} {{- $datasources := . }} {{- range (keys . | sortAlpha) }} - {{- if (or (hasKey (index $datasources .) "secret")) }} {{/*check if current datasource should be handeled as secret */}} + {{- if (or (hasKey (index $datasources .) "secret")) }} {{/*check if current datasource should be handled as secret */}} - name: config-secret mountPath: "/etc/grafana/provisioning/datasources/{{ . }}" subPath: {{ . | quote }} @@ -1006,7 +1313,7 @@ containers: {{- with .Values.notifiers }} {{- $notifiers := . }} {{- range (keys . | sortAlpha) }} - {{- if (or (hasKey (index $notifiers .) "secret")) }} {{/*check if current notifier should be handeled as secret */}} + {{- if (or (hasKey (index $notifiers .) "secret")) }} {{/*check if current notifier should be handled as secret */}} - name: config-secret mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}" subPath: {{ . | quote }} @@ -1020,7 +1327,7 @@ containers: {{- with .Values.alerting }} {{- $alertingmap := .}} {{- range (keys . | sortAlpha) }} - {{- if (or (hasKey (index $.Values.alerting .) "secret") (hasKey (index $.Values.alerting .) "secretFile")) }} {{/*check if current alerting entry should be handeled as secret */}} + {{- if (or (hasKey (index $.Values.alerting .) "secret") (hasKey (index $.Values.alerting .) "secretFile")) }} {{/*check if current alerting entry should be handled as secret */}} - name: config-secret mountPath: "/etc/grafana/provisioning/alerting/{{ . }}" subPath: {{ . | quote }} @@ -1097,7 +1404,7 @@ containers: valueFrom: fieldRef: fieldPath: status.podIP - {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_ADMIN_USER__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - name: GF_SECURITY_ADMIN_USER valueFrom: secretKeyRef: @@ -1112,7 +1419,7 @@ containers: key: {{ .Values.admin.passwordKey | default "admin-password" }} {{- end }} {{- if .Values.plugins }} - - name: GF_INSTALL_PLUGINS + - name: GF_PLUGINS_PREINSTALL_SYNC valueFrom: configMapKeyRef: name: {{ include "grafana.fullname" . }} @@ -1135,7 +1442,7 @@ containers: {{- if .Values.imageRenderer.serverURL }} value: {{ .Values.imageRenderer.serverURL | quote }} {{- else }} - value: http://{{ include "grafana.fullname" . }}-image-renderer.{{ include "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render + value: http://{{ include "grafana.imageRenderer.fullname" . }}-image-renderer.{{ include "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render {{- end }} - name: GF_RENDERING_CALLBACK_URL {{- if .Values.imageRenderer.renderingCallbackURL }} @@ -1152,6 +1459,15 @@ containers: value: {{ (get .Values "grafana.ini").paths.plugins }} - name: GF_PATHS_PROVISIONING value: {{ (get .Values "grafana.ini").paths.provisioning }} + - name: GF_UNIFIED_STORAGE_INDEX_PATH + value: {{ (get .Values "grafana.ini").unified_storage.index_path }} + {{- if (.Values.resources.limits).memory }} + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + divisor: "1" + resource: limits.memory + {{- end }} {{- range $key, $value := .Values.envValueFrom }} - name: {{ $key | quote }} valueFrom: @@ -1207,8 +1523,8 @@ containers: {{- with .Values.extraContainers }} {{- tpl . $ | nindent 2 }} {{- end }} -nodeSelector: {{ include "linux-node-selector" . | nindent 2 }} {{- with .Values.nodeSelector }} +nodeSelector: {{- toYaml . | nindent 2 }} {{- end }} {{- with .Values.affinity }} @@ -1219,8 +1535,8 @@ affinity: topologySpreadConstraints: {{- toYaml . | nindent 2 }} {{- end }} -tolerations: {{ include "linux-node-tolerations" . | nindent 2 }} {{- with .Values.tolerations }} +tolerations: {{- toYaml . | nindent 2 }} {{- end }} volumes: @@ -1289,23 +1605,29 @@ volumes: emptyDir: {} {{- end }} {{- end }} + - name: search + emptyDir: {} {{- if .Values.sidecar.alerts.enabled }} - name: sc-alerts-volume + {{- if .Values.sidecar.alerts.sizeLimit }} emptyDir: {{- with .Values.sidecar.alerts.sizeLimit }} sizeLimit: {{ . }} - {{- else }} - {} {{- end }} + {{- else }} + emptyDir: {} + {{- end }} {{- end }} {{- if .Values.sidecar.dashboards.enabled }} - name: sc-dashboard-volume + {{- if .Values.sidecar.dashboards.sizeLimit }} emptyDir: {{- with .Values.sidecar.dashboards.sizeLimit }} sizeLimit: {{ . }} - {{- else }} - {} {{- end }} + {{- else }} + emptyDir: {} + {{- end }} {{- if .Values.sidecar.dashboards.SCProvider }} - name: sc-dashboard-provider configMap: @@ -1314,30 +1636,36 @@ volumes: {{- end }} {{- if .Values.sidecar.datasources.enabled }} - name: sc-datasources-volume + {{- if .Values.sidecar.datasources.sizeLimit }} emptyDir: {{- with .Values.sidecar.datasources.sizeLimit }} sizeLimit: {{ . }} - {{- else }} - {} {{- end }} + {{- else }} + emptyDir: {} + {{- end }} {{- end }} {{- if .Values.sidecar.plugins.enabled }} - name: sc-plugins-volume + {{- if .Values.sidecar.plugins.sizeLimit }} emptyDir: {{- with .Values.sidecar.plugins.sizeLimit }} sizeLimit: {{ . }} - {{- else }} - {} {{- end }} + {{- else }} + emptyDir: {} + {{- end }} {{- end }} {{- if .Values.sidecar.notifiers.enabled }} - name: sc-notifiers-volume + {{- if .Values.sidecar.notifiers.sizeLimit }} emptyDir: {{- with .Values.sidecar.notifiers.sizeLimit }} sizeLimit: {{ . }} - {{- else }} - {} {{- end }} + {{- else }} + emptyDir: {} + {{- end }} {{- end }} {{- range .Values.extraSecretMounts }} {{- if .secretName }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/clusterrole.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/clusterrole.yaml similarity index 100% rename from charts/rancher-monitoring/charts/grafana/templates/clusterrole.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/clusterrole.yaml diff --git a/charts/rancher-monitoring/charts/grafana/templates/clusterrolebinding.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/clusterrolebinding.yaml similarity index 100% rename from charts/rancher-monitoring/charts/grafana/templates/clusterrolebinding.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/clusterrolebinding.yaml diff --git a/charts/rancher-monitoring/charts/grafana/templates/configSecret.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/configSecret.yaml similarity index 100% rename from charts/rancher-monitoring/charts/grafana/templates/configSecret.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/configSecret.yaml diff --git a/charts/rancher-monitoring/charts/grafana/templates/configmap-dashboard-provider.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/configmap-dashboard-provider.yaml similarity index 100% rename from charts/rancher-monitoring/charts/grafana/templates/configmap-dashboard-provider.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/configmap-dashboard-provider.yaml diff --git a/charts/rancher-monitoring/charts/grafana/templates/configmap.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/configmap.yaml similarity index 100% rename from charts/rancher-monitoring/charts/grafana/templates/configmap.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/configmap.yaml diff --git a/charts/rancher-monitoring/charts/grafana/templates/dashboards-json-configmap.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/dashboards-json-configmap.yaml similarity index 100% rename from charts/rancher-monitoring/charts/grafana/templates/dashboards-json-configmap.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/dashboards-json-configmap.yaml diff --git a/charts/rancher-monitoring/charts/grafana/templates/deployment.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/deployment.yaml similarity index 100% rename from charts/rancher-monitoring/charts/grafana/templates/deployment.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/deployment.yaml diff --git a/charts/rancher-monitoring/charts/grafana/templates/extra-manifests.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/extra-manifests.yaml similarity index 69% rename from charts/rancher-monitoring/charts/grafana/templates/extra-manifests.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/extra-manifests.yaml index 578be45..0e97856 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/extra-manifests.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/extra-manifests.yaml @@ -1,8 +1,8 @@ {{ range .Values.extraObjects }} --- {{- if typeIs "string" . }} - {{ tpl . $ }} +{{ tpl . $ }} {{ else }} - {{ tpl (. | toYaml) $ }} +{{ tpl (. | toYaml) $ }} {{- end }} {{ end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/headless-service.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/headless-service.yaml similarity index 93% rename from charts/rancher-monitoring/charts/grafana/templates/headless-service.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/headless-service.yaml index 3028589..8fa6ecb 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/headless-service.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/headless-service.yaml @@ -19,4 +19,5 @@ spec: ports: - name: {{ .Values.gossipPortName }}-tcp port: 9094 + targetPort: {{ .Values.gossipPortName }}-tcp {{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/hpa.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/hpa.yaml similarity index 100% rename from charts/rancher-monitoring/charts/grafana/templates/hpa.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/hpa.yaml diff --git a/charts/rancher-monitoring/charts/grafana/templates/image-renderer-deployment.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-deployment.yaml similarity index 89% rename from charts/rancher-monitoring/charts/grafana/templates/image-renderer-deployment.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-deployment.yaml index 98aeda9..20ddff4 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/image-renderer-deployment.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-deployment.yaml @@ -47,6 +47,9 @@ spec: serviceAccountName: "{{ . }}" {{- end }} automountServiceAccountToken: {{ .Values.imageRenderer.automountServiceAccountToken }} + {{- if kindIs "bool" .Values.imageRenderer.hostUsers }} + hostUsers: {{ .Values.imageRenderer.hostUsers }} + {{- end }} {{- with .Values.imageRenderer.securityContext }} securityContext: {{- toYaml . | nindent 8 }} @@ -58,19 +61,17 @@ spec: {{- with .Values.imageRenderer.priorityClassName }} priorityClassName: {{ . }} {{- end }} - {{- with .Values.imageRenderer.image.pullSecrets }} + {{- if or .Values.imageRenderer.image.pullSecrets .Values.global.imagePullSecrets }} imagePullSecrets: - {{- range . }} - - name: {{ tpl . $root }} - {{- end}} + {{- include "grafana.imagePullSecrets" (dict "root" $root "imagePullSecrets" .Values.imageRenderer.image.pullSecrets) | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }}-image-renderer - {{- $registry := include "system_default_registry" | default .Values.imageRenderer.image.registry -}} + {{- $registry := .Values.global.imageRegistry | default .Values.imageRenderer.image.registry -}} {{- if .Values.imageRenderer.image.sha }} - image: "{{ $registry }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}" + image: "{{ $registry }}/{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}" {{- else }} - image: "{{ $registry }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}" + image: "{{ $registry }}/{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}" {{- end }} imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }} {{- if .Values.imageRenderer.command }} @@ -85,7 +86,7 @@ spec: protocol: TCP livenessProbe: httpGet: - path: / + path: {{ .Values.imageRenderer.healthcheckPath }} port: {{ .Values.imageRenderer.service.portName }} env: - name: HTTP_PORT diff --git a/charts/rancher-monitoring/charts/grafana/templates/image-renderer-hpa.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-hpa.yaml similarity index 100% rename from charts/rancher-monitoring/charts/grafana/templates/image-renderer-hpa.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-hpa.yaml diff --git a/charts/rancher-monitoring/charts/grafana/templates/image-renderer-network-policy.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-network-policy.yaml similarity index 100% rename from charts/rancher-monitoring/charts/grafana/templates/image-renderer-network-policy.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-network-policy.yaml diff --git a/charts/rancher-monitoring/charts/grafana/templates/image-renderer-service.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-service.yaml similarity index 83% rename from charts/rancher-monitoring/charts/grafana/templates/image-renderer-service.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-service.yaml index f8da127..ffa72d0 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/image-renderer-service.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "grafana.fullname" . }}-image-renderer + name: {{ include "grafana.imageRenderer.fullname" . }}-image-renderer namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.imageRenderer.labels" . | nindent 4 }} @@ -11,7 +11,7 @@ metadata: {{- end }} {{- with .Values.imageRenderer.service.annotations }} annotations: - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml . | nindent 4) $ }} {{- end }} spec: type: ClusterIP @@ -22,7 +22,7 @@ spec: - name: {{ .Values.imageRenderer.service.portName }} port: {{ .Values.imageRenderer.service.port }} protocol: TCP - targetPort: {{ .Values.imageRenderer.service.targetPort }} + targetPort: {{ .Values.imageRenderer.service.portName }} {{- with .Values.imageRenderer.appProtocol }} appProtocol: {{ . }} {{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/image-renderer-servicemonitor.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-servicemonitor.yaml similarity index 94% rename from charts/rancher-monitoring/charts/grafana/templates/image-renderer-servicemonitor.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-servicemonitor.yaml index 5d9f09d..a54a375 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/image-renderer-servicemonitor.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if .Values.imageRenderer.serviceMonitor.enabled }} +{{- if and .Values.imageRenderer.enabled .Values.imageRenderer.serviceMonitor.enabled }} --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor diff --git a/charts/rancher-monitoring/charts/grafana/templates/ingress.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/ingress.yaml similarity index 63% rename from charts/rancher-monitoring/charts/grafana/templates/ingress.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/ingress.yaml index b2ffd81..04cc655 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/ingress.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/ingress.yaml @@ -1,13 +1,10 @@ {{- if .Values.ingress.enabled -}} -{{- $ingressApiIsStable := eq (include "grafana.ingress.isStable" .) "true" -}} -{{- $ingressSupportsIngressClassName := eq (include "grafana.ingress.supportsIngressClassName" .) "true" -}} -{{- $ingressSupportsPathType := eq (include "grafana.ingress.supportsPathType" .) "true" -}} {{- $fullName := include "grafana.fullname" . -}} {{- $servicePort := .Values.service.port -}} {{- $ingressPath := .Values.ingress.path -}} {{- $ingressPathType := .Values.ingress.pathType -}} {{- $extraPaths := .Values.ingress.extraPaths -}} -apiVersion: {{ include "grafana.ingress.apiVersion" . }} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} @@ -24,9 +21,9 @@ metadata: {{- end }} {{- end }} spec: - {{- if and $ingressSupportsIngressClassName .Values.ingress.ingressClassName }} + {{- if .Values.ingress.ingressClassName }} ingressClassName: {{ .Values.ingress.ingressClassName }} - {{- end -}} + {{- end }} {{- with .Values.ingress.tls }} tls: {{- tpl (toYaml .) $ | nindent 4 }} @@ -41,38 +38,24 @@ spec: {{- toYaml . | nindent 10 }} {{- end }} - path: {{ $ingressPath }} - {{- if $ingressSupportsPathType }} pathType: {{ $ingressPathType }} - {{- end }} backend: - {{- if $ingressApiIsStable }} service: name: {{ $fullName }} port: number: {{ $servicePort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} - {{- end }} {{- end }} {{- else }} - http: paths: - backend: - {{- if $ingressApiIsStable }} service: name: {{ $fullName }} port: number: {{ $servicePort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} - {{- end }} {{- with $ingressPath }} path: {{ . }} {{- end }} - {{- if $ingressSupportsPathType }} pathType: {{ $ingressPathType }} - {{- end }} {{- end -}} {{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/networkpolicy.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/networkpolicy.yaml similarity index 92% rename from charts/rancher-monitoring/charts/grafana/templates/networkpolicy.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/networkpolicy.yaml index 4cd3ed6..07a9d7d 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/networkpolicy.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/networkpolicy.yaml @@ -52,6 +52,10 @@ spec: - namespaceSelector: {{- toYaml . | nindent 12 }} {{- end }} + {{- range .Values.networkPolicy.explicitIpBlocks }} + - ipBlock: + cidr: {{ . | quote }} + {{- end }} - podSelector: matchLabels: {{- include "grafana.labels" . | nindent 14 }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/poddisruptionbudget.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/poddisruptionbudget.yaml similarity index 80% rename from charts/rancher-monitoring/charts/grafana/templates/poddisruptionbudget.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/poddisruptionbudget.yaml index 0525121..98f396a 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/poddisruptionbudget.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/poddisruptionbudget.yaml @@ -1,5 +1,5 @@ {{- if .Values.podDisruptionBudget }} -apiVersion: {{ include "grafana.podDisruptionBudget.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "grafana.fullname" . }} @@ -19,4 +19,7 @@ spec: selector: matchLabels: {{- include "grafana.selectorLabels" . | nindent 6 }} + {{- with .Values.podDisruptionBudget.unhealthyPodEvictionPolicy }} + unhealthyPodEvictionPolicy: {{ . }} + {{- end }} {{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/podsecuritypolicy.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/podsecuritypolicy.yaml similarity index 63% rename from charts/rancher-monitoring/charts/grafana/templates/podsecuritypolicy.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/podsecuritypolicy.yaml index 973cacc..eed7af9 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/podsecuritypolicy.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/podsecuritypolicy.yaml @@ -1,13 +1,17 @@ -{{- if and (or .Values.global.cattle.psp.enabled .Values.rbac.pspEnabled) (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} +{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: {{ include "grafana.fullname" . }} labels: {{- include "grafana.labels" . | nindent 4 }} -{{- if .Values.rbac.pspAnnotations }} - annotations: {{ toYaml .Values.rbac.pspAnnotations | nindent 4 }} -{{- end }} + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + {{- if .Values.rbac.pspUseAppArmor }} + apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' + apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + {{- end }} spec: privileged: false allowPrivilegeEscalation: false diff --git a/charts/rancher-monitoring/charts/grafana/templates/pvc.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/pvc.yaml similarity index 74% rename from charts/rancher-monitoring/charts/grafana/templates/pvc.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/pvc.yaml index a944a76..9922125 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/pvc.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/pvc.yaml @@ -19,15 +19,15 @@ metadata: {{- end }} spec: accessModes: -{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" .Values.persistence.accessModes }} -{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" (first .Values.persistence.accessModes) }} {{- range .Values.persistence.accessModes }} - {{ . | quote }} {{- end }} resources: requests: storage: {{ .Values.persistence.size | quote }} - {{- if and (.Values.persistence.lookupVolumeName) (lookup "v1" "PersistentVolumeClaim" (include "grafana.namespace" .) (include "grafana.fullname" .)) }} + {{- if .Values.persistence.volumeName }} + volumeName: {{ .Values.persistence.volumeName }} + {{- else if and (.Values.persistence.lookupVolumeName) (lookup "v1" "PersistentVolumeClaim" (include "grafana.namespace" .) (include "grafana.fullname" .)) }} volumeName: {{ (lookup "v1" "PersistentVolumeClaim" (include "grafana.namespace" .) (include "grafana.fullname" .)).spec.volumeName }} {{- end }} {{- with .Values.persistence.storageClassName }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/role.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/role.yaml similarity index 71% rename from charts/rancher-monitoring/charts/grafana/templates/role.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/role.yaml index 469b6f4..4b5edd9 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/role.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/role.yaml @@ -10,9 +10,9 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} -{{- if or (or .Values.global.cattle.psp.enabled .Values.rbac.pspEnabled) (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.rbac.extraRoleRules)) }} +{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.rbac.extraRoleRules)) }} rules: - {{- if and (or .Values.global.cattle.psp.enabled .Values.rbac.pspEnabled) (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} + {{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} - apiGroups: ['extensions'] resources: ['podsecuritypolicies'] verbs: ['use'] diff --git a/charts/rancher-monitoring/charts/grafana/templates/rolebinding.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/rolebinding.yaml similarity index 100% rename from charts/rancher-monitoring/charts/grafana/templates/rolebinding.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/rolebinding.yaml diff --git a/charts/rancher-monitoring/charts/grafana/templates/route.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/route.yaml similarity index 66% rename from charts/rancher-monitoring/charts/grafana/templates/route.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/route.yaml index e8c98b3..5789e53 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/route.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/route.yaml @@ -1,17 +1,16 @@ {{- range $name, $route := .Values.route }} - {{- if $route.enabled -}} +{{- if $route.enabled }} --- apiVersion: {{ $route.apiVersion | default "gateway.networking.k8s.io/v1" }} kind: {{ $route.kind | default "HTTPRoute" }} metadata: {{- with $route.annotations }} annotations: - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} name: {{ template "grafana.fullname" $ }}{{ if ne $name "main" }}-{{ $name }}{{ end }} namespace: {{ template "grafana.namespace" $ }} labels: - app: {{ template "grafana.name" $ }}-prometheus {{- include "grafana.labels" $ | nindent 4 }} {{- with $route.labels }} {{- toYaml . | nindent 4 }} @@ -29,9 +28,19 @@ spec: {{- if $route.additionalRules }} {{- tpl (toYaml $route.additionalRules) $ | nindent 4 }} {{- end }} + {{- if $route.httpsRedirect }} + - filters: + - type: RequestRedirect + requestRedirect: + scheme: https + statusCode: 301 + {{- else }} - backendRefs: - name: {{ include "grafana.fullname" $ }} port: {{ $.Values.service.port }} + group: '' + kind: Service + weight: 1 {{- with $route.filters }} filters: {{- toYaml . | nindent 8 }} @@ -40,5 +49,14 @@ spec: matches: {{- toYaml . | nindent 8 }} {{- end }} - {{- end }} -{{- end }} \ No newline at end of file + {{- with $route.timeouts }} + timeouts: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $route.sessionPersistence }} + sessionPersistence: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/secret-env.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/secret-env.yaml similarity index 89% rename from charts/rancher-monitoring/charts/grafana/templates/secret-env.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/secret-env.yaml index eb14aac..15ea9a8 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/secret-env.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/secret-env.yaml @@ -6,6 +6,7 @@ metadata: namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.labels" . | nindent 4 }} + app.kubernetes.io/component: env-secret type: Opaque data: {{- range $key, $val := .Values.envRenderSecret }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/secret.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/secret.yaml similarity index 93% rename from charts/rancher-monitoring/charts/grafana/templates/secret.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/secret.yaml index fd2ca50..8bc1453 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/secret.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/secret.yaml @@ -6,6 +6,7 @@ metadata: namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.labels" . | nindent 4 }} + app.kubernetes.io/component: admin-secret {{- with .Values.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/service.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/service.yaml similarity index 93% rename from charts/rancher-monitoring/charts/grafana/templates/service.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/service.yaml index f5e9e44..bad3549 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/service.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/service.yaml @@ -51,11 +51,14 @@ spec: {{- with .Values.service.sessionAffinity }} sessionAffinity: {{ . }} {{- end }} + {{- with .Values.service.trafficDistribution }} + trafficDistribution: {{ . }} + {{- end }} ports: - name: {{ .Values.service.portName }} port: {{ .Values.service.port }} protocol: TCP - targetPort: {{ .Values.service.targetPort }} + targetPort: {{ .Values.podPortName }} {{- with .Values.service.appProtocol }} appProtocol: {{ . }} {{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/serviceaccount.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/serviceaccount.yaml similarity index 100% rename from charts/rancher-monitoring/charts/grafana/templates/serviceaccount.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/serviceaccount.yaml diff --git a/charts/rancher-monitoring/charts/grafana/templates/servicemonitor.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/servicemonitor.yaml similarity index 73% rename from charts/rancher-monitoring/charts/grafana/templates/servicemonitor.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/servicemonitor.yaml index 850df45..0bb75ea 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/servicemonitor.yaml @@ -10,6 +10,7 @@ metadata: namespace: {{ include "grafana.namespace" . }} {{- end }} labels: + release: {{ $.Release.Name | quote }} {{- include "grafana.labels" . | nindent 4 }} {{- with .Values.serviceMonitor.labels }} {{- tpl (toYaml . | nindent 4) $ }} @@ -30,26 +31,10 @@ spec: tlsConfig: {{- toYaml . | nindent 6 }} {{- end }} - metricRelabelings: - {{- if .Values.serviceMonitor.metricRelabelings }} - {{- toYaml .Values.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName }} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} - {{- if .Values.serviceMonitor.relabelings }} {{- with .Values.serviceMonitor.relabelings }} relabelings: {{- toYaml . | nindent 6 }} {{- end }} - {{- end }} {{- with .Values.serviceMonitor.metricRelabelings }} metricRelabelings: {{- toYaml . | nindent 6 }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/statefulset.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/statefulset.yaml similarity index 83% rename from charts/rancher-monitoring/charts/grafana/templates/statefulset.yaml rename to charts/kube-prometheus-stack/charts/grafana/templates/statefulset.yaml index 4a67088..3262838 100644 --- a/charts/rancher-monitoring/charts/grafana/templates/statefulset.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/statefulset.yaml @@ -43,14 +43,22 @@ spec: kind: PersistentVolumeClaim metadata: name: storage + {{- with .Values.persistence.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: -{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" .Values.persistence.accessModes }} -{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" (first .Values.persistence.accessModes) }} - accessModes: {{ .Values.persistence.accessModes }} + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} storageClassName: {{ .Values.persistence.storageClassName }} + {{- with .Values.persistence.volumeName }} + volumeName: {{ . | quote }} + {{- end }} resources: requests: - storage: {{ required "Must provide size for persistent volumes used by Grafana" .Values.persistence.size }} + storage: {{ .Values.persistence.size }} {{- with .Values.persistence.selectorLabels }} selector: matchLabels: diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/vpa.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/vpa.yaml new file mode 100644 index 0000000..01c8b9a --- /dev/null +++ b/charts/kube-prometheus-stack/charts/grafana/templates/vpa.yaml @@ -0,0 +1,56 @@ +{{- if and .Values.verticalPodAutoscaler.enabled (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1/VerticalPodAutoscaler") }} + +{{- $vpa := .Values.verticalPodAutoscaler }} +{{- $resources := $vpa.controlledResources | default dict }} +{{- $target := $vpa.target | default dict }} +{{- $container := $vpa.container | default dict }} + +{{- /* Match deployment.yaml condition */ -}} +{{- $isDeployment := and (not .Values.useStatefulSet) (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc")) -}} + +{{- /* Derived defaults */ -}} +{{- $defaultApiVersion := "apps/v1" -}} +{{- $defaultKind := ternary "Deployment" "StatefulSet" $isDeployment -}} +{{- $defaultName := include "grafana.fullname" . -}} + +{{- /* Optional override (ONLY if you document it in values.yaml/schema) */ -}} +{{- $t := $vpa.targetRef | default dict -}} +{{- $apiVersion := default $defaultApiVersion $t.apiVersion -}} +{{- $kind := default $defaultKind $t.kind -}} +{{- $name := default $defaultName $t.name -}} + +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: {{ include "grafana.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +spec: + targetRef: + apiVersion: {{ $apiVersion | quote }} + kind: {{ $kind | quote }} + name: {{ $name | quote }} + updatePolicy: + updateMode: {{ default "Off" $vpa.updateMode | quote }} + resourcePolicy: + containerPolicies: + - containerName: "grafana" +{{- if or (get $resources "cpu") (get $resources "memory") }} + controlledResources: +{{- if (get $resources "cpu") }} + - "cpu" +{{- end }} +{{- if (get $resources "memory") }} + - "memory" +{{- end }} +{{- end }} +{{- with $vpa.minAllowed }} + minAllowed: +{{ toYaml . | nindent 10 }} +{{- end }} +{{- with $vpa.maxAllowed }} + maxAllowed: +{{ toYaml . | nindent 10 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/charts/grafana/values.yaml b/charts/kube-prometheus-stack/charts/grafana/values.yaml similarity index 76% rename from charts/rancher-monitoring/charts/grafana/values.yaml rename to charts/kube-prometheus-stack/charts/grafana/values.yaml index ba5a209..523afc5 100644 --- a/charts/rancher-monitoring/charts/grafana/values.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/values.yaml @@ -1,8 +1,6 @@ global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" + # -- Overrides the Docker registry globally for all images + imageRegistry: null # To help compatibility with other charts which use global.imagePullSecrets. # Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). @@ -36,8 +34,8 @@ rbac: # verbs: [] serviceAccount: create: true - name: - nameTest: + name: "" + nameTest: "" ## ServiceAccount labels. labels: {} ## Service account annotations. Can be templated. @@ -46,7 +44,7 @@ serviceAccount: ## autoMount is deprecated in favor of automountServiceAccountToken # autoMount: false - automountServiceAccountToken: true + automountServiceAccountToken: false replicas: 1 @@ -72,6 +70,7 @@ podDisruptionBudget: {} # apiVersion: "" # minAvailable: 1 # maxUnavailable: 1 +# unhealthyPodEvictionPolicy: IfHealthyBudget ## See `kubectl explain deployment.spec.strategy` for more ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy @@ -81,12 +80,12 @@ deploymentStrategy: readinessProbe: httpGet: path: /api/health - port: 3000 + port: grafana livenessProbe: httpGet: path: /api/health - port: 3000 + port: grafana initialDelaySeconds: 60 timeoutSeconds: 30 failureThreshold: 10 @@ -97,9 +96,12 @@ livenessProbe: # schedulerName: "default-scheduler" image: - repository: rancher/mirrored-grafana-grafana + # -- The Docker registry + registry: docker.io + # -- Docker image repository + repository: grafana/grafana # Overrides the Grafana image tag whose default is the chart appVersion - tag: 11.5.5 + tag: "" sha: "" pullPolicy: IfNotPresent @@ -112,11 +114,18 @@ image: # - myRegistrKeySecretName testFramework: - enabled: false + enabled: true + ## The type of Helm hook used to run this test. Defaults to test. + ## ref: https://helm.sh/docs/topics/charts_hooks/#the-available-hooks + ## + # hookType: test + image: + # -- The Docker registry + registry: docker.io + repository: bats/bats + tag: "1.13.0" imagePullPolicy: IfNotPresent - securityContext: - runAsNonRoot: true - runAsUser: 1000 + securityContext: {} containerSecurityContext: {} resources: {} # limits: @@ -136,6 +145,7 @@ dnsConfig: {} # value: "2" # - name: edns0 +hostUsers: ~ securityContext: runAsNonRoot: true runAsUser: 472 @@ -144,6 +154,7 @@ securityContext: containerSecurityContext: allowPrivilegeEscalation: false + privileged: false capabilities: drop: - ALL @@ -176,8 +187,10 @@ extraLabels: {} # priorityClassName: downloadDashboardsImage: - repository: rancher/mirrored-curlimages-curl - tag: 8.9.1 + # -- The Docker registry + registry: docker.io + repository: curlimages/curl + tag: 8.19.0 sha: "" pullPolicy: IfNotPresent @@ -237,6 +250,9 @@ service: # Adds the appProtocol field to the service. This allows to work with istio protocol selection. Ex: "http" or "tcp" appProtocol: "" sessionAffinity: "" + # trafficDistribution allows specifying how traffic is distributed to Service endpoints. + # Valid values: "" (default - standard load balancing),"PreferSameZone" (K8s 1.34+), "PreferSameNode" (K8s 1.35+), "PreferClose" (deprecated, use PreferSameZone), + trafficDistribution: "" serviceMonitor: ## If true, a ServiceMonitor CR is created for a prometheus operator @@ -256,9 +272,9 @@ serviceMonitor: targetLabels: [] extraExposePorts: [] - # - name: keycloak - # port: 8080 - # targetPort: 8080 + # - name: keycloak + # port: 8080 + # targetPort: 8080 # overrides pod.spec.hostAliases in the grafana deployment's pods hostAliases: [] @@ -268,8 +284,6 @@ hostAliases: [] ingress: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress # ingressClassName: nginx # Values can be templated annotations: {} @@ -277,8 +291,6 @@ ingress: # kubernetes.io/tls-acme: "true" labels: {} path: / - - # pathType is only for k8s >= 1.1= pathType: Prefix hosts: @@ -286,11 +298,6 @@ ingress: ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. extraPaths: [] # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - ## Or for k8s > 1.19 - # - path: /* # pathType: Prefix # backend: # service: @@ -334,12 +341,33 @@ route: type: PathPrefix value: / + ## Timeouts define the timeouts that can be configured for an HTTP request. + ## Ref. https://gateway-api.sigs.k8s.io/api-types/httproute/#timeouts-optional + timeouts: {} + # request: 10s + # backendRequest: 5s + + ## SessionPersistence defines and configures session persistence for the route rule. + ## Ref. https://gateway-api.sigs.k8s.io/geps/gep-1619/ + sessionPersistence: {} + # sessionName: grafana-session + # type: Cookie + # absoluteTimeout: 48h + # cookieConfig: + # lifetimeType: Permanent + ## Filters define the filters that are applied to requests that match this rule. filters: [] ## Additional custom rules that can be added to the route additionalRules: [] + ## httpsRedirect adds a filter for redirecting to https (HTTP 301 Moved Permanently). + ## To redirect HTTP traffic to HTTPS, you need to have a Gateway with both HTTP and HTTPS listeners. + ## Matches and filters do not take effect if enabled. + ## Ref. https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/ + httpsRedirect: false + resources: {} # limits: # cpu: 100m @@ -400,12 +428,14 @@ extraContainerVolumes: [] # emptyDir: {} ## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## persistence: type: pvc enabled: false # storageClassName: default + ## (Optional) Use this to bind the claim to an existing PersistentVolume (PV) by name. + volumeName: "" accessModes: - ReadWriteOnce size: 10Gi @@ -445,8 +475,10 @@ initChownData: ## initChownData container image ## image: - repository: rancher/mirrored-library-busybox - tag: "1.31.1" + # -- The Docker registry + registry: docker.io + repository: library/busybox + tag: "1.37.0" sha: "" pullPolicy: IfNotPresent @@ -461,6 +493,7 @@ initChownData: # cpu: 100m # memory: 128Mi securityContext: + readOnlyRootFilesystem: false runAsNonRoot: false runAsUser: 0 seccompProfile: @@ -468,6 +501,8 @@ initChownData: capabilities: add: - CHOWN + drop: + - ALL # Administrator credentials when not using an existing secret (see below) adminUser: admin @@ -551,7 +586,7 @@ envFromSecrets: [] ## prefix: prefix ## optional: true -## The names of conifgmaps in the same kubernetes namespace which contain values to be added to the environment +## The names of configmaps in the same kubernetes namespace which contain values to be added to the environment ## Each entry should contain a name key, and can optionally specify whether the configmap must be defined with an optional key. ## Name is templated. ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#configmapenvsource-v1-core @@ -588,7 +623,7 @@ extraSecretMounts: [] # # for CSI e.g. Azure Key Vault use the following # - name: secrets-store-inline - # mountPath: /run/secrets + # mountPath: /run/secrets/vault.azure.com # readOnly: true # csi: # driver: secrets-store.csi.k8s.io @@ -637,8 +672,8 @@ plugins: [] # - digrich-bubblechart-panel # - grafana-clock-panel ## You can also use other plugin download URL, as long as they are valid zip files, - ## and specify the name of the plugin after the semicolon. Like this: - # - https://grafana.com/api/plugins/marcusolsson-json-datasource/versions/1.3.2/download;marcusolsson-json-datasource + ## and specify the name of the plugin as prefix, with an version. Like this: + # - marcusolsson-json-datasource@1.3.24@https://grafana.com/api/plugins/marcusolsson-json-datasource/versions/1.3.24/download ## Configure grafana datasources ## ref: http://docs.grafana.org/administration/provisioning/#datasources @@ -792,11 +827,25 @@ dashboardProviders: {} # options: # path: /var/lib/grafana/dashboards/default +## Configure how curl fetches remote dashboards. The beginning dash is required. +## NOTE: This sets the default short flags for all dashboards, but these +## defaults can be overridden individually for each dashboard by setting +## curlOptions. See the example dashboards section below. +## +## -s - silent mode +## -k - allow insecure (eg: non-TLS) connections +## -f - fail fast +## See the curl documentation for additional options +## +defaultCurlOptions: "-skf" + ## Configure grafana dashboard to import ## NOTE: To use dashboards you must also enable/configure dashboardProviders ## ref: https://grafana.com/dashboards ## ## dashboards per provider, use provider name as key. +## For dashboards downloaded via gnetId or url, the optional "title" key overrides +## the dashboard title in the downloaded JSON so the UI displays your custom title. ## dashboards: {} # default: @@ -806,11 +855,13 @@ dashboards: {} # custom-dashboard: # file: dashboards/custom-dashboard.json # prometheus-stats: + # title: My Custom Dashboard Title # optional; overrides the dashboard title in the downloaded JSON # gnetId: 2 # revision: 2 # datasource: Prometheus # local-dashboard: # url: https://example.com/repository/test.json + # curlOptions: "-sLf" # token: '' # local-dashboard-base64: # url: https://example.com/repository/test-b64.json @@ -852,32 +903,36 @@ grafana.ini: check_for_updates: true log: mode: console - grafana_net: - url: https://grafana.net server: - domain: "{{ if (and .Values.ingress.enabled .Values.ingress.hosts) }}{{ tpl (.Values.ingress.hosts | first) . }}{{ else }}''{{ end }}" + domain: "{{ if (and .Values.ingress.enabled .Values.ingress.hosts) }}{{ tpl (.Values.ingress.hosts | first) . }}{{ else if (and .Values.route.main.enabled .Values.route.main.hostnames) }}{{ tpl (.Values.route.main.hostnames | first) . }}{{ else }}''{{ end }}" + unified_storage: + index_path: /var/lib/grafana-search/bleve ## grafana Authentication can be enabled with the following values on grafana.ini - # server: - # The full public facing url you use in browser, used for redirects and emails - # root_url: - # https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana - # auth.github: - # enabled: false - # allow_sign_up: false - # scopes: user:email,read:org - # auth_url: https://github.com/login/oauth/authorize - # token_url: https://github.com/login/oauth/access_token - # api_url: https://api.github.com/user - # team_ids: - # allowed_organizations: - # client_id: - # client_secret: + # server: + # The full public facing url you use in browser, used for redirects and emails + # root_url: + # https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana + # auth.github: + # enabled: false + # allow_sign_up: false + # scopes: user:email,read:org + # auth_url: https://github.com/login/oauth/authorize + # token_url: https://github.com/login/oauth/access_token + # api_url: https://api.github.com/user + # team_ids: + # allowed_organizations: + # client_id: + # client_secret: ## LDAP Authentication can be enabled with the following values on grafana.ini ## NOTE: Grafana will fail to start if the value for ldap.toml is invalid # auth.ldap: # enabled: true # allow_sign_up: true # config_file: /etc/grafana/ldap.toml +## Grafana's alerting configuration + # unified_alerting: + # enabled: true + # rule_version_record_limit: "5" ## Grafana's LDAP configuration ## Templated by the template in _helpers.tpl @@ -921,8 +976,10 @@ smtp: ## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards sidecar: image: - repository: rancher/mirrored-kiwigrid-k8s-sidecar - tag: 1.30.0 + # -- The Docker registry + registry: quay.io + repository: kiwigrid/k8s-sidecar + tag: 2.6.0 sha: "" imagePullPolicy: IfNotPresent resources: {} @@ -950,11 +1007,24 @@ sidecar: enabled: false # Additional environment variables for the alerts sidecar env: {} + ## "valueFrom" environment variable references that will be added to deployment pods. Name is templated. + ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core + ## Renders in container spec as: + ## env: + ## ... + ## - name: + ## valueFrom: + ## + envValueFrom: {} + # ENV_NAME: + # configMapKeyRef: + # name: configmap-name + # key: value_key # Do not reprocess already processed unchanged resources on k8s API reconnect. # ignoreAlreadyProcessed: true - # label that the configmaps with alert are marked with + # label that the configmaps with alert are marked with (can be templated) label: grafana_alert - # value of label that the configmaps with alert are set to + # value of label that the configmaps with alert are set to (can be templated) labelValue: "" # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. # logLevel: INFO @@ -966,6 +1036,13 @@ sidecar: watchMethod: WATCH # search in configmap, secret or both resource: both + # + # resourceName: comma separated list of resource names to be fetched/checked by this sidecar. + # per default all resources of the type defined in {{ .Values.sidecar.alerts.resource }} will be checked. + # This e.g. allows stricter RBAC rules which are limited to the resources meant for the sidecars. + # resourceName: "secret/alerts-1,configmap/alerts-0" + resourceName: "" + # # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S # watchServerTimeout: 3600 @@ -995,16 +1072,28 @@ sidecar: # # Endpoint to send request to reload alerts reloadURL: "http://localhost:3000/api/admin/provisioning/alerting/reload" - # Absolute path to shell script to execute after a alert got reloaded + # Absolute path to a script to execute after a configmap got reloaded. + # It runs before calls to REQ_URI. If the file is not executable it will be passed to sh. + # Otherwise, it's executed as is. Shebangs known to work are #!/bin/sh and #!/usr/bin/env python script: null - skipReload: true + skipReload: false # This is needed if skipReload is true, to load any alerts defined at startup time. # Deploy the alert sidecar as an initContainer. initAlerts: false + # Use native sidecar https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/ + # restartPolicy: Always + # # only applies to native sidecars + # startupProbe: + # httpGet: + # path: /healthz + # port: 8080 + # initialDelaySeconds: 5 + # periodSeconds: 5 + # failureThreshold: 60 # 5 minutes # Additional alerts sidecar volume mounts extraMounts: [] # Sets the size limit of the alert sidecar emptyDir volume - sizeLimit: {} + sizeLimit: "" dashboards: enabled: false # Additional environment variables for the dashboards sidecar @@ -1025,9 +1114,9 @@ sidecar: # Do not reprocess already processed unchanged resources on k8s API reconnect. # ignoreAlreadyProcessed: true SCProvider: true - # label that the configmaps with dashboards are marked with + # label that the configmaps with dashboards are marked with (can be templated) label: grafana_dashboard - # value of label that the configmaps with dashboards are set to + # value of label that the configmaps with dashboards are set to (can be templated) labelValue: "" # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. # logLevel: INFO @@ -1047,6 +1136,12 @@ sidecar: # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. folderAnnotation: null # + # resourceName: comma separated list of resource names to be fetched/checked by this sidecar. + # per default all resources of the type defined in {{ .Values.sidecar.dashboards.resource }} will be checked. + # This e.g. allows stricter RBAC rules which are limited to the resources meant for the sidecars. + # resourceName: "secret/dashboards-0,configmap/dashboards-1" + resourceName: "" + # # maxTotalRetries: Total number of retries to allow for any http request. # Takes precedence over other counts. Applies to all requests to reloadURL and k8s api requests. # Set to 0 to fail on the first retry. @@ -1066,9 +1161,24 @@ sidecar: # # Endpoint to send request to reload alerts reloadURL: "http://localhost:3000/api/admin/provisioning/dashboards/reload" - # Absolute path to shell script to execute after a configmap got reloaded + # Absolute path to a script to execute after a configmap got reloaded. + # It runs before calls to REQ_URI. If the file is not executable it will be passed to sh. + # Otherwise, it's executed as is. Shebangs known to work are #!/bin/sh and #!/usr/bin/env python script: null skipReload: false + # This is needed if skipReload is true, to load any dashboards defined at startup time. + # Deploy the dashboard sidecar as an initContainer. + initDashboards: false + # Use native sidecar https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/ + # restartPolicy: Always + # # only applies to native sidecars + # startupProbe: + # httpGet: + # path: /healthz + # port: 8083 + # initialDelaySeconds: 5 + # periodSeconds: 5 + # failureThreshold: 60 # 5 minutes # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S # watchServerTimeout: 3600 @@ -1100,7 +1210,7 @@ sidecar: # Additional dashboards sidecar volume mounts extraMounts: [] # Sets the size limit of the dashboard sidecar emptyDir volume - sizeLimit: {} + sizeLimit: "" datasources: enabled: false # Additional environment variables for the datasourcessidecar @@ -1120,9 +1230,9 @@ sidecar: # key: value_key # Do not reprocess already processed unchanged resources on k8s API reconnect. # ignoreAlreadyProcessed: true - # label that the configmaps with datasources are marked with + # label that the configmaps with datasources are marked with (can be templated) label: grafana_datasource - # value of label that the configmaps with datasources are set to + # value of label that the configmaps with datasources are set to (can be templated) labelValue: "" # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. # logLevel: INFO @@ -1134,6 +1244,13 @@ sidecar: watchMethod: WATCH # search in configmap, secret or both resource: both + # + # resourceName: comma separated list of resource names to be fetched/checked by this sidecar. + # per default all resources of the type defined in {{ .Values.sidecar.datasources.resource }} will be checked. + # This e.g. allows stricter RBAC rules which are limited to the resources meant for the sidecars. + # resourceName: "secret/datasources-0,configmap/datasources-15" + resourceName: "" + # # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S # watchServerTimeout: 3600 @@ -1163,25 +1280,37 @@ sidecar: # # Endpoint to send request to reload datasources reloadURL: "http://localhost:3000/api/admin/provisioning/datasources/reload" - # Absolute path to shell script to execute after a datasource got reloaded + # Absolute path to a script to execute after a configmap got reloaded. + # It runs before calls to REQ_URI. If the file is not executable it will be passed to sh. + # Otherwise, it's executed as is. Shebangs known to work are #!/bin/sh and #!/usr/bin/env python script: null skipReload: false # This is needed if skipReload is true, to load any datasources defined at startup time. # Deploy the datasources sidecar as an initContainer. - initDatasources: true + initDatasources: false + # Use native sidecar https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/ + # restartPolicy: Always + # # only applies to native sidecars + # startupProbe: + # httpGet: + # path: /healthz + # port: 8081 + # initialDelaySeconds: 5 + # periodSeconds: 5 + # failureThreshold: 60 # 5 minutes # Additional datasources sidecar volume mounts extraMounts: [] # Sets the size limit of the datasource sidecar emptyDir volume - sizeLimit: {} + sizeLimit: "" plugins: enabled: false # Additional environment variables for the plugins sidecar env: {} # Do not reprocess already processed unchanged resources on k8s API reconnect. # ignoreAlreadyProcessed: true - # label that the configmaps with plugins are marked with + # label that the configmaps with plugins are marked with (can be templated) label: grafana_plugin - # value of label that the configmaps with plugins are set to + # value of label that the configmaps with plugins are set to (can be templated) labelValue: "" # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. # logLevel: INFO @@ -1193,6 +1322,13 @@ sidecar: watchMethod: WATCH # search in configmap, secret or both resource: both + # + # resourceName: comma separated list of resource names to be fetched/checked by this sidecar. + # per default all resources of the type defined in {{ .Values.sidecar.plugins.resource }} will be checked. + # This e.g. allows stricter RBAC rules which are limited to the resources meant for the sidecars. + # resourceName: "secret/plugins-0,configmap/plugins-1" + resourceName: "" + # # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S # watchServerTimeout: 3600 @@ -1222,7 +1358,9 @@ sidecar: # # Endpoint to send request to reload plugins reloadURL: "http://localhost:3000/api/admin/provisioning/plugins/reload" - # Absolute path to shell script to execute after a plugin got reloaded + # Absolute path to a script to execute after a configmap got reloaded. + # It runs before calls to REQ_URI. If the file is not executable it will be passed to sh. + # Otherwise, it's executed as is. Shebangs known to work are #!/bin/sh and #!/usr/bin/env python script: null skipReload: false # Deploy the datasource sidecar as an initContainer in addition to a container. @@ -1231,16 +1369,16 @@ sidecar: # Additional plugins sidecar volume mounts extraMounts: [] # Sets the size limit of the plugin sidecar emptyDir volume - sizeLimit: {} + sizeLimit: "" notifiers: enabled: false # Additional environment variables for the notifierssidecar env: {} # Do not reprocess already processed unchanged resources on k8s API reconnect. # ignoreAlreadyProcessed: true - # label that the configmaps with notifiers are marked with + # label that the configmaps with notifiers are marked with (can be templated) label: grafana_notifier - # value of label that the configmaps with notifiers are set to + # value of label that the configmaps with notifiers are set to (can be templated) labelValue: "" # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. # logLevel: INFO @@ -1252,6 +1390,13 @@ sidecar: watchMethod: WATCH # search in configmap, secret or both resource: both + # + # resourceName: comma separated list of resource names to be fetched/checked by this sidecar. + # per default all resources of the type defined in {{ .Values.sidecar.notifiers.resource }} will be checked. + # This e.g. allows stricter RBAC rules which are limited to the resources meant for the sidecars. + # resourceName: "secret/notifiers-2,configmap/notifiers-1" + resourceName: "" + # # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S # watchServerTimeout: 3600 @@ -1281,16 +1426,28 @@ sidecar: # # Endpoint to send request to reload notifiers reloadURL: "http://localhost:3000/api/admin/provisioning/notifications/reload" - # Absolute path to shell script to execute after a notifier got reloaded + # Absolute path to a script to execute after a configmap got reloaded. + # It runs before calls to REQ_URI. If the file is not executable it will be passed to sh. + # Otherwise, it's executed as is. Shebangs known to work are #!/bin/sh and #!/usr/bin/env python script: null skipReload: false # Deploy the notifier sidecar as an initContainer in addition to a container. # This is needed if skipReload is true, to load any notifiers defined at startup time. initNotifiers: false + # Use native sidecar https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/ + # restartPolicy: Always + # # only applies to native sidecars + # startupProbe: + # httpGet: + # path: /healthz + # port: 8082 + # initialDelaySeconds: 5 + # periodSeconds: 5 + # failureThreshold: 60 # 5 minutes # Additional notifiers sidecar volume mounts extraMounts: [] # Sets the size limit of the notifier sidecar emptyDir volume - sizeLimit: {} + sizeLimit: "" ## Override the deployment namespace ## @@ -1300,7 +1457,7 @@ namespaceOverride: "" ## revisionHistoryLimit: 10 -## Add a seperate remote image renderer deployment/service +## Add a separate remote image renderer deployment/service imageRenderer: deploymentStrategy: {} # Enable the image-renderer deployment & service @@ -1318,12 +1475,16 @@ imageRenderer: # The callback url of grafana instances if it is not in the same namespace with the remote image renderer renderingCallbackURL: "" image: + # -- The Docker registry + registry: docker.io # image-renderer Image repository - repository: rancher/mirrored-grafana-grafana-image-renderer + repository: grafana/grafana-image-renderer # image-renderer Image tag - tag: 3.10.5 + tag: latest # image-renderer Image sha (optional) sha: "" + # image-renderer Image pull secrets (optional) + pullSecrets: [] # image-renderer ImagePullPolicy pullPolicy: Always # extra environment variables @@ -1353,6 +1514,8 @@ imageRenderer: # image-renderer deployment serviceAccount serviceAccountName: "" automountServiceAccountToken: false + # image-renderer deployment hostUsers + hostUsers: ~ # image-renderer deployment securityContext securityContext: {} # image-renderer deployment container securityContext @@ -1369,6 +1532,8 @@ imageRenderer: hostAliases: [] # image-renderer deployment priority class priorityClassName: '' + # Path to the healthcheck endpoint. On Image Renderer v5.0.0 or newer, this is '/healthz'. Older versions use '/'. + healthcheckPath: '/healthz' service: # Enable the image-renderer service enabled: true @@ -1451,69 +1616,73 @@ imageRenderer: extraVolumes: [] networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## + # -- networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. enabled: false - ## @param networkPolicy.allowExternal Don't require client label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to grafana port defined. - ## When true, grafana will accept connections from any source - ## (with the correct destination port). - ## + # --networkPolicy.allowExternal Don't require client label for connections + # The Policy model to apply. When set to false, only pods with the correct + # client label will have network access to grafana port defined. + # When true, grafana will accept connections from any source + # (with the correct destination port). + # ingress: true - ## @param networkPolicy.ingress When true enables the creation - ## an ingress network policy - ## + # -- networkPolicy.ingress When true enables the creation + # an ingress network policy allowExternal: true - ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed - ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the grafana. - ## But sometimes, we want the grafana to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - ## + # -- networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed + # If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + # and that match other criteria, the ones that have the good label, can reach the grafana. + # But sometimes, we want the grafana to be accessible to clients from other namespaces, in this case, we can use this + # LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + #
+ # + # Example: + # + # ``` + # explicitNamespacesSelector: + # matchLabels: + # role: frontend + # matchExpressions: + # - {key: role, operator: In, values: [frontend]} + # ``` explicitNamespacesSelector: {} - ## - ## - ## - ## - ## - ## + # -- networkPolicy.explicitIpBlocks List of CIDR blocks allowed as ingress sources. + # Each entry must be a valid CIDR notation string (e.g. 10.0.0.0/8). + # When defined, the specified CIDR ranges are added to the ingress `from` rules + # using `ipBlock` entries and complement the other configured ingress sources. + #
+ # + # Example: + # + # ``` + # explicitIpBlocks: + # - 35.191.0.0/16 + # - 130.211.0.0/22 + # ``` + # + explicitIpBlocks: [] + egress: - ## @param networkPolicy.egress.enabled When enabled, an egress network policy will be - ## created allowing grafana to connect to external data sources from kubernetes cluster. + # -- networkPolicy.egress.enabled When enabled, an egress network policy will be + # created allowing grafana to connect to external data sources from kubernetes cluster. enabled: false - ## - ## @param networkPolicy.egress.blockDNSResolution When enabled, DNS resolution will be blocked - ## for all pods in the grafana namespace. + # -- networkPolicy.egress.blockDNSResolution When enabled, DNS resolution will be blocked + # for all pods in the grafana namespace. blockDNSResolution: false - ## - ## @param networkPolicy.egress.ports Add individual ports to be allowed by the egress + # -- networkPolicy.egress.ports Add individual ports to be allowed by the egress ports: [] - ## Add ports to the egress by specifying - port: - ## E.X. - ## - port: 80 - ## - port: 443 - ## - ## @param networkPolicy.egress.to Allow egress traffic to specific destinations + # Add ports to the egress by specifying - port: + # E.X. + # - port: 80 + # - port: 443 + # + # -- networkPolicy.egress.to Allow egress traffic to specific destinations to: [] - ## Add destinations to the egress by specifying - ipBlock: - ## E.X. - ## to: - ## - namespaceSelector: - ## matchExpressions: - ## - {key: role, operator: In, values: [grafana]} - ## - ## - ## - ## - ## + # -- destinations to the egress by specifying - ipBlock: + # E.X. + # to: + # - namespaceSelector: + # matchExpressions: + # - {key: role, operator: In, values: [grafana]} # Enable backward compatibility of kubernetes where version below 1.13 doesn't have the enableServiceLinks option enableKubeBackwardCompatibility: false @@ -1554,3 +1723,25 @@ extraObjects: [] # Alternatively, if you wish to allow secret values to be exposed in the rendered grafana.ini configmap, # you can disable this check by setting assertNoLeakedSecrets to false. assertNoLeakedSecrets: true + +# updateMode options are: +# Off: n the Off update mode, the VPA recommender still analyzes resource usage and generates recommendations, but these recommendations are not automatically applied to Pods. The recommendations are only stored in the VPA object's .status field. +# Initial: In Initial mode, VPA only sets resource requests when Pods are first created. It does not update resources for already running Pods, even if recommendations change over time. The recommendations apply only during Pod creation. +# Recreate: In Recreate mode, VPA actively manages Pod resources by evicting Pods when their current resource requests differ significantly from recommendations. When a Pod is evicted, the workload controller (managing a Deployment, StatefulSet, etc) creates a replacement Pod, and the VPA admission controller applies the updated resource requests to the new Pod. +# InPlaceOrRecreate: In Recreate mode, VPA actively manages Pod resources by evicting Pods when their current resource requests differ significantly from recommendations. When a Pod is evicted, the workload controller (managing a Deployment, StatefulSet, etc) creates a replacement Pod, and the VPA admission controller applies the updated resource requests to the new Pod. +# Auto (deprecated): The Auto update mode is deprecated since VPA version 1.4.0. Use Recreate for eviction-based updates, or InPlaceOrRecreate for in-place updates with eviction fallback. +verticalPodAutoscaler: + enabled: false + updateMode: "Off" + controlledResources: + cpu: true + memory: true + + # Default safety bounds + minAllowed: + cpu: "25m" + memory: "128Mi" + + maxAllowed: + cpu: "1000m" + memory: "1Gi" diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/.helmignore b/charts/kube-prometheus-stack/charts/kube-state-metrics/.helmignore similarity index 100% rename from charts/rancher-monitoring/charts/kube-state-metrics/.helmignore rename to charts/kube-prometheus-stack/charts/kube-state-metrics/.helmignore diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/Chart.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml similarity index 95% rename from charts/rancher-monitoring/charts/kube-state-metrics/Chart.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml index cb98805..b8dc96a 100644 --- a/charts/rancher-monitoring/charts/kube-state-metrics/Chart.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml @@ -4,7 +4,7 @@ annotations: - name: Chart Source url: https://github.com/prometheus-community/helm-charts apiVersion: v2 -appVersion: 2.15.0 +appVersion: 2.18.0 description: Install kube-state-metrics to generate and expose cluster-level metrics home: https://github.com/kubernetes/kube-state-metrics/ keywords: @@ -26,4 +26,4 @@ name: kube-state-metrics sources: - https://github.com/kubernetes/kube-state-metrics/ type: application -version: 5.30.1 +version: 7.2.2 diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/README.md b/charts/kube-prometheus-stack/charts/kube-state-metrics/README.md similarity index 60% rename from charts/rancher-monitoring/charts/kube-state-metrics/README.md rename to charts/kube-prometheus-stack/charts/kube-state-metrics/README.md index 843be89..9348d4c 100644 --- a/charts/rancher-monitoring/charts/kube-state-metrics/README.md +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/README.md @@ -2,27 +2,26 @@ Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). -## Get Repository Info - -```console -helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -helm repo update -``` +## Usage -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - +The chart is distributed as an [OCI Artifact](https://helm.sh/docs/topics/registries/) as well as via a traditional [Helm Repository](https://helm.sh/docs/topics/chart_repository/). -## Install Chart +- OCI Artifact: `oci://ghcr.io/prometheus-community/charts/kube-state-metrics` +- Helm Repository: `https://prometheus-community.github.io/helm-charts` with chart `kube-state-metrics` + +The installation instructions use the OCI registry. Refer to the [`helm repo`]([`helm repo`](https://helm.sh/docs/helm/helm_repo/)) command documentation for information on installing charts via the traditional repository. + +### Install Chart ```console -helm install [RELEASE_NAME] prometheus-community/kube-state-metrics [flags] +helm install [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/kube-state-metrics [flags] ``` _See [configuration](#configuration) below._ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ -## Uninstall Chart +### Uninstall Chart ```console helm uninstall [RELEASE_NAME] @@ -32,37 +31,40 @@ This removes all the Kubernetes components associated with the chart and deletes _See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ -## Upgrading Chart +### Upgrading Chart ```console -helm upgrade [RELEASE_NAME] prometheus-community/kube-state-metrics [flags] +helm upgrade [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/kube-state-metrics [flags] ``` _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ -### Migrating from stable/kube-state-metrics and kubernetes/kube-state-metrics +#### Migrating from stable/kube-state-metrics and kubernetes/kube-state-metrics You can upgrade in-place: -1. [get repository info](#get-repository-info) 1. [upgrade](#upgrading-chart) your existing release name using the new chart repository +## Upgrading to v6.0.0 + +This version drops support for deprecated Pod Security Policy resources. + ## Upgrading to v3.0.0 v3.0.0 includes kube-state-metrics v2.0, see the [changelog](https://github.com/kubernetes/kube-state-metrics/blob/release-2.0/CHANGELOG.md) for major changes on the application-side. The upgraded chart now the following changes: -* Dropped support for helm v2 (helm v3 or later is required) -* collectors key was renamed to resources -* namespace key was renamed to namespaces +- Dropped support for helm v2 (helm v3 or later is required) +- collectors key was renamed to resources +- namespace key was renamed to namespaces ## Configuration See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: ```console -helm show values prometheus-community/kube-state-metrics +helm show values oci://ghcr.io/prometheus-community/charts/kube-state-metrics ``` ### kube-rbac-proxy diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/NOTES.txt b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/NOTES.txt similarity index 100% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/NOTES.txt rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/NOTES.txt diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/_helpers.tpl b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/_helpers.tpl similarity index 82% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/_helpers.tpl rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/_helpers.tpl index 334bafc..c8cfa56 100644 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/_helpers.tpl +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/_helpers.tpl @@ -1,32 +1,3 @@ -# Rancher -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. @@ -133,6 +104,25 @@ labelValueLengthLimit: {{ . }} {{- end }} {{- end -}} +{{/* Sets default scrape limits for scrapeconfig */}} +{{- define "scrapeconfig.scrapeLimits" -}} +{{- with .sampleLimit }} +sampleLimit: {{ . }} +{{- end }} +{{- with .targetLimit }} +targetLimit: {{ . }} +{{- end }} +{{- with .labelLimit }} +labelLimit: {{ . }} +{{- end }} +{{- with .labelNameLengthLimit }} +labelNameLengthLimit: {{ . }} +{{- end }} +{{- with .labelValueLengthLimit }} +labelValueLengthLimit: {{ . }} +{{- end }} +{{- end -}} + {{/* Formats imagePullSecrets. Input is (dict "Values" .Values "imagePullSecrets" .{specific imagePullSecrets}) */}} @@ -150,19 +140,14 @@ Formats imagePullSecrets. Input is (dict "Values" .Values "imagePullSecrets" .{s The image to use for kube-state-metrics */}} {{- define "kube-state-metrics.image" -}} -{{- $temp_registry := (include "system_default_registry" .) }} {{- if .Values.image.sha }} -{{- if $temp_registry }} -{{- printf "%s%s:%s@%s" $temp_registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }} -{{- else if .Values.global.imageRegistry }} +{{- if .Values.global.imageRegistry }} {{- printf "%s/%s:%s@%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }} {{- else }} {{- printf "%s/%s:%s@%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }} {{- end }} {{- else }} -{{- if $temp_registry }} -{{- printf "%s%s:%s" $temp_registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} -{{- else if .Values.global.imageRegistry }} +{{- if .Values.global.imageRegistry }} {{- printf "%s/%s:%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} {{- else }} {{- printf "%s/%s:%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} @@ -188,3 +173,14 @@ The image to use for kubeRBACProxy {{- end }} {{- end }} {{- end }} + +{{/* +The name of the ConfigMap for the customResourceState config. +*/}} +{{- define "kube-state-metrics.crsConfigMapName" -}} + {{- if ne .Values.customResourceState.name "" }} + {{- .Values.customResourceState.name }} + {{- else }} + {{- template "kube-state-metrics.fullname" . }}-customresourcestate-config + {{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml similarity index 100% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/clusterrolebinding.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/clusterrolebinding.yaml similarity index 100% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/clusterrolebinding.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/clusterrolebinding.yaml diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/crs-configmap.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/crs-configmap.yaml similarity index 65% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/crs-configmap.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/crs-configmap.yaml index d38a75a..e64c4a7 100644 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/crs-configmap.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/crs-configmap.yaml @@ -1,8 +1,8 @@ -{{- if .Values.customResourceState.enabled}} +{{- if and .Values.customResourceState.enabled .Values.customResourceState.create }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "kube-state-metrics.fullname" . }}-customresourcestate-config + name: {{ template "kube-state-metrics.crsConfigMapName" . }} namespace: {{ template "kube-state-metrics.namespace" . }} labels: {{- include "kube-state-metrics.labels" . | indent 4 }} @@ -11,6 +11,6 @@ metadata: {{ toYaml .Values.annotations | nindent 4 }} {{- end }} data: - config.yaml: | + {{ .Values.customResourceState.key }}: | {{- toYaml .Values.customResourceState.config | nindent 4 }} {{- end }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/deployment.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml similarity index 91% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/deployment.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml index 672310a..d7679f3 100644 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/deployment.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml @@ -9,9 +9,12 @@ metadata: namespace: {{ template "kube-state-metrics.namespace" . }} labels: {{- include "kube-state-metrics.labels" . | indent 4 }} - {{- if .Values.annotations }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.annotations }} annotations: -{{ toYaml .Values.annotations | indent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} spec: selector: @@ -52,8 +55,12 @@ spec: initContainers: {{- toYaml . | nindent 6 }} {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: {{ toYaml .Values.dnsConfig | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy }} containers: - {{- $servicePort := ternary 9090 (.Values.service.port | default 8080) .Values.kubeRBACProxy.enabled}} + {{- $servicePort := ternary .Values.kubeRBACProxy.port (.Values.service.port | default 8080) .Values.kubeRBACProxy.enabled}} {{- $telemetryPort := ternary 9091 (.Values.selfMonitor.telemetryPort | default 8081) .Values.kubeRBACProxy.enabled}} - name: {{ template "kube-state-metrics.name" . }} {{- if .Values.autosharding.enabled }} @@ -132,7 +139,7 @@ spec: {{- end }} {{- end }} {{- if .Values.customResourceState.enabled }} - - --custom-resource-state-config-file=/etc/customresourcestate/config.yaml + - --custom-resource-state-config-file=/etc/customresourcestate/{{ .Values.customResourceState.key }} {{- end }} {{- if or (.Values.kubeconfig.enabled) (.Values.customResourceState.enabled) (.Values.volumeMounts) }} volumeMounts: @@ -155,11 +162,9 @@ spec: {{- if eq .Values.kubeRBACProxy.enabled false }} ports: - containerPort: {{ .Values.service.port | default 8080}} - name: "http" - {{- if .Values.selfMonitor.enabled }} + name: http - containerPort: {{ $telemetryPort }} - name: "metrics" - {{- end }} + name: metrics {{- end }} {{- if .Values.startupProbe.enabled }} startupProbe: @@ -174,11 +179,10 @@ spec: value: {{ $header.value }} {{- end }} path: /healthz + port: http {{- if .Values.kubeRBACProxy.enabled }} - port: {{ .Values.service.port | default 8080 }} scheme: HTTPS {{- else }} - port: {{ $servicePort }} scheme: {{ upper .Values.startupProbe.httpGet.scheme }} {{- end }} initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} @@ -198,11 +202,10 @@ spec: value: {{ $header.value }} {{- end }} path: /livez + port: http {{- if .Values.kubeRBACProxy.enabled }} - port: {{ .Values.service.port | default 8080 }} scheme: HTTPS {{- else }} - port: {{ $servicePort }} scheme: {{ upper .Values.livenessProbe.httpGet.scheme }} {{- end }} initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} @@ -221,11 +224,10 @@ spec: value: {{ $header.value }} {{- end }} path: /readyz + port: metrics {{- if .Values.kubeRBACProxy.enabled }} - port: {{ .Values.selfMonitor.telemetryPort | default 8081 }} scheme: HTTPS {{- else }} - port: {{ $telemetryPort }} scheme: {{ upper .Values.readinessProbe.httpGet.scheme }} {{- end }} initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} @@ -244,9 +246,12 @@ spec: {{- if .Values.kubeRBACProxy.extraArgs }} {{- .Values.kubeRBACProxy.extraArgs | toYaml | nindent 8 }} {{- end }} + {{- if .Values.kubeRBACProxy.ignoreProbePaths }} + - --ignore-paths=/livez,/readyz + {{- end }} - --secure-listen-address=:{{ .Values.service.port | default 8080}} - --upstream=http://127.0.0.1:{{ $servicePort }}/ - - --proxy-endpoints-port=8888 + - --proxy-endpoints-port={{ .Values.kubeRBACProxy.proxyEndpointsPort | default 8888 }} - --config-file=/etc/kube-rbac-proxy-config/config-file.yaml volumeMounts: - name: kube-rbac-proxy-config @@ -258,14 +263,14 @@ spec: image: {{ include "kubeRBACProxy.image" . }} ports: - containerPort: {{ .Values.service.port | default 8080}} - name: "http" - - containerPort: 8888 - name: "http-healthz" + name: http + - containerPort: {{ .Values.kubeRBACProxy.proxyEndpointsPort | default 8888 }} + name: http-healthz readinessProbe: httpGet: scheme: HTTPS - port: 8888 - path: healthz + port: http-healthz + path: /healthz initialDelaySeconds: 5 timeoutSeconds: 5 {{- if .Values.kubeRBACProxy.resources }} @@ -282,6 +287,9 @@ spec: {{- if .Values.kubeRBACProxy.extraArgs }} {{- .Values.kubeRBACProxy.extraArgs | toYaml | nindent 8 }} {{- end }} + {{- if .Values.kubeRBACProxy.ignoreProbePaths }} + - --ignore-paths=/livez,/readyz + {{- end }} - --secure-listen-address=:{{ .Values.selfMonitor.telemetryPort | default 8081 }} - --upstream=http://127.0.0.1:{{ $telemetryPort }}/ - --proxy-endpoints-port=8889 @@ -296,13 +304,13 @@ spec: image: {{ include "kubeRBACProxy.image" . }} ports: - containerPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }} - name: "metrics" + name: metrics - containerPort: 8889 - name: "metrics-healthz" + name: metrics-healthz readinessProbe: httpGet: scheme: HTTPS - port: 8889 + port: metrics-healthz path: healthz initialDelaySeconds: 5 timeoutSeconds: 5 @@ -331,12 +339,12 @@ spec: {{- tpl .Values.affinity $ | nindent 8 }} {{- end }} {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} {{- with .Values.nodeSelector }} + nodeSelector: {{ tpl (toYaml .) $ | indent 8 }} {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} {{- with .Values.tolerations }} + tolerations: {{ tpl (toYaml .) $ | indent 8 }} {{- end }} {{- if .Values.topologySpreadConstraints }} @@ -358,7 +366,7 @@ spec: {{- if .Values.customResourceState.enabled}} - name: customresourcestate-config configMap: - name: {{ template "kube-state-metrics.fullname" . }}-customresourcestate-config + name: {{ template "kube-state-metrics.crsConfigMapName" . }} {{- end }} {{- if .Values.volumes }} {{ toYaml .Values.volumes | indent 8 }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/extra-manifests.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/extra-manifests.yaml similarity index 100% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/extra-manifests.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/extra-manifests.yaml diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/kubeconfig-secret.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/kubeconfig-secret.yaml similarity index 100% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/kubeconfig-secret.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/kubeconfig-secret.yaml diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/networkpolicy.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/networkpolicy.yaml similarity index 96% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/networkpolicy.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/networkpolicy.yaml index 309b38e..abe292a 100644 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/networkpolicy.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/networkpolicy.yaml @@ -22,7 +22,7 @@ spec: {{- else }} ## Allow ingress on default ports by default - ports: - - port: {{ .Values.service.port | default 8080 }} + - port: http protocol: TCP {{- if .Values.selfMonitor.enabled }} {{- $telemetryPort := ternary 9091 (.Values.selfMonitor.telemetryPort | default 8081) .Values.kubeRBACProxy.enabled}} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/pdb.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/pdb.yaml similarity index 78% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/pdb.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/pdb.yaml index 3771b51..2d1e64b 100644 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/pdb.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/pdb.yaml @@ -1,9 +1,5 @@ {{- if .Values.podDisruptionBudget -}} -{{ if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}} apiVersion: policy/v1 -{{- else -}} -apiVersion: policy/v1beta1 -{{- end }} kind: PodDisruptionBudget metadata: name: {{ template "kube-state-metrics.fullname" . }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/rbac-configmap.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/rbac-configmap.yaml similarity index 100% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/rbac-configmap.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/rbac-configmap.yaml diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/role.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/role.yaml similarity index 94% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/role.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/role.yaml index b2ef005..4b6537b 100644 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/role.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/role.yaml @@ -1,6 +1,3 @@ -{{- if not (kindIs "slice" .Values.collectors) }} -{{- fail "Collectors need to be a List since kube-state-metrics chart 3.2.2. Please check README for more information."}} -{{- end }} {{- if and (eq .Values.rbac.create true) (not .Values.rbac.useExistingRole) -}} {{- range (ternary (join "," .Values.namespaces | split "," ) (list "") (eq $.Values.rbac.useClusterRole false)) }} --- @@ -37,13 +34,13 @@ rules: verbs: ["list", "watch"] {{ end -}} {{ if has "daemonsets" $.Values.collectors }} -- apiGroups: ["extensions", "apps"] +- apiGroups: ["apps"] resources: - daemonsets verbs: ["list", "watch"] {{ end -}} {{ if has "deployments" $.Values.collectors }} -- apiGroups: ["extensions", "apps"] +- apiGroups: ["apps"] resources: - deployments verbs: ["list", "watch"] @@ -67,7 +64,7 @@ rules: verbs: ["list", "watch"] {{ end -}} {{ if has "ingresses" $.Values.collectors }} -- apiGroups: ["extensions", "networking.k8s.io"] +- apiGroups: ["networking.k8s.io"] resources: - ingresses verbs: ["list", "watch"] @@ -163,7 +160,7 @@ rules: verbs: ["list", "watch"] {{ end -}} {{ if has "replicasets" $.Values.collectors }} -- apiGroups: ["extensions", "apps"] +- apiGroups: ["apps"] resources: - replicasets verbs: ["list", "watch"] diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/rolebinding.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/rolebinding.yaml similarity index 100% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/rolebinding.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/rolebinding.yaml diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/scrapeconfig.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/scrapeconfig.yaml new file mode 100644 index 0000000..028f3d1 --- /dev/null +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/scrapeconfig.yaml @@ -0,0 +1,60 @@ +{{- if .Values.prometheus.scrapeconfig.enabled }} +apiVersion: monitoring.coreos.com/v1alpha1 +kind: ScrapeConfig +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} + {{- with .Values.prometheus.scrapeconfig.additionalLabels }} + {{- tpl (toYaml . | nindent 4) $ }} + {{- end }} + {{- with .Values.prometheus.scrapeconfig.annotations }} + annotations: + {{- tpl (toYaml . | nindent 4) $ }} + {{- end }} +spec: + {{- include "scrapeconfig.scrapeLimits" .Values.prometheus.scrapeconfig | indent 2 }} + staticConfigs: + - targets: + - {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc:{{ .Values.service.port }} + {{- if .Values.prometheus.scrapeconfig.staticConfigLabels}} + labels: + {{- with .Values.prometheus.scrapeconfig.staticConfigLabels }} + {{- tpl (toYaml . | nindent 8) $ }} + {{- end }} + {{- end }} +{{- if .Values.prometheus.scrapeconfig.jobName }} + jobName: {{ .Values.prometheus.scrapeconfig.jobName }} +{{- end }} +{{- if .Values.prometheus.scrapeconfig.honorLabels }} + honorLabels: true +{{- end }} +{{- if .Values.prometheus.scrapeconfig.scrapeInterval }} + scrapeInterval: {{ .Values.prometheus.scrapeconfig.scrapeInterval }} +{{- end }} +{{- if .Values.prometheus.scrapeconfig.scrapeTimeout }} + scrapeTimeout: {{ .Values.prometheus.scrapeconfig.scrapeTimeout }} +{{- end }} +{{- if .Values.prometheus.scrapeconfig.proxyUrl }} + proxyUrl: {{ .Values.prometheus.scrapeconfig.proxyUrl }} +{{- end }} +{{- if .Values.prometheus.scrapeconfig.enableHttp2 }} + enableHttp2: {{ .Values.prometheus.scrapeconfig.enableHttp2 }} +{{- end }} +{{- if .Values.prometheus.scrapeconfig.metricRelabelings }} + metricRelabelings: + {{- toYaml .Values.prometheus.scrapeconfig.metricRelabelings | nindent 4 }} +{{- end }} +{{- if .Values.prometheus.scrapeconfig.relabelings }} + relabelings: + {{- toYaml .Values.prometheus.scrapeconfig.relabelings | nindent 4 }} +{{- end }} +{{- if .Values.prometheus.scrapeconfig.scheme }} + scheme: {{ .Values.prometheus.scrapeconfig.scheme }} +{{- end }} +{{- if .Values.prometheus.scrapeconfig.tlsConfig }} + tlsConfig: + {{- toYaml (.Values.prometheus.scrapeconfig.tlsConfig ) | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/service.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/service.yaml similarity index 85% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/service.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/service.yaml index 90c2351..4bfa7df 100644 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/service.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/service.yaml @@ -19,19 +19,19 @@ spec: ipFamilyPolicy: {{ .Values.service.ipDualStack.ipFamilyPolicy }} {{- end }} ports: - - name: "http" + - name: http protocol: TCP port: {{ .Values.service.port | default 8080}} - {{- if .Values.service.nodePort }} + {{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }} nodePort: {{ .Values.service.nodePort }} {{- end }} - targetPort: {{ .Values.service.port | default 8080}} + targetPort: http {{ if .Values.selfMonitor.enabled }} - - name: "metrics" + - name: metrics protocol: TCP port: {{ .Values.selfMonitor.telemetryPort | default 8081 }} - targetPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }} - {{- if .Values.selfMonitor.telemetryNodePort }} + targetPort: metrics + {{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }} nodePort: {{ .Values.selfMonitor.telemetryNodePort }} {{- end }} {{ end }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/serviceaccount.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/serviceaccount.yaml similarity index 100% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/serviceaccount.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/serviceaccount.yaml diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/servicemonitor.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/servicemonitor.yaml similarity index 92% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/servicemonitor.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/servicemonitor.yaml index 9085b3a..99d7fa9 100644 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/servicemonitor.yaml @@ -57,20 +57,8 @@ spec: {{- end }} {{- if or .Values.prometheus.monitor.http.metricRelabelings .Values.prometheus.monitor.metricRelabelings }} metricRelabelings: - {{- if or .Values.prometheus.monitor.http.metricRelabelings .Values.prometheus.monitor.metricRelabelings }} {{- toYaml (.Values.prometheus.monitor.http.metricRelabelings | default .Values.prometheus.monitor.metricRelabelings) | nindent 8 }} {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName }} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} - {{- end }} {{- if or .Values.prometheus.monitor.http.relabelings .Values.prometheus.monitor.relabelings }} relabelings: {{- toYaml (.Values.prometheus.monitor.http.relabelings | default .Values.prometheus.monitor.relabelings) | nindent 8 }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/stsdiscovery-role.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/stsdiscovery-role.yaml similarity index 100% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/stsdiscovery-role.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/stsdiscovery-role.yaml diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml similarity index 100% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml similarity index 100% rename from charts/rancher-monitoring/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/values.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml similarity index 84% rename from charts/rancher-monitoring/charts/kube-state-metrics/values.yaml rename to charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml index 1ab3a4d..9f71fbb 100644 --- a/charts/rancher-monitoring/charts/kube-state-metrics/values.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml @@ -1,9 +1,10 @@ # Default values for kube-state-metrics. prometheusScrape: true image: - registry: docker.io - repository: rancher/mirrored-kube-state-metrics-kube-state-metrics - tag: v2.15.0 + registry: registry.k8s.io + repository: kube-state-metrics/kube-state-metrics + # If unset use v + .Charts.appVersion + tag: "" sha: "" pullPolicy: IfNotPresent @@ -11,11 +12,6 @@ imagePullSecrets: [] # - name: "image-pull-secret" global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - # To help compatibility with other charts which use global.imagePullSecrets. # Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). # global: @@ -53,7 +49,7 @@ revisionHistoryLimit: 10 # List of additional cli arguments to configure kube-state-metrics # for example: --enable-gzip-encoding, --log-file, etc. -# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md +# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/main/docs/developer/cli-arguments.md extraArgs: [] # If false then the user will opt out of automounting API credentials. @@ -108,12 +104,16 @@ rbac: kubeRBACProxy: enabled: false image: - registry: '' - repository: rancher/mirrored-brancz-kube-rbac-proxy - tag: v0.18.2 + registry: quay.io + repository: brancz/kube-rbac-proxy + tag: v0.21.2 sha: "" pullPolicy: IfNotPresent + # This set --ignore-paths=/livez,/readyz to kubeRBACProxy container args + # to allow the pod probes working properly with kubeRBACProxy enabled. + ignoreProbePaths: true + # List of additional cli arguments to configure kube-rbac-prxy # for example: --tls-cipher-suites, --log-file, etc. # all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage @@ -129,6 +129,12 @@ kubeRBACProxy: drop: - ALL + # Configure specific upstream port for kube-state-metrics container + port: 9090 + # Configure specific proxy endpoints port + # This port is for healthz on readinessProbe kube-rbac-proxy-http container + proxyEndpointsPort: 8888 + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -165,7 +171,7 @@ serviceAccount: automountServiceAccountToken: true # Additional Environment variables -env: {} +env: [] # - name: GOMAXPROCS # valueFrom: # resourceFieldRef: @@ -243,22 +249,46 @@ prometheus: # name: secret-name # key: key-name tlsConfig: {} - -## Specify if a Pod Security Policy for kube-state-metrics must be created -## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -podSecurityPolicy: - annotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## Create a scrapeConfig resource for scraping the kube-state-metrics service. Use this instead of serviceMonitor + ## to have more instances of kube-state-metrics safety. + scrapeconfig: + ## To avoid duplicate metrics, first disable the serviceMonitor creation via prometheus.monitor.enabled=false + enabled: false + annotations: {} + additionalLabels: {} + jobName: kube-state-metrics + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + sampleLimit: 0 - additionalVolumes: [] + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 + + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 + + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 + + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 + + ## StaticConfigLabels defines the labels to be used in the Prometheus static configuration for scraping. + staticConfigLabels: {} + scrapeInterval: "" + scrapeTimeout: "" + proxyUrl: "" + ## Whether to enable HTTP2 for scrapeconfig + enableHttp2: false + honorLabels: true + metricRelabelings: [] + relabelings: [] + scheme: "" + tlsConfig: {} ## Configure network policy for kube-state-metrics networkPolicy: @@ -329,6 +359,9 @@ topologySpreadConstraints: [] # Annotations to be added to the deployment/statefulset annotations: {} +# Labels to be added to the deployment/statefulset +labels: {} + # Annotations to be added to the pod podAnnotations: {} @@ -377,7 +410,7 @@ collectors: - cronjobs - daemonsets - deployments - - endpoints + - endpointslices - horizontalpodautoscalers - ingresses - jobs @@ -413,8 +446,19 @@ kubeconfig: # Enabling support for customResourceState, will create a configMap including your config that will be read from kube-state-metrics customResourceState: + # Whether to enable support for CustomResourceStateMetrics. enabled: false - # Add (Cluster)Role permissions to list/watch the customResources defined in the config to rbac.extraRules + + # Whether to create the ConfigMap that holds the config. + create: true + + # Name of the ConfigMap that holds the config. If empty, name will be generated based on the release name. + name: "" + + # ConfigMap key that holds the config. + key: config.yaml + + # Definition of the CustomResourceStateMetrics. Add (Cluster)Role permissions to list/watch the resources defined in the config to rbac.extraRules. config: {} # Enable only the release namespace for collecting resources. By default all namespaces are collected. @@ -444,11 +488,6 @@ resources: {} # cpu: 10m # memory: 32Mi -## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. -## For example: kubeTargetVersionOverride: 1.14.9 -## -kubeTargetVersionOverride: "" - # Enable self metrics configuration for service and Service Monitor # Default values for telemetry configuration can be overridden # If you set telemetryNodePort, you must also set service.type to NodePort @@ -522,6 +561,14 @@ initContainers: [] # - name: crd-sidecar # image: kiwigrid/k8s-sidecar:latest +## dnsPolicy allows to change the default DNS configuration for the pod +## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy +dnsPolicy: ClusterFirst + +## dnsConfig allows setting up specific DNS configuration for the pod +## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config +dnsConfig: {} + ## Settings for startup, liveness and readiness probes ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ ## diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/.helmignore b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/.helmignore similarity index 100% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/.helmignore rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/.helmignore diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/Chart.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml similarity index 78% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/Chart.yaml rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml index 6201351..b016fb6 100644 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/Chart.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml @@ -1,12 +1,13 @@ annotations: artifacthub.io/license: Apache-2.0 - artifacthub.io/links: |- + artifacthub.io/links: | - name: Chart Source url: https://github.com/prometheus-community/helm-charts apiVersion: v2 -appVersion: 1.9.0 +appVersion: 1.11.1 description: A Helm chart for prometheus node-exporter home: https://github.com/prometheus/node_exporter/ +icon: https://raw.githubusercontent.com/cncf/artwork/refs/heads/main/projects/prometheus/icon/color/prometheus-icon-color.svg keywords: - node-exporter - prometheus @@ -25,4 +26,4 @@ name: prometheus-node-exporter sources: - https://github.com/prometheus/node_exporter/ type: application -version: 4.44.1 +version: 4.53.1 diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/README.md b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/README.md similarity index 73% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/README.md rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/README.md index cee76e6..a540467 100644 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/README.md +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/README.md @@ -1,30 +1,29 @@ - # Prometheus Node Exporter Prometheus exporter for hardware and OS metrics exposed by *NIX kernels, written in Go with pluggable metric collectors. This chart bootstraps a Prometheus [Node Exporter](http://github.com/prometheus/node_exporter) daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -## Get Repository Info - -```console -helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -helm repo update -``` +## Usage -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Chart +The chart is distributed as an [OCI Artifact](https://helm.sh/docs/topics/registries/) as well as via a traditional [Helm Repository](https://helm.sh/docs/topics/chart_repository/). + +- OCI Artifact: `oci://ghcr.io/prometheus-community/charts/prometheus-node-exporter` +- Helm Repository: `https://prometheus-community.github.io/helm-charts` with chart `prometheus-node-exporter` + +The installation instructions use the OCI registry. Refer to the [`helm repo`]([`helm repo`](https://helm.sh/docs/helm/helm_repo/)) command documentation for information on installing charts via the traditional repository. + +### Install Chart ```console -helm install [RELEASE_NAME] prometheus-community/prometheus-node-exporter +helm install [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/prometheus-node-exporter ``` _See [configuration](#configuring) below._ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ -## Uninstall Chart +### Uninstall Chart ```console helm uninstall [RELEASE_NAME] @@ -34,15 +33,15 @@ This removes all the Kubernetes components associated with the chart and deletes _See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ -## Upgrading Chart +### Upgrading Chart ```console -helm upgrade [RELEASE_NAME] prometheus-community/prometheus-node-exporter --install +helm upgrade [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/prometheus-node-exporter --install ``` _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ -### 3.x to 4.x +#### 3.x to 4.x Starting from version 4.0.0, the `node exporter` chart is using the [Kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/). Therefore you have to delete the daemonset before you upgrade. @@ -53,7 +52,7 @@ helm upgrade -i prometheus-node-exporter prometheus-community/prometheus-node-ex If you use your own custom [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor) or [PodMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#podmonitor), please ensure to upgrade their `selector` fields accordingly to the new labels. -### From 2.x to 3.x +#### From 2.x to 3.x Change the following: @@ -74,7 +73,7 @@ hostRootFsMount: See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: ```console -helm show values prometheus-community/prometheus-node-exporter +helm show values oci://ghcr.io/prometheus-community/charts/prometheus-node-exporter ``` ### kube-rbac-proxy diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/NOTES.txt b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/NOTES.txt similarity index 92% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/templates/NOTES.txt rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/NOTES.txt index 8c5391f..db8584d 100644 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/NOTES.txt +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/NOTES.txt @@ -10,8 +10,8 @@ echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} export POD_NAME=$(kubectl get pods --namespace {{ template "prometheus-node-exporter.namespace" . }} -l "app.kubernetes.io/name={{ template "prometheus-node-exporter.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:{{ .Values.service.port }} to use your application" - kubectl port-forward --namespace {{ template "prometheus-node-exporter.namespace" . }} $POD_NAME {{ .Values.service.port }} + echo "Visit http://127.0.0.1:9100 to use your application" + kubectl port-forward --namespace {{ template "prometheus-node-exporter.namespace" . }} $POD_NAME 9100 {{- end }} {{- if .Values.kubeRBACProxy.enabled}} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/_helpers.tpl b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/_helpers.tpl similarity index 85% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/templates/_helpers.tpl rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/_helpers.tpl index 57468b2..890c487 100644 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/_helpers.tpl +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/_helpers.tpl @@ -1,32 +1,3 @@ -# Rancher -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. @@ -104,21 +75,16 @@ Create the name of the service account to use The image to use */}} {{- define "prometheus-node-exporter.image" -}} -{{- $temp_registry := (include "system_default_registry" .) }} {{- if .Values.image.sha }} {{- fail "image.sha forbidden. Use image.digest instead" }} {{- else if .Values.image.digest }} -{{- if $temp_registry }} -{{- printf "%s%s:%s@%s" $temp_registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.digest }} -{{- else if .Values.global.imageRegistry }} +{{- if .Values.global.imageRegistry }} {{- printf "%s/%s:%s@%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.digest }} {{- else }} {{- printf "%s/%s:%s@%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.digest }} {{- end }} {{- else }} -{{- if $temp_registry }} -{{- printf "%s%s:%s" $temp_registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} -{{- else if .Values.global.imageRegistry }} +{{- if .Values.global.imageRegistry }} {{- printf "%s/%s:%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} {{- else }} {{- printf "%s/%s:%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/clusterrole.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/clusterrole.yaml similarity index 100% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/templates/clusterrole.yaml rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/clusterrole.yaml diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/clusterrolebinding.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/clusterrolebinding.yaml similarity index 100% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/templates/clusterrolebinding.yaml rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/clusterrolebinding.yaml diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/daemonset.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml similarity index 85% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/templates/daemonset.yaml rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml index e3ac2f1..9ab71b8 100644 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/daemonset.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml @@ -38,9 +38,56 @@ spec: {{- with .Values.priorityClassName }} priorityClassName: {{ . }} {{- end }} - {{- with .Values.extraInitContainers }} + {{- $fixes := .Values.permissionInitContainer.fixes -}} + {{- $fixesEnabled := or $fixes.rapl $fixes.slabinfo (not (empty .Values.permissionInitContainer.extraCommands)) -}} + {{- if or .Values.extraInitContainers $fixesEnabled }} initContainers: - {{- toYaml . | nindent 8 }} + {{- if .Values.extraInitContainers }} + {{- toYaml .Values.extraInitContainers | nindent 8 }} + {{- end }} + {{- if $fixesEnabled }} + - name: permission-fix + {{- with .Values.permissionInitContainer.image }} + {{- if .sha }} + image: "{{ $.Values.global.imageRegistry | default .registry}}/{{ .repository }}:{{ .tag }}@sha256:{{ .sha }}" + {{- else }} + image: "{{ $.Values.global.imageRegistry | default .registry}}/{{ .repository }}:{{ .tag }}" + {{- end }} + {{- end }} + imagePullPolicy: {{ .Values.permissionInitContainer.image.pullPolicy }} + securityContext: + {{- toYaml .Values.permissionInitContainer.securityContext | nindent 12 }} + command: + - /bin/sh + - -c + - | + {{- if $fixes.rapl }} + powercap_path="/host/sys/devices/virtual/powercap" + if [ -d "$powercap_path" ]; then + find "$powercap_path" -name energy_uj -exec chown root:{{ .Values.securityContext.runAsGroup }} {} + -exec chmod g+r -R {} + + fi + {{- end }} + {{- if $fixes.slabinfo }} + slabinfo_path="/host/proc/slabinfo" + if [ -f "$slabinfo_path" ]; then + chown root:{{ .Values.securityContext.runAsGroup }} "$slabinfo_path" && chmod g+r "$slabinfo_path" + fi + {{- end }} + {{- range .Values.permissionInitContainer.extraCommands }} + {{ . }} + {{- end }} + volumeMounts: + {{- if $fixes.rapl }} + - name: sys + mountPath: /host/sys + readOnly: false + {{- end }} + {{- if $fixes.slabinfo }} + - name: proc + mountPath: /host/proc + readOnly: false + {{- end }} + {{- end }} {{- end }} serviceAccountName: {{ include "prometheus-node-exporter.serviceAccountName" . }} {{- with .Values.terminationGracePeriodSeconds }} @@ -48,6 +95,7 @@ spec: {{- end }} containers: {{- $servicePort := ternary .Values.kubeRBACProxy.port .Values.service.port .Values.kubeRBACProxy.enabled }} + {{- $servicePortReference := ternary .Values.kubeRBACProxy.port .Values.service.portName .Values.kubeRBACProxy.enabled }} - name: node-exporter image: {{ include "prometheus-node-exporter.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -102,7 +150,7 @@ spec: value: {{ $header.value }} {{- end }} path: / - port: {{ $servicePort }} + port: {{ $servicePortReference }} scheme: {{ upper .Values.livenessProbe.httpGet.scheme }} initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} @@ -120,7 +168,7 @@ spec: value: {{ $header.value }} {{- end }} path: / - port: {{ $servicePort }} + port: {{ $servicePortReference }} scheme: {{ upper .Values.readinessProbe.httpGet.scheme }} initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} @@ -265,10 +313,16 @@ spec: {{- include "prometheus-node-exporter.imagePullSecrets" (dict "Values" .Values "imagePullSecrets" .Values.imagePullSecrets) | indent 8 }} {{- end }} hostNetwork: {{ .Values.hostNetwork }} + {{- if kindIs "bool" .Values.hostUsers }} + hostUsers: {{ .Values.hostUsers }} + {{- end }} hostPID: {{ .Values.hostPID }} hostIPC: {{ .Values.hostIPC }} affinity: {{- include "prometheus-node-exporter.mergedAffinities" . | nindent 8 }} + {{- with .Values.dnsPolicy }} + dnsPolicy: {{ . }} + {{- end }} {{- with .Values.dnsConfig }} dnsConfig: {{- toYaml . | nindent 8 }} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/endpoints.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/endpoints.yaml similarity index 91% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/templates/endpoints.yaml rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/endpoints.yaml index 56b6952..45eeb8d 100644 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/endpoints.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/endpoints.yaml @@ -13,6 +13,6 @@ subsets: {{- end }} ports: - name: {{ .Values.service.portName }} - port: {{ .Values.service.port }} + port: 9100 protocol: TCP {{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/extra-manifests.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/extra-manifests.yaml similarity index 100% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/templates/extra-manifests.yaml rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/extra-manifests.yaml diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/networkpolicy.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/networkpolicy.yaml similarity index 100% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/templates/networkpolicy.yaml rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/networkpolicy.yaml diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/podmonitor.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/podmonitor.yaml similarity index 100% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/templates/podmonitor.yaml rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/podmonitor.yaml diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/rbac-configmap.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/rbac-configmap.yaml similarity index 100% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/templates/rbac-configmap.yaml rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/rbac-configmap.yaml diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/service.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/service.yaml similarity index 91% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/templates/service.yaml rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/service.yaml index abaa31b..9807c66 100644 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/service.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/service.yaml @@ -20,6 +20,9 @@ spec: {{- end }} {{- if .Values.service.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} +{{- end }} +{{- if .Values.service.internalTrafficPolicy }} + internalTrafficPolicy: {{ .Values.service.internalTrafficPolicy }} {{- end }} type: {{ .Values.service.type }} {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/serviceaccount.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/serviceaccount.yaml similarity index 100% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/templates/serviceaccount.yaml rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/serviceaccount.yaml diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/servicemonitor.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/servicemonitor.yaml similarity index 85% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/templates/servicemonitor.yaml rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/servicemonitor.yaml index 322c3dc..96ec1af 100644 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/servicemonitor.yaml @@ -58,18 +58,8 @@ spec: relabelings: {{- toYaml . | nindent 8 }} {{- end }} - metricRelabelings: {{- with .Values.prometheus.monitor.metricRelabelings }} + metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName }} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} {{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/verticalpodautoscaler.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/verticalpodautoscaler.yaml similarity index 100% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/templates/verticalpodautoscaler.yaml rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/verticalpodautoscaler.yaml diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/values.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml similarity index 92% rename from charts/rancher-monitoring/charts/prometheus-node-exporter/values.yaml rename to charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml index b94efac..c58ee4e 100644 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/values.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml @@ -1,12 +1,11 @@ # Default values for prometheus-node-exporter. # This is a YAML-formatted file. # Declare variables to be passed into your templates. - image: - registry: docker.io - repository: rancher/mirrored-prometheus-node-exporter + registry: quay.io + repository: prometheus/node-exporter # Overrides the image tag whose default is {{ printf "v%s" .Chart.AppVersion }} - tag: v1.9.0 + tag: "" pullPolicy: IfNotPresent digest: "" @@ -20,11 +19,6 @@ fullnameOverride: "" revisionHistoryLimit: 10 global: - cattle: - psp: - enable: true - systemDefaultRegistry: "" - # To help compatibility with other charts which use global.imagePullSecrets. # Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). # global: @@ -49,9 +43,9 @@ kubeRBACProxy: env: {} # VARIABLE: value image: - registry: '' - repository: rancher/mirrored-brancz-kube-rbac-proxy - tag: v0.18.2 + registry: quay.io + repository: brancz/kube-rbac-proxy + tag: v0.21.2 sha: "" pullPolicy: IfNotPresent @@ -132,13 +126,13 @@ service: clusterIP: "" ## Default service port. Sets the port of the exposed container as well (NE or kubeRBACProxy). ## Use "servicePort" below if changing the service port only is desired. - port: 9796 + port: 9100 ## Service port. Use this field if you wish to set a different service port ## without changing the container port ("port" above). servicePort: "" ## Targeted port in the pod. Must refer to an open container port ("port" or "portName"). ## (IntOrString) - targetPort: 9796 + targetPort: 9100 ## Name of the service port. Sets the port name of the main container (NE) as well. portName: metrics ## Port number for service type NodePort @@ -159,8 +153,10 @@ service: ipFamilies: ["IPv6", "IPv4"] ipFamilyPolicy: "PreferDualStack" - ## External traffic policy setting (Cluster, Local) + ## External/Internal traffic policy setting (Cluster, Local) + ## https://kubernetes.io/docs/reference/networking/virtual-ips/#traffic-policies externalTrafficPolicy: "" + internalTrafficPolicy: "" # Set a NetworkPolicy with: # ingress only on service.port or custom policy @@ -287,13 +283,13 @@ prometheus: # ProxyURL eg http://proxyserver:2195. Directs scrapes through proxy to this endpoint. proxyUrl: "" - # Interval at which endpoints should be scraped. If not specified Prometheus’ global scrape interval is used. + # Interval at which endpoints should be scraped. If not specified Prometheus' global scrape interval is used. interval: "" # Timeout after which the scrape is ended. If not specified, the Prometheus global scrape interval is used. scrapeTimeout: "" # HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. honorTimestamps: true - # HonorLabels chooses the metric’s labels on collisions with target labels. + # HonorLabels chooses the metric's labels on collisions with target labels. honorLabels: true # Whether to enable HTTP2. Default false. enableHttp2: "" @@ -306,7 +302,7 @@ prometheus: params: {} # RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds - # relabelings for a few standard Kubernetes fields. The original scrape job’s name + # relabelings for a few standard Kubernetes fields. The original scrape job's name # is available via the __tmp_prometheus_job_name label. # More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config relabelings: [] @@ -375,7 +371,6 @@ rbac: ## If true, create & use RBAC resources ## create: true - pspAnnotations: {} # for deployments that have node_exporter deployed outside of the cluster, list # their addresses here @@ -384,6 +379,11 @@ endpoints: [] # Expose the service to the host network hostNetwork: true +# hostUsers should be `true` or `~` if hostNetwork is true +# for more information on the limitations of hostUsers +# see https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/#limitations +hostUsers: ~ + # Share the host process ID namespace hostPID: true @@ -440,6 +440,11 @@ daemonsetAnnotations: {} ## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box releaseLabel: false +# DNS policy for prometheus-node-exporter pods +# When hostNetwork is true, you typically want "Default" or "ClusterFirstWithHostNet" +# Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy +dnsPolicy: "" + # Custom DNS configuration to be added to prometheus-node-exporter pods dnsConfig: {} # nameservers: @@ -464,8 +469,6 @@ terminationGracePeriodSeconds: null tolerations: - effect: NoSchedule operator: Exists - - effect: NoExecute - operator: Exists # Enable or disable container termination message settings # https://kubernetes.io/docs/tasks/debug/debug-application/determine-reason-pod-failure/ @@ -540,6 +543,28 @@ sidecarHostVolumeMounts: [] ## extraInitContainers: [] +## Additional InitContainer to fix hostfile permissions required for some exporters. All fixes are disabled by default. +## +permissionInitContainer: + image: + registry: quay.io + repository: prometheus/busybox + tag: latest + sha: "" + pullPolicy: IfNotPresent + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + fixes: + # Fixes /sys/devices/virtual/powercap/*/energy_uj + # Collector enabled by default + rapl: false + # Fixes /proc/slabinfo + # Collector disabled by default + slabinfo: false + extraCommands: [] + ## Liveness probe ## livenessProbe: diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/.helmignore b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/.helmignore similarity index 100% rename from charts/rancher-monitoring/charts/prometheus-adapter/.helmignore rename to charts/kube-prometheus-stack/charts/prometheus-windows-exporter/.helmignore diff --git a/charts/rancher-monitoring/charts/windowsExporter/Chart.yaml b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/Chart.yaml similarity index 68% rename from charts/rancher-monitoring/charts/windowsExporter/Chart.yaml rename to charts/kube-prometheus-stack/charts/prometheus-windows-exporter/Chart.yaml index b94064e..8ee580f 100644 --- a/charts/rancher-monitoring/charts/windowsExporter/Chart.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/Chart.yaml @@ -1,7 +1,8 @@ apiVersion: v2 -appVersion: 0.30.5 +appVersion: 0.31.6 description: A Helm chart for prometheus windows-exporter home: https://github.com/prometheus-community/windows_exporter/ +icon: https://raw.githubusercontent.com/cncf/artwork/master/prometheus/icon/color/prometheus-icon-color.svg keywords: - windows-exporter - windows @@ -11,8 +12,8 @@ maintainers: - email: github@jkroepke.de name: Jan-Otto Kröpke url: https://github.com/jkroepke -name: windowsExporter +name: prometheus-windows-exporter sources: - https://github.com/prometheus-community/windows_exporter/ type: application -version: 0.9.1 +version: 0.12.6 diff --git a/charts/rancher-monitoring/charts/windowsExporter/README.md b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/README.md similarity index 56% rename from charts/rancher-monitoring/charts/windowsExporter/README.md rename to charts/kube-prometheus-stack/charts/prometheus-windows-exporter/README.md index 1da1c64..21d41ea 100644 --- a/charts/rancher-monitoring/charts/windowsExporter/README.md +++ b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/README.md @@ -4,26 +4,26 @@ Prometheus exporter for hardware and OS metrics exposed by Windows kernels, writ This chart bootstraps a prometheus [`Windows Exporter`](http://github.com/prometheus-community/windows_exporter) daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -## Get Repository Info +## Usage + +The chart is distributed as an [OCI Artifact](https://helm.sh/docs/topics/registries/) as well as via a traditional [Helm Repository](https://helm.sh/docs/topics/chart_repository/). + +- OCI Artifact: `oci://ghcr.io/prometheus-community/charts/prometheus-windows-exporter` +- Helm Repository: `https://prometheus-community.github.io/helm-charts` with chart `prometheus-windows-exporter` + +The installation instructions use the OCI registry. Refer to the [`helm repo`]([`helm repo`](https://helm.sh/docs/helm/helm_repo/)) command documentation for information on installing charts via the traditional repository. + +### Install Chart ```console -helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -helm repo update -``` - -_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Chart - -```console -helm install [RELEASE_NAME] prometheus-community/prometheus-windows-exporter +helm install [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/prometheus-windows-exporter ``` _See [configuration](#configuring) below._ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ -## Uninstall Chart +### Uninstall Chart ```console helm uninstall [RELEASE_NAME] @@ -38,5 +38,5 @@ _See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command doc See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: ```console -helm show values prometheus-community/prometheus-windows-exporter +helm show values oci://ghcr.io/prometheus-community/charts/prometheus-windows-exporter ``` diff --git a/charts/rancher-monitoring/charts/windowsExporter/templates/_helpers.tpl b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/_helpers.tpl similarity index 56% rename from charts/rancher-monitoring/charts/windowsExporter/templates/_helpers.tpl rename to charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/_helpers.tpl index c9a5d6d..5edf326 100644 --- a/charts/rancher-monitoring/charts/windowsExporter/templates/_helpers.tpl +++ b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/_helpers.tpl @@ -1,59 +1,28 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "prometheus-windows-exporter.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. -The components in this chart create additional resources that expand the longest created name strings. -The longest name that gets created adds and extra 37 characters, so truncation should be 63-35=26. */}} {{- define "prometheus-windows-exporter.fullname" -}} -{{ printf "%s-windows-exporter" .Release.Name }} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -{{- define "windowsExporter.renamedMetricsRelabeling" -}} -{{- range $original, $new := (include "windowsExporter.renamedMetrics" . | fromJson) -}} -- sourceLabels: [__name__] - regex: {{ $original }} - replacement: '{{ $new }}' - targetLabel: __name__ -{{ end -}} -{{- end -}} - -{{- define "windowsExporter.labels" -}} -k8s-app: {{ template "prometheus-windows-exporter.fullname" . }} -release: {{ .Release.Name }} -component: "windows-exporter" -provider: kubernetes -{{- end -}} - -{{- define "windowsExporter.renamedMetrics" -}} -{{- $renamed := dict -}} -{{/* v0.15.0 */}} -{{- $_ := set $renamed "windows_mssql_transactions_active_total" "windows_mssql_transactions_active" -}} -{{/* v0.16.0 */}} -{{- $_ := set $renamed "windows_adfs_ad_login_connection_failures" "windows_adfs_ad_login_connection_failures_total" -}} -{{- $_ := set $renamed "windows_adfs_certificate_authentications" "windows_adfs_certificate_authentications_total" -}} -{{- $_ := set $renamed "windows_adfs_device_authentications" "windows_adfs_device_authentications_total" -}} -{{- $_ := set $renamed "windows_adfs_extranet_account_lockouts" "windows_adfs_extranet_account_lockouts_total" -}} -{{- $_ := set $renamed "windows_adfs_federated_authentications" "windows_adfs_federated_authentications_total" -}} -{{- $_ := set $renamed "windows_adfs_passport_authentications" "windows_adfs_passport_authentications_total" -}} -{{- $_ := set $renamed "windows_adfs_password_change_failed" "windows_adfs_password_change_failed_total" -}} -{{- $_ := set $renamed "windows_adfs_password_change_succeeded" "windows_adfs_password_change_succeeded_total" -}} -{{- $_ := set $renamed "windows_adfs_token_requests" "windows_adfs_token_requests_total" -}} -{{- $_ := set $renamed "windows_adfs_windows_integrated_authentications" "windows_adfs_windows_integrated_authentications_total" -}} -{{- $_ := set $renamed "windows_net_packets_outbound_errors" "windows_net_packets_outbound_errors_total" -}} -{{- $_ := set $renamed "windows_net_packets_received_discarded" "windows_net_packets_received_discarded_total" -}} -{{- $_ := set $renamed "windows_net_packets_received_errors" "windows_net_packets_received_errors_total" -}} -{{- $_ := set $renamed "windows_net_packets_received_total" "windows_net_packets_received_total_total" -}} -{{- $_ := set $renamed "windows_net_packets_received_unknown" "windows_net_packets_received_unknown_total" -}} -{{- $_ := set $renamed "windows_dns_memory_used_bytes_total" "windows_dns_memory_used_bytes" -}} -{{- $renamed | toJson -}} -{{- end -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} {{/* Create chart name and version as used by the chart label. @@ -86,7 +55,7 @@ release: {{ .Release.Name }} Selector labels */}} {{- define "prometheus-windows-exporter.selectorLabels" -}} -app.kubernetes.io/name: {{ include "prometheus-windows-exporter.fullname" . }} +app.kubernetes.io/name: {{ include "prometheus-windows-exporter.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} @@ -109,14 +78,14 @@ The image to use {{- if .Values.image.sha }} {{- fail "image.sha forbidden. Use image.digest instead" }} {{- else if .Values.image.digest }} -{{- if .Values.global.cattle.systemDefaultRegistry }} -{{- printf "%s/%s:%s@%s" .Values.global.cattle.systemDefaultRegistry .Values.image.repository (default .Chart.AppVersion .Values.image.tag) .Values.image.digest }} +{{- if .Values.global.imageRegistry }} +{{- printf "%s/%s:%s@%s" .Values.global.imageRegistry .Values.image.repository (default .Chart.AppVersion .Values.image.tag) .Values.image.digest }} {{- else }} {{- printf "%s/%s:%s@%s" .Values.image.registry .Values.image.repository (default .Chart.AppVersion .Values.image.tag) .Values.image.digest }} {{- end }} {{- else }} -{{- if .Values.global.cattle.systemDefaultRegistry }} -{{- printf "%s/%s:%s" .Values.global.cattle.systemDefaultRegistry .Values.image.repository (default .Chart.AppVersion .Values.image.tag) }} +{{- if .Values.global.imageRegistry }} +{{- printf "%s/%s:%s" .Values.global.imageRegistry .Values.image.repository (default .Chart.AppVersion .Values.image.tag) }} {{- else }} {{- printf "%s/%s:%s" .Values.image.registry .Values.image.repository (default .Chart.AppVersion .Values.image.tag) }} {{- end }} diff --git a/charts/rancher-monitoring/charts/windowsExporter/templates/config.yaml b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/config.yaml similarity index 83% rename from charts/rancher-monitoring/charts/windowsExporter/templates/config.yaml rename to charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/config.yaml index 25f1fa6..1dd5797 100644 --- a/charts/rancher-monitoring/charts/windowsExporter/templates/config.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/config.yaml @@ -4,7 +4,7 @@ metadata: name: {{ include "prometheus-windows-exporter.fullname" . }} namespace: {{ include "prometheus-windows-exporter.namespace" . }} labels: - {{- include "windowsExporter.labels" $ | nindent 4 }} + {{- include "prometheus-windows-exporter.labels" $ | nindent 4 }} {{- with .Values.service.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/rancher-monitoring/charts/windowsExporter/templates/daemonset.yaml b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/daemonset.yaml similarity index 90% rename from charts/rancher-monitoring/charts/windowsExporter/templates/daemonset.yaml rename to charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/daemonset.yaml index 9a970fe..74d5bbc 100644 --- a/charts/rancher-monitoring/charts/windowsExporter/templates/daemonset.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/daemonset.yaml @@ -4,7 +4,7 @@ metadata: name: {{ include "prometheus-windows-exporter.fullname" . }} namespace: {{ include "prometheus-windows-exporter.namespace" . }} labels: - {{- include "windowsExporter.labels" . | nindent 4 }} + {{- include "prometheus-windows-exporter.labels" . | nindent 4 }} {{- with .Values.daemonsetAnnotations }} annotations: {{- toYaml . | nindent 4 }} @@ -12,7 +12,7 @@ metadata: spec: selector: matchLabels: - {{- include "windowsExporter.labels" . | nindent 6 }} + {{- include "prometheus-windows-exporter.selectorLabels" . | nindent 6 }} {{- with .Values.updateStrategy }} updateStrategy: {{- toYaml . | nindent 4 }} @@ -24,7 +24,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "windowsExporter.labels" . | nindent 8 }} + {{- include "prometheus-windows-exporter.labels" . | nindent 8 }} spec: automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} {{- with .Values.securityContext }} @@ -37,16 +37,16 @@ spec: initContainers: - name: configure-firewall image: {{ include "prometheus-windows-exporter.image" . }} - command: - - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe - args: ["-f", "scripts/configure-firewall.ps1"] - volumeMounts: - - mountPath: /scripts - name: exporter-scripts + command: [ "powershell" ] + args: [ "New-NetFirewallRule", "-DisplayName", "'windows-exporter'", "-Direction", "inbound", "-Profile", "Any", "-Action", "Allow", "-LocalPort", "{{ .Values.service.port }}", "-Protocol", "TCP" ] + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.extraInitContainers }} {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "prometheus-windows-exporter.fullname" . }} + serviceAccountName: {{ include "prometheus-windows-exporter.serviceAccountName" . }} containers: - name: windows-exporter image: {{ include "prometheus-windows-exporter.image" . }} @@ -58,7 +58,7 @@ spec: {{- with .Values.extraArgs }} {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.securityContext }} + {{- with .Values.containerSecurityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} @@ -68,9 +68,8 @@ spec: value: {{ $value | quote }} {{- end }} ports: - - name: http + - name: {{ .Values.service.portName }} containerPort: {{ .Values.service.port }} - hostPort: {{ .Values.service.port }} protocol: TCP livenessProbe: failureThreshold: {{ .Values.livenessProbe.failureThreshold }} @@ -167,9 +166,6 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} volumes: - - name: exporter-scripts - configMap: - name: {{ include "prometheus-windows-exporter.fullname" . }}-scripts - name: config configMap: name: {{ include "prometheus-windows-exporter.fullname" . }} diff --git a/charts/rancher-monitoring/charts/windowsExporter/templates/podmonitor.yaml b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/podmonitor.yaml similarity index 97% rename from charts/rancher-monitoring/charts/windowsExporter/templates/podmonitor.yaml rename to charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/podmonitor.yaml index bbb6c39..ccb8ca1 100644 --- a/charts/rancher-monitoring/charts/windowsExporter/templates/podmonitor.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/podmonitor.yaml @@ -5,7 +5,7 @@ metadata: name: {{ include "prometheus-windows-exporter.fullname" . }} namespace: {{ include "prometheus-windows-exporter.podmonitor-namespace" . }} labels: - {{- include "windowsExporter.labels" . | nindent 4 }} + {{- include "prometheus-windows-exporter.labels" . | nindent 4 }} {{- with .Values.prometheus.podMonitor.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/rancher-monitoring/charts/windowsExporter/templates/service.yaml b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/service.yaml similarity index 76% rename from charts/rancher-monitoring/charts/windowsExporter/templates/service.yaml rename to charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/service.yaml index 12ca7ba..67c0376 100644 --- a/charts/rancher-monitoring/charts/windowsExporter/templates/service.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/service.yaml @@ -4,7 +4,7 @@ metadata: name: {{ include "prometheus-windows-exporter.fullname" . }} namespace: {{ include "prometheus-windows-exporter.namespace" . }} labels: - {{- include "windowsExporter.labels" $ | nindent 4 }} + {{- include "prometheus-windows-exporter.labels" $ | nindent 4 }} {{- with .Values.service.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -16,9 +16,9 @@ spec: {{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }} nodePort: {{ .Values.service.nodePort }} {{- end }} - targetPort: {{ .Values.service.port }} + targetPort: {{ .Values.service.portName }} protocol: TCP appProtocol: http name: {{ .Values.service.portName }} selector: - {{- include "windowsExporter.labels" . | nindent 4 }} + {{- include "prometheus-windows-exporter.selectorLabels" . | nindent 4 }} diff --git a/charts/rancher-monitoring/charts/windowsExporter/templates/serviceaccount.yaml b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/serviceaccount.yaml similarity index 90% rename from charts/rancher-monitoring/charts/windowsExporter/templates/serviceaccount.yaml rename to charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/serviceaccount.yaml index 14c1c46..db4630b 100644 --- a/charts/rancher-monitoring/charts/windowsExporter/templates/serviceaccount.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/serviceaccount.yaml @@ -5,7 +5,7 @@ metadata: name: {{ include "prometheus-windows-exporter.serviceAccountName" . }} namespace: {{ include "prometheus-windows-exporter.namespace" . }} labels: - {{- include "windowsExporter.labels" . | nindent 4 }} + {{- include "prometheus-windows-exporter.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/rancher-monitoring/charts/windowsExporter/templates/servicemonitor.yaml b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/servicemonitor.yaml similarity index 70% rename from charts/rancher-monitoring/charts/windowsExporter/templates/servicemonitor.yaml rename to charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/servicemonitor.yaml index 2effc07..a011787 100644 --- a/charts/rancher-monitoring/charts/windowsExporter/templates/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/servicemonitor.yaml @@ -5,7 +5,7 @@ metadata: name: {{ include "prometheus-windows-exporter.fullname" . }} namespace: {{ include "prometheus-windows-exporter.monitor-namespace" . }} labels: - {{- include "windowsExporter.labels" . | nindent 4 }} + {{- include "prometheus-windows-exporter.labels" . | nindent 4 }} {{- with .Values.prometheus.monitor.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -21,7 +21,7 @@ spec: {{- with .Values.prometheus.monitor.selectorOverride }} {{- toYaml . | nindent 6 }} {{- else }} - {{- include "windowsExporter.labels" . | nindent 6 }} + {{- include "prometheus-windows-exporter.selectorLabels" . | nindent 6 }} {{- end }} {{- with .Values.prometheus.monitor.attachMetadata }} attachMetadata: @@ -50,26 +50,12 @@ spec: {{- with .Values.prometheus.monitor.scrapeTimeout }} scrapeTimeout: {{ . }} {{- end }} - metricRelabelings: -{{- include "windowsExporter.renamedMetricsRelabeling" . | nindent 6 -}} - - sourceLabels: [__name__] - regex: 'wmi_(.*)' - replacement: 'windows_$1' - targetLabel: __name__ - - sourceLabels: [volume, nic] - regex: (.*);(.*) - separator: '' - targetLabel: device - action: replace - replacement: $1$2 - - sourceLabels: [__name__] - regex: windows_cs_logical_processors - replacement: 'system' - targetLabel: mode + {{- with .Values.prometheus.monitor.relabelings }} relabelings: - - separator: ':' - sourceLabels: - - __meta_kubernetes_pod_host_ip - - __meta_kubernetes_pod_container_port_number - targetLabel: instance + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.prometheus.monitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/rancher-monitoring/charts/windowsExporter/values.yaml b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/values.yaml similarity index 96% rename from charts/rancher-monitoring/charts/windowsExporter/values.yaml rename to charts/kube-prometheus-stack/charts/prometheus-windows-exporter/values.yaml index f9f89f6..3d5d741 100644 --- a/charts/rancher-monitoring/charts/windowsExporter/values.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/values.yaml @@ -3,17 +3,16 @@ # Declare variables to be passed into your templates. image: - registry: docker.io - repository: rancher/mirrored-prometheus-windows-exporter - os: "windows" + registry: ghcr.io + repository: prometheus-community/windows-exporter # Overrides the image tag whose default is {{ printf "v%s" .Chart.AppVersion }} - tag: "0.30.5" + tag: "" pullPolicy: IfNotPresent digest: "" config: |- collectors: - enabled: '[defaults],tcp,memory,container' + enabled: '[defaults],memory,container' imagePullSecrets: [] # - name: "image-pull-secret" @@ -33,19 +32,20 @@ global: # - pullSecret1 # - pullSecret2 imagePullSecrets: [] - cattle: - systemDefaultRegistry: "" + # + # Allow parent charts to override registry hostname + imageRegistry: "" ## Service configuration service: ## Service type type: ClusterIP ## Default service port. Sets the port of the exposed container as well (windows-exporter). - port: 9796 + port: 9182 ## Port number for service type NodePort nodePort: ## Name of the service port. Sets the port name of the main container (windows-exporter) as well. - portName: windows-metrics + portName: metrics ## Additional annotations and labels for the service. annotations: {} @@ -56,15 +56,15 @@ env: {} prometheus: monitor: - enabled: true + enabled: false additionalLabels: {} namespace: "" - jobLabel: "component" + jobLabel: "" # List of pod labels to add to windows exporter metrics # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor - podTargetLabels: ["component"] + podTargetLabels: [] scheme: http basicAuth: {} @@ -161,13 +161,13 @@ prometheus: # ProxyURL eg http://proxyserver:2195. Directs scrapes through proxy to this endpoint. proxyUrl: "" - # Interval at which endpoints should be scraped. If not specified Prometheus’ global scrape interval is used. + # Interval at which endpoints should be scraped. If not specified Prometheus' global scrape interval is used. interval: "" # Timeout after which the scrape is ended. If not specified, the Prometheus global scrape interval is used. scrapeTimeout: "" # HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. honorTimestamps: true - # HonorLabels chooses the metric’s labels on collisions with target labels. + # HonorLabels chooses the metric's labels on collisions with target labels. honorLabels: true # Whether to enable HTTP2. Default false. enableHttp2: "" @@ -180,7 +180,7 @@ prometheus: params: {} # RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds - # relabelings for a few standard Kubernetes fields. The original scrape job’s name + # relabelings for a few standard Kubernetes fields. The original scrape job's name # is available via the __tmp_prometheus_job_name label. # More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config relabelings: [] @@ -234,6 +234,8 @@ securityContext: hostProcess: true runAsUserName: "NT AUTHORITY\\system" +containerSecurityContext: {} + rbac: ## If true, create & use RBAC resources ## diff --git a/charts/rancher-monitoring/templates/NOTES.txt b/charts/kube-prometheus-stack/templates/NOTES.txt similarity index 73% rename from charts/rancher-monitoring/templates/NOTES.txt rename to charts/kube-prometheus-stack/templates/NOTES.txt index 1e946ee..a2e0f26 100644 --- a/charts/rancher-monitoring/templates/NOTES.txt +++ b/charts/kube-prometheus-stack/templates/NOTES.txt @@ -10,4 +10,9 @@ Access Grafana local instance: export POD_NAME=$(kubectl --namespace {{ template "kube-prometheus-stack.namespace" . }} get pod -l "app.kubernetes.io/name={{ default "grafana" .Values.grafana.name }},app.kubernetes.io/instance={{ $.Release.Name }}" -oname) kubectl --namespace {{ template "kube-prometheus-stack.namespace" . }} port-forward $POD_NAME 3000 +Get your grafana admin user password by running: + + kubectl get secret --namespace {{ .Values.grafana.namespaceOverride | default (include "kube-prometheus-stack.namespace" .) }} -l app.kubernetes.io/component=admin-secret -o jsonpath="{.items[0].data.{{ .Values.grafana.admin.passwordKey | default "admin-password" }}}" | base64 --decode ; echo + + Visit https://github.com/prometheus-operator/kube-prometheus for instructions on how to create & configure Alertmanager and Prometheus instances using the Operator. diff --git a/charts/rancher-monitoring/templates/_helpers.tpl b/charts/kube-prometheus-stack/templates/_helpers.tpl similarity index 66% rename from charts/rancher-monitoring/templates/_helpers.tpl rename to charts/kube-prometheus-stack/templates/_helpers.tpl index b578373..3c1fe6a 100644 --- a/charts/rancher-monitoring/templates/_helpers.tpl +++ b/charts/kube-prometheus-stack/templates/_helpers.tpl @@ -1,147 +1,3 @@ -# Rancher -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -{{- define "monitoring_registry" -}} - {{- $temp_registry := (include "system_default_registry" .) -}} - {{- if $temp_registry -}} - {{- trimSuffix "/" $temp_registry -}} - {{- else -}} - {{- .Values.global.imageRegistry -}} - {{- end -}} -{{- end -}} - -{{/* -https://github.com/helm/helm/issues/4535#issuecomment-477778391 -Usage: {{ include "call-nested" (list . "SUBCHART_NAME" "TEMPLATE") }} -e.g. {{ include "call-nested" (list . "grafana" "grafana.fullname") }} -*/}} -{{- define "call-nested" }} -{{- $dot := index . 0 }} -{{- $subchart := index . 1 | splitList "." }} -{{- $template := index . 2 }} -{{- $values := $dot.Values }} -{{- range $subchart }} -{{- $values = index $values . }} -{{- end }} -{{- include $template (dict "Chart" (dict "Name" (last $subchart)) "Values" $values "Release" $dot.Release "Capabilities" $dot.Capabilities) }} -{{- end }} - -# Special Exporters -{{- define "exporter.kubeEtcd.enabled" -}} -{{- if or .Values.kubeEtcd.enabled .Values.rkeEtcd.enabled .Values.kubeAdmEtcd.enabled .Values.rke2Etcd.enabled -}} -"true" -{{- end -}} -{{- end }} - -{{- define "exporter.kubeControllerManager.enabled" -}} -{{- if or .Values.kubeControllerManager.enabled .Values.rkeControllerManager.enabled .Values.k3sServer.enabled .Values.kubeAdmControllerManager.enabled .Values.rke2ControllerManager.enabled -}} -"true" -{{- end -}} -{{- end }} - -{{- define "exporter.kubeScheduler.enabled" -}} -{{- if or .Values.kubeScheduler.enabled .Values.rkeScheduler.enabled .Values.k3sServer.enabled .Values.kubeAdmScheduler.enabled .Values.rke2Scheduler.enabled -}} -"true" -{{- end -}} -{{- end }} - -{{- define "exporter.kubeProxy.enabled" -}} -{{- if or .Values.kubeProxy.enabled .Values.rkeProxy.enabled .Values.k3sServer.enabled .Values.kubeAdmProxy.enabled .Values.rke2Proxy.enabled -}} -"true" -{{- end -}} -{{- end }} - -{{- define "exporter.kubelet.enabled" -}} -{{- if or .Values.kubelet.enabled .Values.hardenedKubelet.enabled .Values.k3sServer.enabled -}} -"true" -{{- end -}} -{{- end }} - -{{- define "exporter.kubeControllerManager.jobName" -}} -{{- if .Values.k3sServer.enabled -}} -k3s-server -{{- else -}} -kube-controller-manager -{{- end -}} -{{- end }} - -{{- define "exporter.kubeScheduler.jobName" -}} -{{- if .Values.k3sServer.enabled -}} -k3s-server -{{- else -}} -kube-scheduler -{{- end -}} -{{- end }} - -{{- define "exporter.kubeProxy.jobName" -}} -{{- if .Values.k3sServer.enabled -}} -k3s-server -{{- else -}} -kube-proxy -{{- end -}} -{{- end }} - -{{- define "exporter.kubelet.jobName" -}} -{{- if .Values.k3sServer.enabled -}} -k3s-server -{{- else -}} -kubelet -{{- end -}} -{{- end }} - -{{- define "kubelet.serviceMonitor.resourcePath" -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if not (eq .Values.kubelet.serviceMonitor.resourcePath "/metrics/resource/v1alpha1") -}} -{{ .Values.kubelet.serviceMonitor.resourcePath }} -{{- else if semverCompare ">=1.20.0-0" $kubeTargetVersion -}} -/metrics/resource -{{- else -}} -/metrics/resource/v1alpha1 -{{- end -}} -{{- end }} - -{{- define "rancher.serviceMonitor.selector" -}} -{{- if .Values.rancherMonitoring.selector }} -{{ .Values.rancherMonitoring.selector | toYaml }} -{{- else }} -{{- $rancherDeployment := (lookup "apps/v1" "Deployment" "cattle-system" "rancher") }} -{{- if $rancherDeployment }} -matchLabels: - app: rancher - chart: {{ index $rancherDeployment.metadata.labels "chart" }} - release: rancher -{{- end }} -{{- end }} -{{- end }} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# Prometheus Operator - {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. This is suffixed with -alertmanager, which means subtract 13 from longest 63 available */}} {{- define "kube-prometheus-stack.name" -}} @@ -187,11 +43,6 @@ The longest name that gets created adds and extra 37 characters, so truncation s {{- end }} {{- end }} -{{/* Prometheus apiVersion for networkpolicy */}} -{{- define "kube-prometheus-stack.prometheus.networkPolicy.apiVersion" -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} - {{/* Alertmanager custom resource instance name */}} {{- define "kube-prometheus-stack.alertmanager.crname" -}} {{- if .Values.cleanPrometheusOperatorObjectNames }} @@ -225,9 +76,8 @@ The longest name that gets created adds and extra 37 characters, so truncation s {{- define "kube-prometheus-stack.labels" }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/version: {{ .Chart.AppVersion }} +app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" app.kubernetes.io/part-of: {{ template "kube-prometheus-stack.name" . }} -helm.sh/chart: {{ template "kube-prometheus-stack.chartref" . }} chart: {{ template "kube-prometheus-stack.chartref" . }} release: {{ $.Release.Name | quote }} heritage: {{ $.Release.Service | quote }} @@ -304,6 +154,64 @@ Use the grafana namespace override for multi-namespace deployments in combined c {{- end -}} {{- end -}} +{{/* +Use the Alertmanager namespace override for multi-namespace deployments in combined charts +*/}} +{{- define "kube-prometheus-stack-alertmanager.namespace" -}} + {{- if .Values.alertmanager.namespaceOverride -}} + {{- .Values.alertmanager.namespaceOverride -}} + {{- else -}} + {{- include "kube-prometheus-stack.namespace" . -}} + {{- end -}} +{{- end -}} + +{{/* +Allow kubelet job name to be overridden +*/}} +{{- define "kube-prometheus-stack-kubelet.name" -}} + {{- if index .Values "kubelet" "jobNameOverride" -}} + {{- index .Values "kubelet" "jobNameOverride" -}} + {{- else -}} + {{- print "kubelet" -}} + {{- end -}} +{{- end -}} + + +{{/* +Allow kube-controller-manager job name to be overridden +*/}} +{{- define "kube-prometheus-stack-kube-controller-manager.name" -}} + {{- if index .Values "kubeControllerManager" "jobNameOverride" -}} + {{- index .Values "kubeControllerManager" "jobNameOverride" -}} + {{- else -}} + {{- print "kube-controller-manager" -}} + {{- end -}} +{{- end -}} + + +{{/* +Allow kube-scheduler job name to be overridden +*/}} +{{- define "kube-prometheus-stack-kube-scheduler.name" -}} + {{- if index .Values "kubeScheduler" "jobNameOverride" -}} + {{- index .Values "kubeScheduler" "jobNameOverride" -}} + {{- else -}} + {{- print "kube-scheduler" -}} + {{- end -}} +{{- end -}} + + +{{/* +Allow kube-proxy job name to be overridden +*/}} +{{- define "kube-prometheus-stack-kube-proxy.name" -}} + {{- if index .Values "kubeProxy" "jobNameOverride" -}} + {{- index .Values "kubeProxy" "jobNameOverride" -}} + {{- else -}} + {{- print "kube-proxy" -}} + {{- end -}} +{{- end -}} + {{/* Allow kube-state-metrics job name to be overridden */}} @@ -342,37 +250,6 @@ Use the prometheus-node-exporter namespace override for multi-namespace deployme {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride -}} {{- end -}} -{{/* Get Ingress API Version */}} -{{- define "kube-prometheus-stack.ingress.apiVersion" -}} - {{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" (include "kube-prometheus-stack.kubeVersion" .)) -}} - {{- print "networking.k8s.io/v1" -}} - {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} - {{- print "networking.k8s.io/v1beta1" -}} - {{- else -}} - {{- print "extensions/v1beta1" -}} - {{- end -}} -{{- end -}} - -{{/* Check Ingress stability */}} -{{- define "kube-prometheus-stack.ingress.isStable" -}} - {{- eq (include "kube-prometheus-stack.ingress.apiVersion" .) "networking.k8s.io/v1" -}} -{{- end -}} - -{{/* Check Ingress supports pathType */}} -{{/* pathType was added to networking.k8s.io/v1beta1 in Kubernetes 1.18 */}} -{{- define "kube-prometheus-stack.ingress.supportsPathType" -}} - {{- or (eq (include "kube-prometheus-stack.ingress.isStable" .) "true") (and (eq (include "kube-prometheus-stack.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" (include "kube-prometheus-stack.kubeVersion" .))) -}} -{{- end -}} - -{{/* Get Policy API Version */}} -{{- define "kube-prometheus-stack.pdb.apiVersion" -}} - {{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" (include "kube-prometheus-stack.kubeVersion" .)) -}} - {{- print "policy/v1" -}} - {{- else -}} - {{- print "policy/v1beta1" -}} - {{- end -}} - {{- end -}} - {{/* Get value based on current Kubernetes version */}} {{- define "kube-prometheus-stack.kubeVersionDefaultValue" -}} {{- $values := index . 0 -}} @@ -477,10 +354,35 @@ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token {{- end }} {{- end }} -{{- define "rke2-ingress-nginx.namespace" -}} - {{- if .Values.rke2IngressNginx.namespaceOverride -}} - {{- .Values.rke2IngressNginx.namespaceOverride -}} - {{- else -}} - {{- print "kube-system" -}} - {{- end -}} + +{{/* To help configure anti-affinity rules for Prometheus pods */}} +{{- define "kube-prometheus-stack.prometheus.pod-anti-affinity.matchExpressions" }} +{{- if .Values.prometheus.agentMode }} +- {key: app.kubernetes.io/name, operator: In, values: [prometheus-agent]} +- {key: app.kubernetes.io/instance, operator: In, values: [{{ template "kube-prometheus-stack.prometheus.crname" . }}]} +{{- else }} +- {key: app.kubernetes.io/name, operator: In, values: [prometheus]} +- {key: app.kubernetes.io/instance, operator: In, values: [{{ template "kube-prometheus-stack.prometheus.crname" . }}]} +{{- end }} +{{- end }} + +{{/* To help configure Grafana operator folder settings (folder, folderUID, or folderRef) */}} +{{- define "kube-prometheus-stack.grafana.operator.folder" }} +{{- $folder := .Values.grafana.operator.folder }} +{{- $folderUID := .Values.grafana.operator.folderUID }} +{{- $folderRef := .Values.grafana.operator.folderRef }} +{{- if not (or + (and $folder (not $folderUID) (not $folderRef)) + (and (not $folder) $folderUID (not $folderRef)) + (and (not $folder) (not $folderUID) $folderRef) +)}} +{{- fail "grafana.operator: only one of folder, folderUID, or folderRef must be set" }} +{{- end }} +{{- if $folder }} +folder: {{ $folder | quote }} +{{- else if $folderUID }} +folderUID: {{ $folderUID | quote }} +{{- else if $folderRef }} +folderRef: {{ $folderRef | quote }} +{{- end }} {{- end }} diff --git a/charts/rancher-monitoring/templates/alertmanager/alertmanager.yaml b/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml similarity index 82% rename from charts/rancher-monitoring/templates/alertmanager/alertmanager.yaml rename to charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml index 49c89b7..791db34 100644 --- a/charts/rancher-monitoring/templates/alertmanager/alertmanager.yaml +++ b/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml @@ -3,17 +3,20 @@ apiVersion: monitoring.coreos.com/v1 kind: Alertmanager metadata: name: {{ template "kube-prometheus-stack.alertmanager.crname" . }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} + namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.alertmanager.annotations }} + {{- include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- with .Values.alertmanager.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.alertmanager.annotations }} annotations: -{{ toYaml .Values.alertmanager.annotations | indent 4 }} -{{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if .Values.alertmanager.alertmanagerSpec.image }} - {{- $registry := include "monitoring_registry" . | default .Values.alertmanager.alertmanagerSpec.image.registry }} + {{- $registry := .Values.global.imageRegistry | default .Values.alertmanager.alertmanagerSpec.image.registry -}} {{- if and .Values.alertmanager.alertmanagerSpec.image.tag .Values.alertmanager.alertmanagerSpec.image.sha }} image: "{{ $registry }}/{{ .Values.alertmanager.alertmanagerSpec.image.repository }}:{{ .Values.alertmanager.alertmanagerSpec.image.tag }}@sha256:{{ .Values.alertmanager.alertmanagerSpec.image.sha }}" {{- else if .Values.alertmanager.alertmanagerSpec.image.sha }} @@ -23,6 +26,7 @@ spec: {{- else }} image: "{{ $registry }}/{{ .Values.alertmanager.alertmanagerSpec.image.repository }}" {{- end }} + imagePullPolicy: "{{ .Values.alertmanager.alertmanagerSpec.image.pullPolicy }}" version: {{ default .Values.alertmanager.alertmanagerSpec.image.tag .Values.alertmanager.alertmanagerSpec.version }} {{- if .Values.alertmanager.alertmanagerSpec.image.sha }} sha: {{ .Values.alertmanager.alertmanagerSpec.image.sha }} @@ -30,19 +34,20 @@ spec: {{- end }} replicas: {{ .Values.alertmanager.alertmanagerSpec.replicas }} listenLocal: {{ .Values.alertmanager.alertmanagerSpec.listenLocal }} + {{- if .Values.alertmanager.alertmanagerSpec.serviceName }} + serviceName: {{ tpl .Values.alertmanager.alertmanagerSpec.serviceName . }} + {{- end }} serviceAccountName: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.alertmanager.alertmanagerSpec.automountServiceAccountToken }} {{- if .Values.alertmanager.alertmanagerSpec.externalUrl }} externalUrl: "{{ tpl .Values.alertmanager.alertmanagerSpec.externalUrl . }}" {{- else if and .Values.alertmanager.ingress.enabled .Values.alertmanager.ingress.hosts }} externalUrl: "http://{{ tpl (index .Values.alertmanager.ingress.hosts 0) . }}{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}" -{{- else if not (or (kindIs "invalid" .Values.global.cattle.url) (kindIs "invalid" .Values.global.cattle.clusterId)) }} - externalUrl: "{{ .Values.global.cattle.url }}/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Values.namespaceOverride }}/services/http:{{ template "kube-prometheus-stack.fullname" . }}-alertmanager:{{ .Values.alertmanager.service.port }}/proxy" {{- else }} externalUrl: http://{{ template "kube-prometheus-stack.fullname" . }}-alertmanager.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.alertmanager.service.port }} {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 4 }} {{- if .Values.alertmanager.alertmanagerSpec.nodeSelector }} + nodeSelector: {{ toYaml .Values.alertmanager.alertmanagerSpec.nodeSelector | indent 4 }} {{- end }} paused: {{ .Values.alertmanager.alertmanagerSpec.paused }} @@ -70,12 +75,8 @@ spec: {{ else }} alertmanagerConfigSelector: {} {{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector }} alertmanagerConfigNamespaceSelector: -{{ tpl (toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector | indent 4) . }} -{{ else }} - alertmanagerConfigNamespaceSelector: {} -{{- end }} +{{ tpl (toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector | indent 4 | default "null") . }} {{- if .Values.alertmanager.alertmanagerSpec.web }} web: {{ toYaml .Values.alertmanager.alertmanagerSpec.web | indent 4 }} @@ -99,6 +100,16 @@ spec: securityContext: {{ toYaml .Values.alertmanager.alertmanagerSpec.securityContext | indent 4 }} {{- end }} +{{- if kindIs "bool" .Values.alertmanager.alertmanagerSpec.hostUsers }} + hostUsers: {{ .Values.alertmanager.alertmanagerSpec.hostUsers }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.dnsConfig }} + dnsConfig: +{{ toYaml .Values.alertmanager.alertmanagerSpec.dnsConfig | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.dnsPolicy }} + dnsPolicy: {{ .Values.alertmanager.alertmanagerSpec.dnsPolicy }} +{{- end }} {{- if .Values.alertmanager.alertmanagerSpec.storage }} storage: {{ tpl (toYaml .Values.alertmanager.alertmanagerSpec.storage | indent 4) . }} @@ -136,8 +147,8 @@ spec: - {key: app.kubernetes.io/name, operator: In, values: [alertmanager]} - {key: alertmanager, operator: In, values: [{{ template "kube-prometheus-stack.alertmanager.crname" . }}]} {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 4 }} {{- if .Values.alertmanager.alertmanagerSpec.tolerations }} + tolerations: {{ toYaml .Values.alertmanager.alertmanagerSpec.tolerations | indent 4 }} {{- end }} {{- if .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints }} @@ -193,10 +204,25 @@ spec: {{- if .Values.alertmanager.alertmanagerSpec.minReadySeconds }} minReadySeconds: {{ .Values.alertmanager.alertmanagerSpec.minReadySeconds }} {{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.podManagementPolicy }} + podManagementPolicy: {{ .Values.alertmanager.alertmanagerSpec.podManagementPolicy }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.updateStrategy }} + updateStrategy: +{{ toYaml .Values.alertmanager.alertmanagerSpec.updateStrategy | indent 4 }} +{{- end }} + hostNetwork: {{ .Values.alertmanager.alertmanagerSpec.hostNetwork }} +{{- if .Values.alertmanager.alertmanagerSpec.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.alertmanager.alertmanagerSpec.terminationGracePeriodSeconds }} +{{- end }} {{- with .Values.alertmanager.alertmanagerSpec.additionalConfig }} {{- tpl (toYaml .) $ | nindent 2 }} {{- end }} {{- with .Values.alertmanager.alertmanagerSpec.additionalConfigString }} {{- tpl . $ | nindent 2 }} {{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.additionalArgs }} + additionalArgs: +{{ toYaml .Values.alertmanager.alertmanagerSpec.additionalArgs | indent 4 }} +{{- end }} {{- end }} diff --git a/charts/rancher-monitoring/templates/alertmanager/extrasecret.yaml b/charts/kube-prometheus-stack/templates/alertmanager/extrasecret.yaml similarity index 90% rename from charts/rancher-monitoring/templates/alertmanager/extrasecret.yaml rename to charts/kube-prometheus-stack/templates/alertmanager/extrasecret.yaml index ecd8f47..22118bf 100644 --- a/charts/rancher-monitoring/templates/alertmanager/extrasecret.yaml +++ b/charts/kube-prometheus-stack/templates/alertmanager/extrasecret.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ default $secretName .Values.alertmanager.extraSecret.name }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} + namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }} {{- if .Values.alertmanager.extraSecret.annotations }} annotations: {{ toYaml .Values.alertmanager.extraSecret.annotations | indent 4 }} diff --git a/charts/rancher-monitoring/templates/alertmanager/ingress.yaml b/charts/kube-prometheus-stack/templates/alertmanager/ingress.yaml similarity index 71% rename from charts/rancher-monitoring/templates/alertmanager/ingress.yaml rename to charts/kube-prometheus-stack/templates/alertmanager/ingress.yaml index be9f5aa..e4dd73f 100644 --- a/charts/rancher-monitoring/templates/alertmanager/ingress.yaml +++ b/charts/kube-prometheus-stack/templates/alertmanager/ingress.yaml @@ -5,13 +5,12 @@ {{- $servicePort := .Values.alertmanager.ingress.servicePort | default .Values.alertmanager.service.port -}} {{- $routePrefix := list .Values.alertmanager.alertmanagerSpec.routePrefix }} {{- $paths := .Values.alertmanager.ingress.paths | default $routePrefix -}} -{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} -{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} -apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }} +{{- $extraPaths := .Values.alertmanager.ingress.extraPaths | default list -}} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $serviceName }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} + namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }} {{- if .Values.alertmanager.ingress.annotations }} annotations: {{- tpl (toYaml .Values.alertmanager.ingress.annotations) . | nindent 4 }} @@ -23,11 +22,9 @@ metadata: {{- end }} {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: - {{- if $apiIsStable }} {{- if .Values.alertmanager.ingress.ingressClassName }} ingressClassName: {{ .Values.alertmanager.ingress.ingressClassName }} {{- end }} - {{- end }} rules: {{- if .Values.alertmanager.ingress.hosts }} {{- range $host := .Values.alertmanager.ingress.hosts }} @@ -35,40 +32,32 @@ spec: http: paths: {{- range $p := $paths }} + {{- with $extraPaths }} + {{- toYaml . | nindent 10 }} + {{- end }} - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} pathType: {{ $pathType }} - {{- end }} backend: - {{- if $apiIsStable }} service: name: {{ $backendServiceName }} port: number: {{ $servicePort }} - {{- else }} - serviceName: {{ $backendServiceName }} - servicePort: {{ $servicePort }} - {{- end }} {{- end -}} {{- end -}} {{- else }} - http: paths: {{- range $p := $paths }} + {{- with $extraPaths }} + {{- toYaml . | nindent 10 }} + {{- end }} - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} pathType: {{ $pathType }} - {{- end }} backend: - {{- if $apiIsStable }} service: name: {{ $backendServiceName }} port: number: {{ $servicePort }} - {{- else }} - serviceName: {{ $backendServiceName }} - servicePort: {{ $servicePort }} - {{- end }} {{- end -}} {{- end -}} {{- if .Values.alertmanager.ingress.tls }} diff --git a/charts/rancher-monitoring/templates/alertmanager/ingressperreplica.yaml b/charts/kube-prometheus-stack/templates/alertmanager/ingressperreplica.yaml similarity index 76% rename from charts/rancher-monitoring/templates/alertmanager/ingressperreplica.yaml rename to charts/kube-prometheus-stack/templates/alertmanager/ingressperreplica.yaml index b2e00a4..6c58f55 100644 --- a/charts/rancher-monitoring/templates/alertmanager/ingressperreplica.yaml +++ b/charts/kube-prometheus-stack/templates/alertmanager/ingressperreplica.yaml @@ -3,17 +3,15 @@ {{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}} {{- $servicePort := .Values.alertmanager.service.port -}} {{- $ingressValues := .Values.alertmanager.ingressPerReplica -}} -{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} -{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} apiVersion: v1 kind: List metadata: name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-ingressperreplica - namespace: {{ template "kube-prometheus-stack.namespace" . }} + namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }} items: {{ range $i, $e := until $count }} - kind: Ingress - apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" $ }} + apiVersion: networking.k8s.io/v1 metadata: name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} namespace: {{ template "kube-prometheus-stack.namespace" $ }} @@ -28,30 +26,21 @@ items: {{- tpl (toYaml $ingressValues.annotations) $ | nindent 8 }} {{- end }} spec: - {{- if $apiIsStable }} {{- if $ingressValues.ingressClassName }} ingressClassName: {{ $ingressValues.ingressClassName }} {{- end }} - {{- end }} rules: - host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} http: paths: {{- range $p := $ingressValues.paths }} - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} pathType: {{ $pathType }} - {{- end }} backend: - {{- if $apiIsStable }} service: name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} port: number: {{ $servicePort }} - {{- else }} - serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} - servicePort: {{ $servicePort }} - {{- end }} {{- end -}} {{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }} tls: diff --git a/charts/rancher-monitoring/templates/alertmanager/networkpolicy.yaml b/charts/kube-prometheus-stack/templates/alertmanager/networkpolicy.yaml similarity index 92% rename from charts/rancher-monitoring/templates/alertmanager/networkpolicy.yaml rename to charts/kube-prometheus-stack/templates/alertmanager/networkpolicy.yaml index 320e6a7..3d08b70 100644 --- a/charts/rancher-monitoring/templates/alertmanager/networkpolicy.yaml +++ b/charts/kube-prometheus-stack/templates/alertmanager/networkpolicy.yaml @@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager - namespace: {{ template "kube-prometheus-stack.namespace" . }} + namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-alertmanager {{- include "kube-prometheus-stack.labels" . | nindent 4 }} @@ -38,6 +38,10 @@ spec: ports: - port: {{ .Values.alertmanager.service.port }} protocol: TCP + {{- if .Values.alertmanager.networkPolicy.monitoringRules.configReloader }} + - port: 8080 + protocol: TCP + {{- end }} {{- end }} {{- if and (.Values.alertmanager.networkPolicy.enableClusterRules) (.Values.alertmanager.service.clusterPort) }} # Allow ingress from other Alertmanager pods (for clustering) diff --git a/charts/rancher-monitoring/templates/alertmanager/podDisruptionBudget.yaml b/charts/kube-prometheus-stack/templates/alertmanager/podDisruptionBudget.yaml similarity index 53% rename from charts/rancher-monitoring/templates/alertmanager/podDisruptionBudget.yaml rename to charts/kube-prometheus-stack/templates/alertmanager/podDisruptionBudget.yaml index b183403..e136f88 100644 --- a/charts/rancher-monitoring/templates/alertmanager/podDisruptionBudget.yaml +++ b/charts/kube-prometheus-stack/templates/alertmanager/podDisruptionBudget.yaml @@ -1,19 +1,14 @@ {{- if and .Values.alertmanager.enabled .Values.alertmanager.podDisruptionBudget.enabled }} -apiVersion: {{ include "kube-prometheus-stack.pdb.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager - namespace: {{ template "kube-prometheus-stack.namespace" . }} + namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-alertmanager {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: - {{- if .Values.alertmanager.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.alertmanager.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.alertmanager.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }} - {{- end }} +{{- toYaml (omit .Values.alertmanager.podDisruptionBudget "enabled") | nindent 2 }} selector: matchLabels: app.kubernetes.io/name: alertmanager diff --git a/charts/rancher-monitoring/templates/alertmanager/route.yaml b/charts/kube-prometheus-stack/templates/alertmanager/route.yaml similarity index 90% rename from charts/rancher-monitoring/templates/alertmanager/route.yaml rename to charts/kube-prometheus-stack/templates/alertmanager/route.yaml index ea2684d..2426822 100644 --- a/charts/rancher-monitoring/templates/alertmanager/route.yaml +++ b/charts/kube-prometheus-stack/templates/alertmanager/route.yaml @@ -12,7 +12,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ $serviceName }}{{ if ne $name "main" }}-{{ $name }}{{ end }} - namespace: {{ template "kube-prometheus-stack.namespace" $ }} + namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" $ }} labels: app: {{ template "kube-prometheus-stack.name" $ }}-alertmanager {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} @@ -40,7 +40,10 @@ spec: statusCode: 301 {{- else }} - backendRefs: - - name: {{ $serviceName }} + - group: "" + kind: Service + weight: 1 + name: {{ $serviceName }} port: {{ $servicePort }} {{- with $route.filters }} filters: diff --git a/charts/rancher-monitoring/templates/alertmanager/secret.yaml b/charts/kube-prometheus-stack/templates/alertmanager/secret.yaml similarity index 64% rename from charts/rancher-monitoring/templates/alertmanager/secret.yaml rename to charts/kube-prometheus-stack/templates/alertmanager/secret.yaml index d4c397f..6cf39e9 100644 --- a/charts/rancher-monitoring/templates/alertmanager/secret.yaml +++ b/charts/kube-prometheus-stack/templates/alertmanager/secret.yaml @@ -1,16 +1,9 @@ {{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) }} -{{/* This file is applied when the operation is helm install and the target secret does not exist. */}} -{{- $secretName := (printf "alertmanager-%s" (include "kube-prometheus-stack.alertmanager.crname" .)) }} -{{- if or (not (lookup "v1" "Secret" (include "kube-prometheus-stack.namespace" .) $secretName)) (eq .Values.alertmanager.secret.recreateIfExists true) }} apiVersion: v1 kind: Secret metadata: - name: {{ $secretName }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - annotations: - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/hook-weight": "3" - "helm.sh/resource-policy": keep + name: alertmanager-{{ template "kube-prometheus-stack.alertmanager.crname" . }} + namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }} {{- if .Values.alertmanager.secret.annotations }} annotations: {{ toYaml .Values.alertmanager.secret.annotations | indent 4 }} @@ -34,4 +27,3 @@ data: {{ $key }}: {{ $val | b64enc | quote }} {{- end }} {{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/alertmanager/service.yaml b/charts/kube-prometheus-stack/templates/alertmanager/service.yaml similarity index 94% rename from charts/rancher-monitoring/templates/alertmanager/service.yaml rename to charts/kube-prometheus-stack/templates/alertmanager/service.yaml index 6446f01..e82c517 100644 --- a/charts/rancher-monitoring/templates/alertmanager/service.yaml +++ b/charts/kube-prometheus-stack/templates/alertmanager/service.yaml @@ -1,10 +1,10 @@ {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if .Values.alertmanager.enabled }} +{{- if and .Values.alertmanager.enabled .Values.alertmanager.service.enabled }} apiVersion: v1 kind: Service metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager - namespace: {{ template "kube-prometheus-stack.namespace" . }} + namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-alertmanager self-monitor: {{ .Values.alertmanager.serviceMonitor.selfMonitor | quote }} diff --git a/charts/rancher-monitoring/templates/alertmanager/serviceaccount.yaml b/charts/kube-prometheus-stack/templates/alertmanager/serviceaccount.yaml similarity index 92% rename from charts/rancher-monitoring/templates/alertmanager/serviceaccount.yaml rename to charts/kube-prometheus-stack/templates/alertmanager/serviceaccount.yaml index 745ced8..51f7890 100644 --- a/charts/rancher-monitoring/templates/alertmanager/serviceaccount.yaml +++ b/charts/kube-prometheus-stack/templates/alertmanager/serviceaccount.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} + namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-alertmanager app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-alertmanager diff --git a/charts/rancher-monitoring/templates/alertmanager/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/alertmanager/servicemonitor.yaml similarity index 76% rename from charts/rancher-monitoring/templates/alertmanager/servicemonitor.yaml rename to charts/kube-prometheus-stack/templates/alertmanager/servicemonitor.yaml index ffba880..1660808 100644 --- a/charts/rancher-monitoring/templates/alertmanager/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/alertmanager/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager - namespace: {{ template "kube-prometheus-stack.namespace" . }} + namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-alertmanager {{ include "kube-prometheus-stack.labels" . | indent 4 }} @@ -39,19 +39,28 @@ spec: tlsConfig: {{- toYaml .Values.alertmanager.serviceMonitor.tlsConfig | nindent 6 }} {{- end }} path: "{{ trimSuffix "/" .Values.alertmanager.alertmanagerSpec.routePrefix }}/metrics" - metricRelabelings: {{- if .Values.alertmanager.serviceMonitor.metricRelabelings }} - {{- tpl (toYaml .Values.alertmanager.serviceMonitor.metricRelabelings | nindent 6) . }} + metricRelabelings: {{- tpl (toYaml .Values.alertmanager.serviceMonitor.metricRelabelings | nindent 6) . }} {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} + {{- if .Values.alertmanager.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.alertmanager.serviceMonitor.relabelings | nindent 6 }} {{- end }} - {{ if .Values.global.cattle.clusterName }} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} + - port: reloader-web + {{- if .Values.alertmanager.serviceMonitor.interval }} + interval: {{ .Values.alertmanager.serviceMonitor.interval }} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.alertmanager.serviceMonitor.proxyUrl}} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.scheme }} + scheme: {{ .Values.alertmanager.serviceMonitor.scheme }} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.tlsConfig }} + tlsConfig: {{- toYaml .Values.alertmanager.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + path: "/metrics" + {{- if .Values.alertmanager.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- tpl (toYaml .Values.alertmanager.serviceMonitor.metricRelabelings | nindent 6) . }} {{- end }} {{- if .Values.alertmanager.serviceMonitor.relabelings }} relabelings: {{- toYaml .Values.alertmanager.serviceMonitor.relabelings | nindent 6 }} diff --git a/charts/rancher-monitoring/templates/alertmanager/serviceperreplica.yaml b/charts/kube-prometheus-stack/templates/alertmanager/serviceperreplica.yaml similarity index 96% rename from charts/rancher-monitoring/templates/alertmanager/serviceperreplica.yaml rename to charts/kube-prometheus-stack/templates/alertmanager/serviceperreplica.yaml index 75a13bd..6322df8 100644 --- a/charts/rancher-monitoring/templates/alertmanager/serviceperreplica.yaml +++ b/charts/kube-prometheus-stack/templates/alertmanager/serviceperreplica.yaml @@ -5,7 +5,7 @@ apiVersion: v1 kind: List metadata: name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-serviceperreplica - namespace: {{ template "kube-prometheus-stack.namespace" . }} + namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }} items: {{- range $i, $e := until $count }} - apiVersion: v1 diff --git a/charts/kube-prometheus-stack/templates/alertmanager/verticalpodautoscaler.yaml b/charts/kube-prometheus-stack/templates/alertmanager/verticalpodautoscaler.yaml new file mode 100644 index 0000000..60c665a --- /dev/null +++ b/charts/kube-prometheus-stack/templates/alertmanager/verticalpodautoscaler.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.verticalPodAutoscaler.enabled }} +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + {{- include "kube-prometheus-stack.labels" . | nindent 4 }} +spec: + {{- with .Values.alertmanager.verticalPodAutoscaler.recommenders }} + recommenders: + {{- toYaml . | nindent 4 }} + {{- end }} + resourcePolicy: + containerPolicies: + - containerName: alertmanager + {{- with .Values.alertmanager.verticalPodAutoscaler.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.alertmanager.verticalPodAutoscaler.controlledValues }} + controlledValues: {{ .Values.alertmanager.verticalPodAutoscaler.controlledValues }} + {{- end }} + {{- if .Values.alertmanager.verticalPodAutoscaler.maxAllowed }} + maxAllowed: + {{- toYaml .Values.alertmanager.verticalPodAutoscaler.maxAllowed | nindent 8 }} + {{- end }} + {{- if .Values.alertmanager.verticalPodAutoscaler.minAllowed }} + minAllowed: + {{- toYaml .Values.alertmanager.verticalPodAutoscaler.minAllowed | nindent 8 }} + {{- end }} + targetRef: + apiVersion: monitoring.coreos.com/v1 + kind: Alertmanager + name: {{ template "kube-prometheus-stack.alertmanager.crname" . }} + {{- with .Values.alertmanager.verticalPodAutoscaler.updatePolicy }} + updatePolicy: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/core-dns/service.yaml b/charts/kube-prometheus-stack/templates/exporters/core-dns/service.yaml similarity index 100% rename from charts/rancher-monitoring/templates/exporters/core-dns/service.yaml rename to charts/kube-prometheus-stack/templates/exporters/core-dns/service.yaml diff --git a/charts/rancher-monitoring/templates/exporters/core-dns/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/core-dns/servicemonitor.yaml similarity index 75% rename from charts/rancher-monitoring/templates/exporters/core-dns/servicemonitor.yaml rename to charts/kube-prometheus-stack/templates/exporters/core-dns/servicemonitor.yaml index ece3a50..379783b 100644 --- a/charts/rancher-monitoring/templates/exporters/core-dns/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/core-dns/servicemonitor.yaml @@ -40,21 +40,13 @@ spec: {{- if .Values.coreDns.serviceMonitor.proxyUrl }} proxyUrl: {{ .Values.coreDns.serviceMonitor.proxyUrl}} {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.coreDns.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ .Values.coreDns.serviceMonitor.bearerTokenFile }} + {{- end }} +{{- if .Values.coreDns.serviceMonitor.metricRelabelings }} metricRelabelings: - {{- if .Values.coreDns.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.coreDns.serviceMonitor.metricRelabelings | indent 4) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName }} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} +{{ tpl (toYaml .Values.coreDns.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} {{- if .Values.coreDns.serviceMonitor.relabelings }} relabelings: {{ tpl (toYaml .Values.coreDns.serviceMonitor.relabelings | indent 4) . }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-api-server/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-api-server/servicemonitor.yaml similarity index 81% rename from charts/rancher-monitoring/templates/exporters/kube-api-server/servicemonitor.yaml rename to charts/kube-prometheus-stack/templates/exporters/kube-api-server/servicemonitor.yaml index 3b8f844..35780a7 100644 --- a/charts/rancher-monitoring/templates/exporters/kube-api-server/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-api-server/servicemonitor.yaml @@ -26,20 +26,10 @@ spec: {{- end }} port: https scheme: https +{{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }} metricRelabelings: - {{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }} {{ tpl (toYaml .Values.kubeApiServer.serviceMonitor.metricRelabelings | indent 6) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} +{{- end }} {{- if .Values.kubeApiServer.serviceMonitor.relabelings }} relabelings: {{ tpl (toYaml .Values.kubeApiServer.serviceMonitor.relabelings | indent 6) . }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-controller-manager/endpoints.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/endpoints.yaml similarity index 100% rename from charts/rancher-monitoring/templates/exporters/kube-controller-manager/endpoints.yaml rename to charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/endpoints.yaml diff --git a/charts/rancher-monitoring/templates/exporters/kube-controller-manager/service.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/service.yaml similarity index 100% rename from charts/rancher-monitoring/templates/exporters/kube-controller-manager/service.yaml rename to charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/service.yaml diff --git a/charts/rancher-monitoring/templates/exporters/kube-controller-manager/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml similarity index 83% rename from charts/rancher-monitoring/templates/exporters/kube-controller-manager/servicemonitor.yaml rename to charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml index 1d7c391..2ee8aff 100644 --- a/charts/rancher-monitoring/templates/exporters/kube-controller-manager/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml @@ -52,20 +52,10 @@ spec: serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }} {{- end }} {{- end }} +{{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }} metricRelabelings: - {{- if.Values.kubeControllerManager.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.metricRelabelings | indent 4) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} +{{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} {{- if .Values.kubeControllerManager.serviceMonitor.relabelings }} relabelings: {{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.relabelings | indent 4) . }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-dns/service.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-dns/service.yaml similarity index 100% rename from charts/rancher-monitoring/templates/exporters/kube-dns/service.yaml rename to charts/kube-prometheus-stack/templates/exporters/kube-dns/service.yaml diff --git a/charts/rancher-monitoring/templates/exporters/kube-dns/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-dns/servicemonitor.yaml similarity index 77% rename from charts/rancher-monitoring/templates/exporters/kube-dns/servicemonitor.yaml rename to charts/kube-prometheus-stack/templates/exporters/kube-dns/servicemonitor.yaml index 7e21fbc..8e35819 100644 --- a/charts/rancher-monitoring/templates/exporters/kube-dns/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-dns/servicemonitor.yaml @@ -37,24 +37,16 @@ spec: {{- if .Values.kubeDns.serviceMonitor.interval }} interval: {{ .Values.kubeDns.serviceMonitor.interval }} {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeDns.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ .Values.kubeDns.serviceMonitor.bearerTokenFile }} + {{- end }} {{- if .Values.kubeDns.serviceMonitor.proxyUrl }} proxyUrl: {{ .Values.kubeDns.serviceMonitor.proxyUrl}} {{- end }} +{{- if .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings }} metricRelabelings: - {{- if .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings }} - {{ tpl (toYaml .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings | indent 4) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} +{{ tpl (toYaml .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings | indent 4) . }} +{{- end }} {{- if .Values.kubeDns.serviceMonitor.dnsmasqRelabelings }} relabelings: {{ toYaml .Values.kubeDns.serviceMonitor.dnsmasqRelabelings | indent 4 }} @@ -63,7 +55,9 @@ spec: {{- if .Values.kubeDns.serviceMonitor.interval }} interval: {{ .Values.kubeDns.serviceMonitor.interval }} {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeDns.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ .Values.kubeDns.serviceMonitor.bearerTokenFile }} + {{- end }} {{- if .Values.kubeDns.serviceMonitor.metricRelabelings }} metricRelabelings: {{ tpl (toYaml .Values.kubeDns.serviceMonitor.metricRelabelings | indent 4) . }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-etcd/endpoints.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-etcd/endpoints.yaml similarity index 100% rename from charts/rancher-monitoring/templates/exporters/kube-etcd/endpoints.yaml rename to charts/kube-prometheus-stack/templates/exporters/kube-etcd/endpoints.yaml diff --git a/charts/rancher-monitoring/templates/exporters/kube-etcd/service.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-etcd/service.yaml similarity index 100% rename from charts/rancher-monitoring/templates/exporters/kube-etcd/service.yaml rename to charts/kube-prometheus-stack/templates/exporters/kube-etcd/service.yaml diff --git a/charts/rancher-monitoring/templates/exporters/kube-etcd/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-etcd/servicemonitor.yaml similarity index 80% rename from charts/rancher-monitoring/templates/exporters/kube-etcd/servicemonitor.yaml rename to charts/kube-prometheus-stack/templates/exporters/kube-etcd/servicemonitor.yaml index 0f1071d..999d9e1 100644 --- a/charts/rancher-monitoring/templates/exporters/kube-etcd/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-etcd/servicemonitor.yaml @@ -20,7 +20,7 @@ spec: targetLabels: {{- toYaml . | nindent 4 }} {{- end }} - {{- include "servicemonitor.scrapeLimits" .Values.kubeEtcd.serviceMonitor | nindent 4 }} + {{- include "servicemonitor.scrapeLimits" .Values.kubeEtcd.serviceMonitor | nindent 2 }} selector: {{- if .Values.kubeEtcd.serviceMonitor.selector }} {{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.selector | nindent 4) . }} @@ -37,7 +37,9 @@ spec: {{- if .Values.kubeEtcd.serviceMonitor.interval }} interval: {{ .Values.kubeEtcd.serviceMonitor.interval }} {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeEtcd.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ .Values.kubeEtcd.serviceMonitor.bearerTokenFile }} + {{- end }} {{- if .Values.kubeEtcd.serviceMonitor.proxyUrl }} proxyUrl: {{ .Values.kubeEtcd.serviceMonitor.proxyUrl}} {{- end }} @@ -58,20 +60,10 @@ spec: {{- end}} insecureSkipVerify: {{ .Values.kubeEtcd.serviceMonitor.insecureSkipVerify }} {{- end }} +{{- if .Values.kubeEtcd.serviceMonitor.metricRelabelings }} metricRelabelings: - {{- if .Values.kubeEtcd.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.metricRelabelings | indent 4) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} +{{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} {{- if .Values.kubeEtcd.serviceMonitor.relabelings }} relabelings: {{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.relabelings | indent 4) . }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-proxy/endpoints.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-proxy/endpoints.yaml similarity index 100% rename from charts/rancher-monitoring/templates/exporters/kube-proxy/endpoints.yaml rename to charts/kube-prometheus-stack/templates/exporters/kube-proxy/endpoints.yaml diff --git a/charts/rancher-monitoring/templates/exporters/kube-proxy/service.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-proxy/service.yaml similarity index 100% rename from charts/rancher-monitoring/templates/exporters/kube-proxy/service.yaml rename to charts/kube-prometheus-stack/templates/exporters/kube-proxy/service.yaml diff --git a/charts/rancher-monitoring/templates/exporters/kube-proxy/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml similarity index 77% rename from charts/rancher-monitoring/templates/exporters/kube-proxy/servicemonitor.yaml rename to charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml index bf979a7..c38d2da 100644 --- a/charts/rancher-monitoring/templates/exporters/kube-proxy/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml @@ -37,7 +37,9 @@ spec: {{- if .Values.kubeProxy.serviceMonitor.interval }} interval: {{ .Values.kubeProxy.serviceMonitor.interval }} {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeProxy.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ .Values.kubeProxy.serviceMonitor.bearerTokenFile }} + {{- end }} {{- if .Values.kubeProxy.serviceMonitor.proxyUrl }} proxyUrl: {{ .Values.kubeProxy.serviceMonitor.proxyUrl}} {{- end }} @@ -46,20 +48,10 @@ spec: tlsConfig: caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt {{- end}} +{{- if .Values.kubeProxy.serviceMonitor.metricRelabelings }} metricRelabelings: - {{- if .Values.kubeProxy.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.kubeProxy.serviceMonitor.metricRelabelings | indent 4) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} +{{ tpl (toYaml .Values.kubeProxy.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} {{- if .Values.kubeProxy.serviceMonitor.relabelings }} relabelings: {{ tpl (toYaml .Values.kubeProxy.serviceMonitor.relabelings | indent 4) . }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-scheduler/endpoints.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/endpoints.yaml similarity index 100% rename from charts/rancher-monitoring/templates/exporters/kube-scheduler/endpoints.yaml rename to charts/kube-prometheus-stack/templates/exporters/kube-scheduler/endpoints.yaml diff --git a/charts/rancher-monitoring/templates/exporters/kube-scheduler/service.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/service.yaml similarity index 100% rename from charts/rancher-monitoring/templates/exporters/kube-scheduler/service.yaml rename to charts/kube-prometheus-stack/templates/exporters/kube-scheduler/service.yaml diff --git a/charts/rancher-monitoring/templates/exporters/kube-scheduler/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml similarity index 82% rename from charts/rancher-monitoring/templates/exporters/kube-scheduler/servicemonitor.yaml rename to charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml index 633c73e..26c2853 100644 --- a/charts/rancher-monitoring/templates/exporters/kube-scheduler/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml @@ -52,20 +52,10 @@ spec: serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }} {{- end}} {{- end}} +{{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }} metricRelabelings: - {{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.metricRelabelings | indent 4) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} +{{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} {{- if .Values.kubeScheduler.serviceMonitor.relabelings }} relabelings: {{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.relabelings | indent 4) . }} diff --git a/charts/rancher-monitoring/templates/exporters/kubelet/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml similarity index 89% rename from charts/rancher-monitoring/templates/exporters/kubelet/servicemonitor.yaml rename to charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml index f6e37a6..41f160d 100644 --- a/charts/rancher-monitoring/templates/exporters/kubelet/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml @@ -1,7 +1,4 @@ -{{- if (and (not .Values.kubelet.enabled) .Values.hardenedKubelet.enabled) }} -{{ required "Cannot set .Values.hardenedKubelet.enabled=true when .Values.kubelet.enabled=false" "" }} -{{- end }} -{{- if (and .Values.kubelet.enabled .Values.kubelet.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled (not .Values.hardenedKubelet.enabled) (not .Values.k3sServer.enabled)) }} +{{- if and .Values.kubelet.enabled .Values.kubelet.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: @@ -51,20 +48,10 @@ spec: {{- include "kube-prometheus-stack.kubelet.authConfig" . | indent 4 }} honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }} honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }} - metricRelabelings: {{- if .Values.kubelet.serviceMonitor.metricRelabelings }} -{{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 6) . }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 4) . }} {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} {{- if .Values.kubelet.serviceMonitor.relabelings }} relabelings: {{ tpl (toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4) . }} diff --git a/charts/kube-prometheus-stack/templates/extra-objects.yaml b/charts/kube-prometheus-stack/templates/extra-objects.yaml new file mode 100644 index 0000000..b0ec6fa --- /dev/null +++ b/charts/kube-prometheus-stack/templates/extra-objects.yaml @@ -0,0 +1,15 @@ +{{- /* Normalize extraObjects to a list, easier to loop over */ -}} +{{- $extraObjects := .Values.extraManifests | default (list) -}} + +{{- if kindIs "map" $extraObjects -}} + {{- $extraObjects = values $extraObjects -}} +{{- end -}} + +{{- range $extraObjects }} +--- + {{- if kindIs "map" . }} + {{- tpl (toYaml .) $ | nindent 0 }} + {{- else if kindIs "string" . }} + {{- tpl . $ | nindent 0 }} + {{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/templates/grafana/configmaps-datasources.yaml b/charts/kube-prometheus-stack/templates/grafana/configmaps-datasources.yaml similarity index 82% rename from charts/rancher-monitoring/templates/grafana/configmaps-datasources.yaml rename to charts/kube-prometheus-stack/templates/grafana/configmaps-datasources.yaml index 3c05e39..3b0f328 100644 --- a/charts/rancher-monitoring/templates/grafana/configmaps-datasources.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/configmaps-datasources.yaml @@ -3,13 +3,13 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-grafana-datasource - namespace: {{ default .Values.grafana.sidecar.datasources.searchNamespace (include "kube-prometheus-stack.namespace" .) }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} {{- if .Values.grafana.sidecar.datasources.annotations }} annotations: {{- toYaml .Values.grafana.sidecar.datasources.annotations | nindent 4 }} {{- end }} labels: - {{ $.Values.grafana.sidecar.datasources.label }}: {{ $.Values.grafana.sidecar.datasources.labelValue | quote }} + {{ tpl $.Values.grafana.sidecar.datasources.label $ }}: {{ (tpl $.Values.grafana.sidecar.datasources.labelValue $) | quote }} app: {{ template "kube-prometheus-stack.name" $ }}-grafana {{ include "kube-prometheus-stack.labels" $ | indent 4 }} data: @@ -36,11 +36,17 @@ data: access: proxy isDefault: {{ .Values.grafana.sidecar.datasources.isDefaultDatasource }} jsonData: + {{- with .Values.grafana.sidecar.datasources.extraJsonData -}} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} httpMethod: {{ .Values.grafana.sidecar.datasources.httpMethod }} timeInterval: {{ $scrapeInterval }} {{- if .Values.grafana.sidecar.datasources.timeout }} timeout: {{ .Values.grafana.sidecar.datasources.timeout }} {{- end }} + {{- if .Values.grafana.sidecar.datasources.customQueryParameters }} + customQueryParameters: {{ .Values.grafana.sidecar.datasources.customQueryParameters }} + {{- end }} {{- if .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }} exemplarTraceIdDestinations: - datasourceUid: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.datasourceUid }} @@ -52,10 +58,13 @@ data: - name: "{{ $.Values.grafana.sidecar.datasources.name }}-{{ . }}" type: prometheus uid: {{ $.Values.grafana.sidecar.datasources.uid }}-replica-{{ . }} - url: http://prometheus-{{ template "kube-prometheus-stack.prometheus.crname" $ }}-{{ . }}.prometheus-operated:9090/{{ trimPrefix "/" $.Values.prometheus.prometheusSpec.routePrefix }} + url: http://prometheus-{{ template "kube-prometheus-stack.prometheus.crname" $ }}-{{ . }}.{{ $.Values.grafana.sidecar.datasources.prometheusServiceName}}:9090/{{ trimPrefix "/" $.Values.prometheus.prometheusSpec.routePrefix }} access: proxy isDefault: false jsonData: + {{- with $.Values.grafana.sidecar.datasources.extraJsonData -}} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} timeInterval: {{ $scrapeInterval }} {{- if $.Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }} exemplarTraceIdDestinations: @@ -83,4 +92,7 @@ data: {{- if .Values.grafana.additionalDataSources }} {{ tpl (toYaml .Values.grafana.additionalDataSources | indent 4) . }} {{- end }} +{{- with .Values.grafana.additionalDataSourcesString }} +{{ tpl . $ | indent 4 }} +{{- end }} {{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/alertmanager-overview.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/alertmanager-overview.yaml new file mode 100644 index 0000000..4b81d6c --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/alertmanager-overview.yaml @@ -0,0 +1,56 @@ +{{- /* +Generated from 'alertmanager-overview' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (or .Values.alertmanager.enabled .Values.alertmanager.forceDeployDashboards) }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "alertmanager-overview" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + alertmanager-overview.json: |- + {{`{"graphTooltip":1,"panels":[{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":1,"panels":[],"title":"Alerts","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"description":"current set of alerts stored in the Alertmanager","fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"none"}},"gridPos":{"h":7,"w":12,"x":0,"y":1},"id":2,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum(alertmanager_alerts{namespace=~\"$namespace\",service=~\"$service\"}) by (namespace,service,instance)","intervalFactor":2,"legendFormat":"{{instance}}"}],"title":"Alerts","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"description":"rate of successful and invalid alerts received by the Alertmanager","fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"ops"}},"gridPos":{"h":7,"w":12,"x":12,"y":1},"id":3,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum(rate(alertmanager_alerts_received_total{namespace=~\"$namespace\",service=~\"$service\"}[$__rate_interval])) by (namespace,service,instance)","intervalFactor":2,"legendFormat":"{{instance}} Received"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum(rate(alertmanager_alerts_invalid_total{namespace=~\"$namespace\",service=~\"$service\"}[$__rate_interval])) by (namespace,service,instance)","intervalFactor":2,"legendFormat":"{{instance}} Invalid"}],"title":"Alerts receive rate","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":8},"id":4,"panels":[],"title":"Notifications","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"description":"rate of successful and invalid notifications sent by the Alertmanager","fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"ops"}},"gridPos":{"h":7,"w":12,"x":0,"y":9},"id":5,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","repeat":"integration","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum(rate(alertmanager_notifications_total{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (integration,namespace,service,instance)","intervalFactor":2,"legendFormat":"{{instance}} Total"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum(rate(alertmanager_notifications_failed_total{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (integration,namespace,service,instance)","intervalFactor":2,"legendFormat":"{{instance}} Failed"}],"title":"$integration: Notifications Send Rate","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"description":"latency of notifications sent by the Alertmanager","fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"s"}},"gridPos":{"h":7,"w":12,"x":12,"y":9},"id":6,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","repeat":"integration","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"histogram_quantile(0.99,\n sum(rate(alertmanager_notification_latency_seconds_bucket{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (le,namespace,service,instance)\n)\n","intervalFactor":2,"legendFormat":"{{instance}} 99th Percentile"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"histogram_quantile(0.50,\n sum(rate(alertmanager_notification_latency_seconds_bucket{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (le,namespace,service,instance)\n)\n","intervalFactor":2,"legendFormat":"{{instance}} Median"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum(rate(alertmanager_notification_latency_seconds_sum{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (namespace,service,instance)\n/\nsum(rate(alertmanager_notification_latency_seconds_count{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (namespace,service,instance)\n","intervalFactor":2,"legendFormat":"{{instance}} Average"}],"title":"$integration: Notification Duration","type":"timeseries"}],"schemaVersion":39,"tags":["alertmanager-mixin"],"templating":{"list":[{"current":{"selected":false,"text":"Prometheus","value":"Prometheus"},"hide":0,"label":"Data Source","name":"datasource","query":"prometheus","type":"datasource"},{"current":{"selected":false,"text":"","value":""},"datasource":{"type":"prometheus","uid":"${datasource}"},"includeAll":false,"label":"namespace","name":"namespace","query":"label_values(alertmanager_alerts, namespace)","refresh":2,"sort":1,"type":"query"},{"current":{"selected":false,"text":"","value":""},"datasource":{"type":"prometheus","uid":"${datasource}"},"includeAll":false,"label":"service","name":"service","query":"label_values(alertmanager_alerts, service)","refresh":2,"sort":1,"type":"query"},{"current":{"selected":false,"text":"$__all","value":"$__all"},"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":2,"includeAll":true,"name":"integration","query":"label_values(alertmanager_notifications_total{integration=~\".*\"}, integration)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["30s"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Alertmanager / Overview","uid":"alertmanager-overview"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (or .Values.alertmanager.enabled .Values.alertmanager.forceDeployDashboards) }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "alertmanager-overview" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "alertmanager-overview" | trunc 63 | trimSuffix "-" }} + key: alertmanager-overview.json +{{- end }} diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/apiserver.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/apiserver.yaml similarity index 87% rename from charts/rancher-monitoring/templates/grafana/dashboards-1.14/apiserver.yaml rename to charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/apiserver.yaml index 80789bf..01b7e35 100644 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/apiserver.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/apiserver.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'apiserver' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml +Generated from 'apiserver' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -8,17 +8,49 @@ https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-promet apiVersion: v1 kind: ConfigMap metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "apiserver" | trunc 63 | trimSuffix "-" }} annotations: {{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} labels: {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} {{- end }} app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} data: apiserver.json: |- {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only.","gridPos":{"h":2,"w":24,"x":0,"y":0},"id":1,"options":{"content":"The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only."},"pluginVersion":"v11.4.0","title":"Notice","type":"text"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many percent of requests (both read and write) in 30 days have been answered successfully and fast enough?","fieldConfig":{"defaults":{"decimals":3,"unit":"percentunit"}},"gridPos":{"h":7,"w":8,"x":0,"y":2},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"}"}],"title":"Availability (30d) > 99.000%","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How much error budget is left looking at our 0.990% availability guarantees?","fieldConfig":{"defaults":{"custom":{"fillOpacity":100},"decimals":3,"unit":"percentunit"}},"gridPos":{"h":7,"w":16,"x":8,"y":2},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"100 * (apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"} - 0.990000)","legendFormat":"errorbudget"}],"title":"ErrorBudget (30d) > 99.000%","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many percent of read requests (LIST,GET) in 30 days have been answered successfully and fast enough?","fieldConfig":{"defaults":{"decimals":3,"unit":"percentunit"}},"gridPos":{"h":7,"w":6,"x":0,"y":9},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"apiserver_request:availability30d{verb=\"read\", cluster=\"$cluster\"}"}],"title":"Read Availability (30d)","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many read requests (LIST,GET) per second do the apiservers get by code?","fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"stacking":{"mode":"normal"}},"unit":"reqps"},"overrides":[{"matcher":{"id":"byRegexp","options":"/2../i"},"properties":[{"id":"color","value":"#56A64B"}]},{"matcher":{"id":"byRegexp","options":"/3../i"},"properties":[{"id":"color","value":"#F2CC0C"}]},{"matcher":{"id":"byRegexp","options":"/4../i"},"properties":[{"id":"color","value":"#3274D9"}]},{"matcher":{"id":"byRegexp","options":"/5../i"},"properties":[{"id":"color","value":"#E02F44"}]}]},"gridPos":{"h":7,"w":6,"x":6,"y":9},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})","legendFormat":"{{ code }}"}],"title":"Read SLI - Requests","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many percent of read requests (LIST,GET) per second are returned with errors (5xx)?","fieldConfig":{"defaults":{"min":0,"unit":"percentunit"}},"gridPos":{"h":7,"w":6,"x":12,"y":9},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})","legendFormat":"{{ resource }}"}],"title":"Read SLI - Errors","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many seconds is the 99th percentile for reading (LIST|GET) a given resource?","fieldConfig":{"defaults":{"unit":"s"}},"gridPos":{"h":7,"w":6,"x":18,"y":9},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"cluster_quantile:apiserver_request_sli_duration_seconds:histogram_quantile{verb=\"read\", cluster=\"$cluster\"}","legendFormat":"{{ resource }}"}],"title":"Read SLI - Duration","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many percent of write requests (POST|PUT|PATCH|DELETE) in 30 days have been answered successfully and fast enough?","fieldConfig":{"defaults":{"decimals":3,"unit":"percentunit"}},"gridPos":{"h":7,"w":6,"x":0,"y":16},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"apiserver_request:availability30d{verb=\"write\", cluster=\"$cluster\"}"}],"title":"Write Availability (30d)","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many write requests (POST|PUT|PATCH|DELETE) per second do the apiservers get by code?","fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"stacking":{"mode":"normal"}},"unit":"reqps"},"overrides":[{"matcher":{"id":"byRegexp","options":"/2../i"},"properties":[{"id":"color","value":"#56A64B"}]},{"matcher":{"id":"byRegexp","options":"/3../i"},"properties":[{"id":"color","value":"#F2CC0C"}]},{"matcher":{"id":"byRegexp","options":"/4../i"},"properties":[{"id":"color","value":"#3274D9"}]},{"matcher":{"id":"byRegexp","options":"/5../i"},"properties":[{"id":"color","value":"#E02F44"}]}]},"gridPos":{"h":7,"w":6,"x":6,"y":16},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})","legendFormat":"{{ code }}"}],"title":"Write SLI - Requests","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many percent of write requests (POST|PUT|PATCH|DELETE) per second are returned with errors (5xx)?","fieldConfig":{"defaults":{"min":0,"unit":"percentunit"}},"gridPos":{"h":7,"w":6,"x":12,"y":16},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})","legendFormat":"{{ resource }}"}],"title":"Write SLI - Errors","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"description":"How many seconds is the 99th percentile for writing (POST|PUT|PATCH|DELETE) a given resource?","fieldConfig":{"defaults":{"unit":"s"}},"gridPos":{"h":7,"w":6,"x":18,"y":16},"id":11,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"cluster_quantile:apiserver_request_sli_duration_seconds:histogram_quantile{verb=\"write\", cluster=\"$cluster\"}","legendFormat":"{{ resource }}"}],"title":"Write SLI - Duration","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"min":0,"unit":"ops"}},"gridPos":{"h":7,"w":12,"x":0,"y":23},"id":12,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"placement":"right","showLegend":false},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(workqueue_adds_total{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])) by (instance, name)","legendFormat":"{{instance}} {{name}}"}],"title":"Work Queue Add Rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"min":0,"unit":"short"}},"gridPos":{"h":7,"w":12,"x":12,"y":23},"id":13,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"placement":"right","showLegend":false},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(workqueue_depth{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])) by (instance, name)","legendFormat":"{{instance}} {{name}}"}],"title":"Work Queue Depth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"min":0,"unit":"s"}},"gridPos":{"h":7,"w":24,"x":0,"y":30},"id":14,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])) by (instance, name, le))","legendFormat":"{{instance}} {{name}}"}],"title":"Work Queue Latency","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"}},"gridPos":{"h":7,"w":8,"x":0,"y":37},"id":15,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"process_resident_memory_bytes{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}","legendFormat":"{{instance}}"}],"title":"Memory","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"min":0,"unit":"short"}},"gridPos":{"h":7,"w":8,"x":8,"y":37},"id":16,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"rate(process_cpu_seconds_total{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])","legendFormat":"{{instance}}"}],"title":"CPU usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"short"}},"gridPos":{"h":7,"w":8,"x":16,"y":37},"id":17,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"go_goroutines{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}","legendFormat":"{{instance}}"}],"title":"Goroutines","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"apiserver\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"name":"instance","query":"label_values(up{job=\"apiserver\", cluster=\"$cluster\"}, instance)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / API server","uid":"09ec8aa1e996d6ffcd6817bbaff4db1b"}`}} -{{- end }} \ No newline at end of file +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeApiServer.enabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "apiserver" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "apiserver" | trunc 63 | trimSuffix "-" }} + key: apiserver.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/cluster-total.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/cluster-total.yaml new file mode 100644 index 0000000..dfc1fe9 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/cluster-total.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'cluster-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "cluster-total" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + cluster-total.json: |- + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n (8 * rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval]))\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Current Rate of Bits Received","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":12,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n (8 * rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval]))\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Current Rate of Bits Transmitted","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/Bits/"},"properties":[{"id":"unit","value":"bps"}]},{"matcher":{"id":"byRegexp","options":"/Packets/"},"properties":[{"id":"unit","value":"pps"}]},{"matcher":{"id":"byName","options":"Namespace"},"properties":[{"id":"links","value":[{"title":"Drill down","url":"/d/8b7a8b326d7a6f1f04244066368c67af/kubernetes-networking-namespace-pods?${datasource:queryparam}&var-cluster=${cluster}&var-namespace=${__data.fields.Namespace}"}]}]}]},"gridPos":{"h":9,"w":24,"x":0,"y":9},"id":3,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n (8 * rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval]))\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n (8 * rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval]))\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"avg by (namespace) (\n (8 * rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval]))\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"avg by (namespace) (\n (8 * rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval]))\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_receive_packets_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","format":"table","instant":true}],"title":"Current Status","transformations":[{"id":"joinByField","options":{"byField":"namespace","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"Time 7":true,"Time 8":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Time 7":6,"Time 8":7,"Value #A":9,"Value #B":10,"Value #C":11,"Value #D":12,"Value #E":13,"Value #F":14,"Value #G":15,"Value #H":16,"namespace":8},"renameByName":{"Value #A":"Rx Bits","Value #B":"Tx Bits","Value #C":"Rx Bits (Avg)","Value #D":"Tx Bits (Avg)","Value #E":"Rx Packets","Value #F":"Tx Packets","Value #G":"Rx Packets Dropped","Value #H":"Tx Packets Dropped","namespace":"Namespace"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":0,"y":18},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"avg by (namespace) (\n (8 * rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval]))\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Average Rate of Bits Received","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":12,"y":18},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"avg by (namespace) (\n (8 * rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval]))\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Average Rate of Bits Transmitted","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":0,"y":27},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n (8 * rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval]))\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":12,"y":27},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n (8 * rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval]))\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":0,"y":36},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_receive_packets_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":12,"y":36},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":0,"y":45},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":12,"y":45},"id":11,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\",cluster=\"$cluster\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"percentunit"}},"gridPos":{"h":9,"w":12,"x":0,"y":54},"id":12,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (instance) (\n rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$__rate_interval]) / rate(node_netstat_Tcp_OutSegs{cluster=\"$cluster\"}[$__rate_interval])\n)\n","legendFormat":"__auto"}],"title":"Rate of TCP Retransmits out of all sent segments","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"percentunit"}},"gridPos":{"h":9,"w":12,"x":12,"y":54},"id":13,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (instance) (\n rate(node_netstat_TcpExt_TCPSynRetrans{cluster=\"$cluster\"}[$__rate_interval]) / rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$__rate_interval])\n)\n","legendFormat":"__auto"}],"title":"Rate of TCP SYN Retransmits out of all retransmits","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Cluster","uid":"ff635a025bcfea7bc3dd4f508990a3e9"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "cluster-total" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "cluster-total" | trunc 63 | trimSuffix "-" }} + key: cluster-total.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/controller-manager.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/controller-manager.yaml new file mode 100644 index 0000000..3bdddb6 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/controller-manager.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'controller-manager' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeControllerManager.enabled }} +{{- $kubeControllerManagerJob := include "kube-prometheus-stack-kube-controller-manager.name" . }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "controller-manager" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + controller-manager.json: |- + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"none"}},"gridPos":{"h":7,"w":4,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(up{cluster=\"$cluster\", job=\"`}}{{ $kubeControllerManagerJob }}{{`\"})","instant":true}],"title":"Up","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"ops"}},"gridPos":{"h":7,"w":20,"x":4,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(workqueue_adds_total{cluster=\"$cluster\", job=\"`}}{{ $kubeControllerManagerJob }}{{`\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name)","legendFormat":"{{cluster}} {{instance}} {{name}}"}],"title":"Work Queue Add Rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"short"}},"gridPos":{"h":7,"w":24,"x":0,"y":7},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(workqueue_depth{cluster=\"$cluster\", job=\"`}}{{ $kubeControllerManagerJob }}{{`\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name)","legendFormat":"{{cluster}} {{instance}} {{name}}"}],"title":"Work Queue Depth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"s"}},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{cluster=\"$cluster\", job=\"`}}{{ $kubeControllerManagerJob }}{{`\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name, le))","legendFormat":"{{cluster}} {{instance}} {{name}}"}],"title":"Work Queue Latency","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"ops"}},"gridPos":{"h":7,"w":8,"x":0,"y":21},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(rest_client_requests_total{job=\"`}}{{ $kubeControllerManagerJob }}{{`\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))","legendFormat":"2xx"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(rest_client_requests_total{job=\"`}}{{ $kubeControllerManagerJob }}{{`\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))","legendFormat":"3xx"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(rest_client_requests_total{job=\"`}}{{ $kubeControllerManagerJob }}{{`\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))","legendFormat":"4xx"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(rest_client_requests_total{job=\"`}}{{ $kubeControllerManagerJob }}{{`\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))","legendFormat":"5xx"}],"title":"Kube API Request Rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"s"}},"gridPos":{"h":7,"w":16,"x":8,"y":21},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"`}}{{ $kubeControllerManagerJob }}{{`\", instance=~\"$instance\", verb=\"POST\"}[$__rate_interval])) by (verb, le))","legendFormat":"{{verb}}"}],"title":"Post Request Latency 99th Quantile","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"s"}},"gridPos":{"h":7,"w":24,"x":0,"y":28},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"`}}{{ $kubeControllerManagerJob }}{{`\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, le))","legendFormat":"{{verb}}"}],"title":"Get Request Latency 99th Quantile","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"}},"gridPos":{"h":7,"w":8,"x":0,"y":35},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"process_resident_memory_bytes{cluster=\"$cluster\", job=\"`}}{{ $kubeControllerManagerJob }}{{`\",instance=~\"$instance\"}","legendFormat":"{{instance}}"}],"title":"Memory","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"short"}},"gridPos":{"h":7,"w":8,"x":8,"y":35},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"`}}{{ $kubeControllerManagerJob }}{{`\",instance=~\"$instance\"}[$__rate_interval])","legendFormat":"{{instance}}"}],"title":"CPU usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"short"}},"gridPos":{"h":7,"w":8,"x":16,"y":35},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"go_goroutines{cluster=\"$cluster\", job=\"`}}{{ $kubeControllerManagerJob }}{{`\",instance=~\"$instance\"}","legendFormat":"{{instance}}"}],"title":"Goroutines","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"`}}{{ $kubeControllerManagerJob }}{{`\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"label":"instance","name":"instance","query":"label_values(up{cluster=\"$cluster\", job=\"`}}{{ $kubeControllerManagerJob }}{{`\"}, instance)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Controller Manager","uid":"72e0e05bef5099e5f049b05fdc429ed4"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeControllerManager.enabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "controller-manager" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "controller-manager" | trunc 63 | trimSuffix "-" }} + key: controller-manager.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/etcd.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/etcd.yaml new file mode 100644 index 0000000..61867d1 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/etcd.yaml @@ -0,0 +1,56 @@ +{{- /* +Generated from 'etcd' from https://github.com/etcd-io/etcd.git +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeEtcd.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "etcd" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + etcd.json: |- + {{`{"description":"etcd sample Grafana dashboard with Prometheus","panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"gridPos":{"h":7,"w":6,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none","graphMode":"none","reduceOptions":{"calcs":["lastNotNull"]}},"pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum(etcd_server_has_leader{job=~\".*etcd.*\", job=\"$cluster\"})","legendFormat":"{{cluster}} - {{namespace}}\n"}],"title":"Up","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"lineWidth":2,"showPoints":"never"},"unit":"ops"}},"gridPos":{"h":7,"w":10,"x":6,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum(rate(grpc_server_started_total{job=~\".*etcd.*\", job=\"$cluster\",grpc_type=\"unary\"}[$__rate_interval]))","legendFormat":"RPC rate"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum(rate(grpc_server_handled_total{job=~\".*etcd.*\", job=\"$cluster\",grpc_type=\"unary\",grpc_code=~\"Unknown|FailedPrecondition|ResourceExhausted|Internal|Unavailable|DataLoss|DeadlineExceeded\"}[$__rate_interval]))","legendFormat":"RPC failed rate"}],"title":"RPC rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"lineWidth":2,"showPoints":"never"}}},"gridPos":{"h":7,"w":8,"x":16,"y":0},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum(grpc_server_started_total{job=~\".*etcd.*\",job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"})","legendFormat":"Watch streams"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum(grpc_server_started_total{job=~\".*etcd.*\",job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"})","legendFormat":"Lease streams"}],"title":"Active streams","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"lineWidth":2,"showPoints":"never"},"unit":"bytes"}},"gridPos":{"h":7,"w":8,"x":0,"y":25},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"etcd_mvcc_db_total_size_in_bytes{job=~\".*etcd.*\", job=\"$cluster\"}","legendFormat":"{{instance}} DB size"}],"title":"DB size","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"lineWidth":2,"showPoints":"never"},"unit":"s"}},"gridPos":{"h":7,"w":8,"x":8,"y":25},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=~\".*etcd.*\", job=\"$cluster\"}[$__rate_interval])) by (instance, le))","legendFormat":"{{instance}} WAL fsync"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket{job=~\".*etcd.*\", job=\"$cluster\"}[$__rate_interval])) by (instance, le))","legendFormat":"{{instance}} DB fsync"}],"title":"Disk sync duration","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"lineWidth":2,"showPoints":"never"},"unit":"bytes"}},"gridPos":{"h":7,"w":8,"x":16,"y":25},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"process_resident_memory_bytes{job=~\".*etcd.*\", job=\"$cluster\"}","legendFormat":"{{instance}} resident memory"}],"title":"Memory","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"lineWidth":2,"showPoints":"never"},"unit":"Bps"}},"gridPos":{"h":7,"w":6,"x":0,"y":50},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(etcd_network_client_grpc_received_bytes_total{job=~\".*etcd.*\", job=\"$cluster\"}[$__rate_interval])","legendFormat":"{{instance}} client traffic in"}],"title":"Client traffic in","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"lineWidth":2,"showPoints":"never"},"unit":"Bps"}},"gridPos":{"h":7,"w":6,"x":6,"y":50},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(etcd_network_client_grpc_sent_bytes_total{job=~\".*etcd.*\", job=\"$cluster\"}[$__rate_interval])","legendFormat":"{{instance}} client traffic out"}],"title":"Client traffic out","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"lineWidth":2,"showPoints":"never"},"unit":"Bps"}},"gridPos":{"h":7,"w":6,"x":12,"y":50},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum(rate(etcd_network_peer_received_bytes_total{job=~\".*etcd.*\", job=\"$cluster\"}[$__rate_interval])) by (instance)","legendFormat":"{{instance}} peer traffic in"}],"title":"Peer traffic in","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"lineWidth":2,"showPoints":"never"},"unit":"Bps"}},"gridPos":{"h":7,"w":6,"x":18,"y":50},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum(rate(etcd_network_peer_sent_bytes_total{job=~\".*etcd.*\", job=\"$cluster\"}[$__rate_interval])) by (instance)","legendFormat":"{{instance}} peer traffic out"}],"title":"Peer traffic out","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"lineWidth":2,"showPoints":"never"}}},"gridPos":{"h":7,"w":8,"x":0,"y":75},"id":11,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"changes(etcd_server_leader_changes_seen_total{job=~\".*etcd.*\", job=\"$cluster\"}[1d])","legendFormat":"{{instance}} total leader elections per day"}],"title":"Raft proposals","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"lineWidth":2,"showPoints":"never"}}},"gridPos":{"h":7,"w":8,"x":8,"y":75},"id":12,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"changes(etcd_server_leader_changes_seen_total{job=~\".*etcd.*\", job=\"$cluster\"}[1d])","legendFormat":"{{instance}} total leader elections per day"}],"title":"Total leader elections per day","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"lineWidth":2,"showPoints":"never"},"unit":"s"}},"gridPos":{"h":7,"w":8,"x":16,"y":75},"id":13,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v10.0.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"histogram_quantile(0.99, sum by (instance, le) (rate(etcd_network_peer_round_trip_time_seconds_bucket{job=~\".*etcd.*\", job=\"$cluster\"}[$__rate_interval])))","legendFormat":"{{instance}} peer round trip time"}],"title":"Peer round trip time","type":"timeseries"}],"refresh":"10s","schemaVersion":36,"tags":["etcd-mixin"],"templating":{"list":[{"label":"Data Source","name":"datasource","query":"prometheus","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"label":"cluster","name":"cluster","query":"label_values(etcd_server_has_leader{job=~\".*etcd.*\"}, job)","refresh":2,"type":"query","allValue":".*","hide":`}}{{ if (or .Values.grafana.sidecar.dashboards.multicluster.global.enabled .Values.grafana.sidecar.dashboards.multicluster.etcd.enabled) }}0{{ else }}2{{ end }}{{`}]},"time":{"from":"now-15m","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"etcd","uid":"c2f4e12cdf69feb95caa41a5a1b423d9"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeEtcd.enabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "etcd" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "etcd" | trunc 63 | trimSuffix "-" }} + key: etcd.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/grafana-overview.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/grafana-overview.yaml new file mode 100644 index 0000000..3129666 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/grafana-overview.yaml @@ -0,0 +1,56 @@ +{{- /* +Generated from 'grafana-overview' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "grafana-overview" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + grafana-overview.json: |- + {{`{"annotations":{"list":[{"builtIn":1,"datasource":{"type":"datasource","uid":"grafana"},"enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","target":{"limit":100,"matchAny":false,"tags":[],"type":"dashboard"},"type":"dashboard"}]},"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"fiscalYearStartMonth":0,"graphTooltip":0,"id":23,"links":[],"panels":[{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"mappings":[],"noValue":"0","thresholds":{"mode":"absolute","steps":[{"color":"green"},{"color":"red","value":80}]}},"overrides":[]},"gridPos":{"h":5,"w":6,"x":0,"y":0},"id":6,"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"auto","percentChangeColorMode":"standard","reduceOptions":{"calcs":["mean"],"fields":"","values":false},"showPercentChange":false,"text":{},"textMode":"auto","wideLayout":true},"pluginVersion":"12.0.2","targets":[{"datasource":{"uid":"$datasource"},"expr":"grafana_alerting_result_total{job=~\"$job\", instance=~\"$instance\", state=\"alerting\"}","instant":true,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","legendFormat":"","refId":"A"}],"title":"Firing Alerts","type":"stat"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"mappings":[],"thresholds":{"mode":"absolute","steps":[{"color":"green"},{"color":"red","value":80}]}},"overrides":[]},"gridPos":{"h":5,"w":6,"x":6,"y":0},"id":8,"options":{"colorMode":"value","graphMode":"area","justifyMode":"auto","orientation":"auto","percentChangeColorMode":"standard","reduceOptions":{"calcs":["mean"],"fields":"","values":false},"showPercentChange":false,"text":{},"textMode":"auto","wideLayout":true},"pluginVersion":"12.0.2","targets":[{"datasource":{"uid":"$datasource"},"expr":"sum(grafana_stat_totals_dashboard{job=~\"$job\", instance=~\"$instance\"})","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","legendFormat":"","refId":"A"}],"title":"Dashboards","type":"stat"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"cellOptions":{"type":"auto"},"inspect":false},"mappings":[],"thresholds":{"mode":"absolute","steps":[{"color":"green"},{"color":"red","value":80}]}},"overrides":[]},"gridPos":{"h":5,"w":12,"x":12,"y":0},"id":10,"options":{"cellHeight":"sm","footer":{"countRows":false,"fields":"","reducer":["sum"],"show":false},"showHeader":true},"pluginVersion":"12.0.2","targets":[{"datasource":{"uid":"$datasource"},"expr":"grafana_build_info{job=~\"$job\", instance=~\"$instance\"}","instant":true,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","legendFormat":"","refId":"A"}],"title":"Build Info","transformations":[{"id":"labelsToFields","options":{}},{"id":"merge","options":{}},{"id":"organize","options":{"excludeByName":{"Time":true,"Value":true,"branch":true,"container":true,"goversion":true,"namespace":true,"pod":true,"revision":true},"indexByName":{"Time":7,"Value":11,"branch":4,"container":8,"edition":2,"goversion":6,"instance":1,"job":0,"namespace":9,"pod":10,"revision":5,"version":3},"renameByName":{}}}],"type":"table"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"barWidthFactor":0.6,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":1,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":false,"stacking":{"group":"A","mode":"normal"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"thresholds":{"mode":"absolute","steps":[{"color":"green"},{"color":"red","value":80}]},"unit":"reqps"},"overrides":[]},"gridPos":{"h":8,"w":12,"x":0,"y":5},"id":2,"options":{"alertThreshold":true,"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"hideZeros":false,"mode":"multi","sort":"none"}},"pluginVersion":"12.0.2","targets":[{"datasource":{"uid":"$datasource"},"expr":"sum by (status_code) (irate(grafana_http_request_duration_seconds_count{job=~\"$job\", instance=~\"$instance\"}[1m])) ","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","legendFormat":"{{status_code}}","refId":"A"}],"title":"RPS","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"barWidthFactor":0.6,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":1,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":false,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"thresholds":{"mode":"absolute","steps":[{"color":"green"},{"color":"red","value":80}]},"unit":"ms"},"overrides":[]},"gridPos":{"h":8,"w":12,"x":12,"y":5},"id":4,"options":{"alertThreshold":true,"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"hideZeros":false,"mode":"multi","sort":"none"}},"pluginVersion":"12.0.2","targets":[{"datasource":{"uid":"$datasource"},"exemplar":true,"expr":"histogram_quantile(0.99, sum(irate(grafana_http_request_duration_seconds_bucket{instance=~\"$instance\", job=~\"$job\"}[$__rate_interval])) by (le)) * 1","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","legendFormat":"99th Percentile","refId":"A"},{"datasource":{"uid":"$datasource"},"exemplar":true,"expr":"histogram_quantile(0.50, sum(irate(grafana_http_request_duration_seconds_bucket{instance=~\"$instance\", job=~\"$job\"}[$__rate_interval])) by (le)) * 1","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","legendFormat":"50th Percentile","refId":"B"},{"datasource":{"uid":"$datasource"},"exemplar":true,"expr":"sum(irate(grafana_http_request_duration_seconds_sum{instance=~\"$instance\", job=~\"$job\"}[$__rate_interval])) * 1 / sum(irate(grafana_http_request_duration_seconds_count{instance=~\"$instance\", job=~\"$job\"}[$__rate_interval]))","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","legendFormat":"Average","refId":"C"}],"title":"Request Latency","type":"timeseries"}],"preload":false,"refresh":"","schemaVersion":41,"tags":[],"templating":{"list":[{"current":{"text":"Prometheus","value":"prometheus"},"includeAll":false,"name":"datasource","options":[],"query":"prometheus","refresh":1,"regex":"","type":"datasource"},{"allValue":".*","current":{"text":"All","value":["$__all"]},"datasource":"$datasource","definition":"label_values(grafana_build_info, job)","includeAll":true,"multi":true,"name":"job","options":[],"query":{"query":"label_values(grafana_build_info, job)","refId":"Billing Admin-job-Variable-Query"},"refresh":1,"regex":"","type":"query"},{"allValue":".*","current":{"text":"All","value":"$__all"},"datasource":"$datasource","definition":"label_values(grafana_build_info, instance)","includeAll":true,"multi":true,"name":"instance","options":[],"query":{"query":"label_values(grafana_build_info, instance)","refId":"Billing Admin-instance-Variable-Query"},"refresh":1,"regex":"","type":"query"}]},"time":{"from":"now-6h","to":"now"},"timepicker":{"refresh_intervals":["10s","30s","1m","5m","15m","30m","1h","2h","1d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Grafana Overview","uid":"6be0s85Mk","version":1}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "grafana-overview" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "grafana-overview" | trunc 63 | trimSuffix "-" }} + key: grafana-overview.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-coredns.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-coredns.yaml new file mode 100644 index 0000000..92ceac9 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-coredns.yaml @@ -0,0 +1,56 @@ +{{- /* +Generated from 'k8s-coredns' from ../files/dashboards/k8s-coredns.json +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.coreDns.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-coredns" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + k8s-coredns.json: |- + {{`{"annotations":{"list":[{"builtIn":1,"datasource":{"type":"datasource","uid":"grafana"},"enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","type":"dashboard"}]},"description":"A dashboard for the CoreDNS DNS server with updated metrics for version 1.7.0+. Based on the CoreDNS dashboard by buhay.","editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"fiscalYearStartMonth":0,"gnetId":12539,"graphTooltip":0,"id":7,"links":[{"icon":"external link","tags":[],"targetBlank":true,"title":"CoreDNS.io","type":"link","url":"https://coredns.io"}],"liveNow":false,"panels":[{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"normal"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"pps","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":8,"x":0,"y":0},"id":2,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"sum(rate(coredns_dns_request_count_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (proto) or\nsum(rate(coredns_dns_requests_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (proto)","format":"time_series","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","intervalFactor":2,"legendFormat":"{{ proto }}","refId":"A","step":60}],"title":"Requests (total)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"normal"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"pps","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":8,"x":8,"y":0},"id":4,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"sum(rate(coredns_dns_request_type_count_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (type) or \nsum(rate(coredns_dns_requests_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (type)","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","intervalFactor":2,"legendFormat":"{{ type }}","refId":"A","step":60}],"title":"Requests (by qtype)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"normal"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"pps","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":8,"x":16,"y":0},"id":6,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"sum(rate(coredns_dns_request_count_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (zone) or\nsum(rate(coredns_dns_requests_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (zone)","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","intervalFactor":2,"legendFormat":"{{ zone }}","refId":"A","step":60}],"title":"Requests (by zone)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"pps","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":12,"x":0,"y":7},"id":8,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"sum(rate(coredns_dns_request_do_count_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_do_requests_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m]))","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","intervalFactor":2,"legendFormat":"DO","refId":"A","step":40},{"datasource":{"uid":"$datasource"},"expr":"sum(rate(coredns_dns_request_count_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_requests_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m]))","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","intervalFactor":2,"legendFormat":"total","refId":"B","step":40}],"title":"Requests (DO bit)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"bytes","unitScale":true},"overrides":[{"matcher":{"id":"byName","options":"tcp:90"},"properties":[{"id":"unit","value":"short"}]},{"matcher":{"id":"byName","options":"tcp:99 "},"properties":[{"id":"unit","value":"short"}]},{"matcher":{"id":"byName","options":"tcp:50"},"properties":[{"id":"unit","value":"short"}]}]},"gridPos":{"h":7,"w":6,"x":12,"y":7},"id":10,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"none"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.99, (sum(rate(coredns_dns_request_size_bytes{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (proto)) or (sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)))","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","intervalFactor":2,"legendFormat":"{{ proto }}:99 ","refId":"A","step":60},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.90, (sum(rate(coredns_dns_request_size_bytes{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (proto)) or (sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)))","intervalFactor":2,"legendFormat":"{{ proto }}:90","refId":"B","step":60},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.50, (sum(rate(coredns_dns_request_size_bytes{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (proto)) or (sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)))","intervalFactor":2,"legendFormat":"{{ proto }}:50","refId":"C","step":60}],"title":"Requests (size, udp)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"bytes","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":6,"x":18,"y":7},"id":12,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"none"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.99, (sum(rate(coredns_dns_request_size_bytes{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (proto)) or (sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)))","format":"time_series","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","intervalFactor":2,"legendFormat":"{{ proto }}:99 ","refId":"A","step":60},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.90, (sum(rate(coredns_dns_request_size_bytes{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (proto)) or (sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)))","format":"time_series","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","intervalFactor":2,"legendFormat":"{{ proto }}:90","refId":"B","step":60},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.50, (sum(rate(coredns_dns_request_size_bytes{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (proto)) or (sum(rate(coredns_dns_request_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)))","format":"time_series","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","intervalFactor":2,"legendFormat":"{{ proto }}:50","refId":"C","step":60}],"title":"Requests (size,tcp)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"normal"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"pps","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":12,"x":0,"y":14},"id":14,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"sum(rate(coredns_dns_response_rcode_count_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (rcode) or\nsum(rate(coredns_dns_responses_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (rcode)","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","intervalFactor":2,"legendFormat":"{{ rcode }}","refId":"A","step":40}],"title":"Responses (by rcode)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"s","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":12,"x":12,"y":14},"id":32,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"none"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.99, (sum(rate(coredns_dns_request_duration_seconds{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (job)) or (sum(rate(coredns_dns_request_duration_seconds_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (le, job)))","format":"time_series","intervalFactor":2,"legendFormat":"99%","refId":"A","step":40},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.90, (sum(rate(coredns_dns_request_duration_seconds{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by ()) or (sum(rate(coredns_dns_request_duration_seconds_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (le)))","format":"time_series","intervalFactor":2,"legendFormat":"90%","refId":"B","step":40},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.50, (sum(rate(coredns_dns_request_duration_seconds{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by ()) or (sum(rate(coredns_dns_request_duration_seconds_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (le)))","format":"time_series","intervalFactor":2,"legendFormat":"50%","refId":"C","step":40}],"title":"Responses (duration)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"bytes","unitScale":true},"overrides":[{"matcher":{"id":"byName","options":"tcp:50%"},"properties":[{"id":"unit","value":"short"}]},{"matcher":{"id":"byName","options":"tcp:90%"},"properties":[{"id":"unit","value":"short"}]},{"matcher":{"id":"byName","options":"tcp:99%"},"properties":[{"id":"unit","value":"short"}]}]},"gridPos":{"h":7,"w":12,"x":0,"y":21},"id":18,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"none"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.99, (sum(rate(coredns_dns_response_size_bytes{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (proto)) or (sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))) ","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","intervalFactor":2,"legendFormat":"{{ proto }}:99%","refId":"A","step":40},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.90, (sum(rate(coredns_dns_response_size_bytes{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (proto)) or (sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))) ","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","intervalFactor":2,"legendFormat":"{{ proto }}:90%","refId":"B","step":40},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.50, (sum(rate(coredns_dns_response_size_bytes{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (proto)) or (sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))) ","hide":false,"intervalFactor":2,"legendFormat":"{{ proto }}:50%","metric":"","refId":"C","step":40}],"title":"Responses (size, udp)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"bytes","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":12,"x":12,"y":21},"id":20,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"none"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.99, (sum(rate(coredns_dns_response_size_bytes{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (proto)) or (sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))) ","format":"time_series","intervalFactor":2,"legendFormat":"{{ proto }}:99%","refId":"A","step":40},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.90, (sum(rate(coredns_dns_response_size_bytes{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (proto)) or (sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))) ","format":"time_series","intervalFactor":2,"legendFormat":"{{ proto }}:90%","refId":"B","step":40},{"datasource":{"uid":"$datasource"},"expr":"histogram_quantile(0.50, (sum(rate(coredns_dns_response_size_bytes{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (proto)) or (sum(rate(coredns_dns_response_size_bytes_bucket{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))) ","format":"time_series","intervalFactor":2,"legendFormat":"{{ proto }}:50%","metric":"","refId":"C","step":40}],"title":"Responses (size, tcp)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"normal"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"decbytes","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":12,"x":0,"y":28},"id":22,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"sum(coredns_cache_size{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}) by (type) or\nsum(coredns_cache_entries{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}) by (type)","interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","intervalFactor":2,"legendFormat":"{{ type }}","refId":"A","step":40}],"title":"Cache (size)","type":"timeseries"},{"datasource":{"uid":"$datasource"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisBorderShow":false,"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":10,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"insertNulls":false,"lineInterpolation":"linear","lineWidth":2,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"never","spanNulls":true,"stacking":{"group":"A","mode":"normal"},"thresholdsStyle":{"mode":"off"}},"links":[],"mappings":[],"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"pps","unitScale":true},"overrides":[]},"gridPos":{"h":7,"w":12,"x":12,"y":28},"id":24,"links":[],"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"10.3.3","targets":[{"datasource":{"uid":"$datasource"},"expr":"sum(rate(coredns_cache_hits_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (type)","hide":false,"intervalFactor":2,"legendFormat":"hits:{{ type }}","refId":"A","step":40},{"datasource":{"uid":"$datasource"},"expr":"sum(rate(coredns_cache_misses_total{job=~\"$job\",cluster=~\"$cluster\",instance=~\"$instance\"}[5m])) by (type)","hide":false,"intervalFactor":2,"legendFormat":"misses","refId":"B","step":40}],"title":"Cache (hitrate)","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["dns","coredns"],"templating":{"list":[{"current":{},"hide":0,"includeAll":false,"multi":false,"name":"datasource","options":[],"query":"prometheus","queryValue":"","refresh":1,"regex":"","skipUrlSync":false,"type":"datasource"},{"allValue":".*","current":{"selected":false,"text":"All","value":"$__all"},"datasource":{"type":"prometheus","uid":"$datasource"},"definition":"label_values(coredns_dns_requests_total, cluster)","hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":true,"label":"Cluster","multi":false,"name":"cluster","options":[],"query":"label_values(coredns_dns_requests_total, cluster)","refresh":2,"regex":"","skipUrlSync":false,"sort":1,"tagValuesQuery":"","tagsQuery":"","type":"query","useTags":false},{"allValue":".*","current":{"selected":false,"text":"All","value":"$__all"},"datasource":{"type":"prometheus","uid":"${datasource}"},"definition":"label_values(coredns_dns_requests_total{cluster=~\"$cluster\"},job)","hide":0,"includeAll":true,"label":"Job","multi":false,"name":"job","options":[],"query":{"qryType":1,"query":"label_values(coredns_dns_requests_total{cluster=~\"$cluster\"},job)","refId":"PrometheusVariableQueryEditor-VariableQuery"},"refresh":2,"regex":"","skipUrlSync":false,"sort":1,"type":"query"},{"allValue":".*","current":{"selected":false,"text":"All","value":"$__all"},"datasource":{"type":"prometheus","uid":"$datasource"},"definition":"label_values(coredns_dns_requests_total{job=~\"$job\",cluster=~\"$cluster\"}, instance)","hide":0,"includeAll":true,"label":"Instance","multi":false,"name":"instance","options":[],"query":"label_values(coredns_dns_requests_total{job=~\"$job\",cluster=~\"$cluster\"}, instance)","refresh":2,"regex":"","skipUrlSync":false,"sort":3,"tagValuesQuery":"","tagsQuery":"","type":"query","useTags":false}]},"time":{"from":"now-3h","to":"now"},"timepicker":{"refresh_intervals":["10s","30s","1m","5m","15m","30m","1h","2h","1d"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"CoreDNS","uid":"vkQ0UHxik","version":3,"weekStart":""}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.coreDns.enabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-coredns" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-coredns" | trunc 63 | trimSuffix "-" }} + key: k8s-coredns.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml new file mode 100644 index 0000000..8aae688 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'k8s-resources-cluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-cluster" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + k8s-resources-cluster.json: |- + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"cluster:node_cpu:ratio_rate5m{cluster=\"$cluster\"}","instant":true}],"title":"CPU Utilisation","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":4,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\",cluster=\"$cluster\"})","instant":true}],"title":"CPU Requests Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":8,"y":0},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\",cluster=\"$cluster\"})","instant":true}],"title":"CPU Limits Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":12,"y":0},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(node_memory_MemTotal_bytes{job=\"node-exporter\",cluster=\"$cluster\"})","instant":true}],"title":"Memory Utilisation","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":16,"y":0},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"memory\",cluster=\"$cluster\"})","instant":true}],"title":"Memory Requests Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":20,"y":0},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"memory\",cluster=\"$cluster\"})","instant":true}],"title":"Memory Limits Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true}}},"gridPos":{"h":6,"w":24,"x":0,"y":6},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\"})) by (namespace)","legendFormat":"__auto"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Namespace"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?${datasource:queryparam}&var-cluster=$cluster&var-namespace=${__data.fields.Namespace}"}]}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":12},"id":8,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_owner{job=\"kube-state-metrics\", cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\"})) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\"})) by (namespace) / sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\"})) by (namespace) / sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"namespace","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"Time 7":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Time 7":6,"Value #A":8,"Value #B":9,"Value #C":10,"Value #D":11,"Value #E":12,"Value #F":13,"Value #G":14,"namespace":7},"renameByName":{"Value #A":"Pods","Value #B":"Workloads","Value #C":"CPU Usage","Value #D":"CPU Requests","Value #E":"CPU Requests %","Value #F":"CPU Limits","Value #G":"CPU Limits %","namespace":"Namespace"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"}},"gridPos":{"h":6,"w":24,"x":0,"y":18},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_rss{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"})) by (namespace)","legendFormat":"__auto"}],"title":"Memory","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Memory Usage"},"properties":[{"id":"unit","value":"bytes"}]},{"matcher":{"id":"byName","options":"Memory Requests"},"properties":[{"id":"unit","value":"bytes"}]},{"matcher":{"id":"byName","options":"Memory Limits"},"properties":[{"id":"unit","value":"bytes"}]},{"matcher":{"id":"byName","options":"Namespace"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?${datasource:queryparam}&var-cluster=$cluster&var-namespace=${__data.fields.Namespace}"}]}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":24},"id":10,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_owner{job=\"kube-state-metrics\", cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_rss{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"})) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_rss{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"})) by (namespace) / sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_rss{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"})) by (namespace) / sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true}],"title":"Memory Requests by Namespace","transformations":[{"id":"joinByField","options":{"byField":"namespace","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"Time 7":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Time 7":6,"Value #A":8,"Value #B":9,"Value #C":10,"Value #D":11,"Value #E":12,"Value #F":13,"Value #G":14,"namespace":7},"renameByName":{"Value #A":"Pods","Value #B":"Workloads","Value #C":"Memory Usage","Value #D":"Memory Requests","Value #E":"Memory Requests %","Value #F":"Memory Limits","Value #G":"Memory Limits %","namespace":"Namespace"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/Bandwidth/"},"properties":[{"id":"unit","value":"bps"}]},{"matcher":{"id":"byRegexp","options":"/Packets/"},"properties":[{"id":"unit","value":"pps"}]},{"matcher":{"id":"byName","options":"Namespace"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?${datasource:queryparam}&var-cluster=$cluster&var-namespace=${__data.fields.Namespace}"}]}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":30},"id":11,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum((8 * rate(container_network_receive_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval]))) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum((8 * rate(container_network_transmit_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval]))) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true}],"title":"Current Network Usage","transformations":[{"id":"joinByField","options":{"byField":"namespace","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":7,"Value #B":8,"Value #C":9,"Value #D":10,"Value #E":11,"Value #F":12,"namespace":6},"renameByName":{"Value #A":"Current Receive Bandwidth","Value #B":"Current Transmit Bandwidth","Value #C":"Rate of Received Packets","Value #D":"Rate of Transmitted Packets","Value #E":"Rate of Received Packets Dropped","Value #F":"Rate of Transmitted Packets Dropped","namespace":"Namespace"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":6,"w":24,"x":0,"y":36},"id":12,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum((8 * rate(container_network_receive_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval]))) by (namespace)","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":6,"w":24,"x":0,"y":42},"id":13,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum((8 * rate(container_network_transmit_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval]))) by (namespace)","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":6,"w":24,"x":0,"y":48},"id":14,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"avg((8 * rate(container_network_receive_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval]))) by (namespace)","legendFormat":"__auto"}],"title":"Average Container Bandwidth by Namespace: Received","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":6,"w":24,"x":0,"y":54},"id":15,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"avg((8 * rate(container_network_transmit_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval]))) by (namespace)","legendFormat":"__auto"}],"title":"Average Container Bandwidth by Namespace: Transmitted","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":6,"w":24,"x":0,"y":60},"id":16,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":6,"w":24,"x":0,"y":66},"id":17,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":6,"w":24,"x":0,"y":72},"id":18,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":6,"w":24,"x":0,"y":78},"id":19,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"iops"}},"gridPos":{"h":6,"w":24,"x":0,"y":84},"id":20,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"ceil(sum by(namespace) (rate(container_fs_reads_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval])))","legendFormat":"__auto"}],"title":"IOPS(Reads+Writes)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":6,"w":24,"x":0,"y":90},"id":21,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","legendFormat":"__auto"}],"title":"ThroughPut(Read+Write)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/IOPS/"},"properties":[{"id":"unit","value":"iops"}]},{"matcher":{"id":"byRegexp","options":"/Throughput/"},"properties":[{"id":"unit","value":"bps"}]},{"matcher":{"id":"byName","options":"Namespace"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?${datasource:queryparam}&var-cluster=$cluster&var-namespace=${__data.fields.Namespace}"}]}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":96},"id":22,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(namespace) (rate(container_fs_reads_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(namespace) (rate(container_fs_writes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(namespace) (rate(container_fs_reads_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(namespace) (rate(container_fs_writes_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true}],"title":"Current Storage IO","transformations":[{"id":"joinByField","options":{"byField":"namespace","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":7,"Value #B":8,"Value #C":9,"Value #D":10,"Value #E":11,"Value #F":12,"namespace":6},"renameByName":{"Value #A":"IOPS(Reads)","Value #B":"IOPS(Writes)","Value #C":"IOPS(Reads + Writes)","Value #D":"Throughput(Read)","Value #E":"Throughput(Write)","Value #F":"Throughput(Read + Write)","namespace":"Namespace"}}}],"type":"table"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Cluster","uid":"efa86fd1d0c121a26444b636a3f509a8"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-cluster" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-cluster" | trunc 63 | trimSuffix "-" }} + key: k8s-resources-cluster.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-multicluster.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-multicluster.yaml new file mode 100644 index 0000000..abcd7bf --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-multicluster.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'k8s-resources-multicluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-multicluster" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + k8s-resources-multicluster.json: |- + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"none"}},"gridPos":{"h":3,"w":4,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(cluster:node_cpu:ratio_rate5m) / count(cluster:node_cpu:ratio_rate5m)","instant":true}],"title":"CPU Utilisation","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":4,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"cpu\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\", resource=\"cpu\"})","instant":true}],"title":"CPU Requests Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":8,"y":0},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"cpu\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\", resource=\"cpu\"})","instant":true}],"title":"CPU Limits Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":12,"y":0},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"1 - sum(:node_memory_MemAvailable_bytes:sum) / sum(node_memory_MemTotal_bytes{job=\"node-exporter\"})","instant":true}],"title":"Memory Utilisation","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":16,"y":0},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"memory\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\", resource=\"memory\"})","instant":true}],"title":"Memory Requests Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":20,"y":0},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"memory\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\", resource=\"memory\"})","instant":true}],"title":"Memory Limits Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"}}},"gridPos":{"h":7,"w":24,"x":0,"y":1},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m)) by (cluster)","legendFormat":"__auto"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Cluster"},"properties":[{"id":"links","value":[{"title":"Drill down","url":"/d/efa86fd1d0c121a26444b636a3f509a8/kubernetes-compute-resources-cluster?${datasource:queryparam}&var-cluster=${__data.fields.Cluster}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":2},"id":8,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m)) by (cluster)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"cpu\"}) by (cluster)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m)) by (cluster) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"cpu\"}) by (cluster)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"cpu\"}) by (cluster)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m)) by (cluster) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"cpu\"}) by (cluster)","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"cluster","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"cluster":5},"renameByName":{"Value #A":"CPU Usage","Value #B":"CPU Requests","Value #C":"CPU Requests %","Value #D":"CPU Limits","Value #E":"CPU Limits %","cluster":"Cluster"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"bytes"}},"gridPos":{"h":7,"w":24,"x":0,"y":3},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_rss{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", container!=\"\"})) by (cluster)","legendFormat":"__auto"}],"title":"Memory Usage (w/o cache)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Cluster"},"properties":[{"id":"links","value":[{"title":"Drill down","url":"/d/efa86fd1d0c121a26444b636a3f509a8/kubernetes-compute-resources-cluster?${datasource:queryparam}&var-cluster=${__data.fields.Cluster}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":4},"id":10,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_rss{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", container!=\"\"})) by (cluster)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"memory\"}) by (cluster)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_rss{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", container!=\"\"})) by (cluster) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"memory\"}) by (cluster)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"memory\"}) by (cluster)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_rss{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", container!=\"\"})) by (cluster) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"memory\"}) by (cluster)","format":"table","instant":true}],"title":"Memory Requests by Cluster","transformations":[{"id":"joinByField","options":{"byField":"cluster","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"cluster":5},"renameByName":{"Value #A":"Memory Usage","Value #B":"Memory Requests","Value #C":"Memory Requests %","Value #D":"Memory Limits","Value #E":"Memory Limits %","cluster":"Cluster"}}}],"type":"table"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Multi-Cluster","uid":"b59e6c9f2fcbe2e16d77fc492374cc4f"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-multicluster" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-multicluster" | trunc 63 | trimSuffix "-" }} + key: k8s-resources-multicluster.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml new file mode 100644 index 0000000..ad5b1b2 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'k8s-resources-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-namespace" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + k8s-resources-namespace.json: |- + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":6,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", namespace=\"$namespace\"})) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})","instant":true}],"title":"CPU Utilisation (from requests)","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":6,"x":6,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", namespace=\"$namespace\"})) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})","instant":true}],"title":"CPU Utilisation (from limits)","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":6,"x":12,"y":0},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"})) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})","instant":true}],"title":"Memory Utilisation (from requests)","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":6,"x":18,"y":0},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"})) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})","instant":true}],"title":"Memory Utilisation (from limits)","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true}},"overrides":[{"matcher":{"id":"byFrameRefID","options":"B"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"red","mode":"fixed"}}]},{"matcher":{"id":"byFrameRefID","options":"C"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"orange","mode":"fixed"}}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":7},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", namespace=\"$namespace\"})) by (pod)","legendFormat":"__auto"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"scalar(max(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"}))","legendFormat":"quota - requests"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"scalar(max(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"}))","legendFormat":"quota - limits"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":6,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", namespace=\"$namespace\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", namespace=\"$namespace\"})) by (pod) / sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", namespace=\"$namespace\"})) by (pod) / sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"})) by (pod)","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"pod":5},"renameByName":{"Value #A":"CPU Usage","Value #B":"CPU Requests","Value #C":"CPU Requests %","Value #D":"CPU Limits","Value #E":"CPU Limits %","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"},"overrides":[{"matcher":{"id":"byFrameRefID","options":"B"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"red","mode":"fixed"}}]},{"matcher":{"id":"byFrameRefID","options":"C"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"orange","mode":"fixed"}}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":21},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"})) by (pod)","legendFormat":"__auto"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"scalar(max(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"}))","legendFormat":"quota - requests"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"scalar(max(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"}))","legendFormat":"quota - limits"}],"title":"Memory Usage (w/o cache)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":28},"id":8,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"})) by (pod) / sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"})) by (pod) / sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_rss{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_cache{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_swap{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"})) by (pod)","format":"table","instant":true}],"title":"Memory Quota","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"Time 7":true,"Time 8":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Time 7":6,"Time 8":7,"Value #A":9,"Value #B":10,"Value #C":11,"Value #D":12,"Value #E":13,"Value #F":14,"Value #G":15,"Value #H":16,"pod":8},"renameByName":{"Value #A":"Memory Usage","Value #B":"Memory Requests","Value #C":"Memory Requests %","Value #D":"Memory Limits","Value #E":"Memory Limits %","Value #F":"Memory Usage (RSS)","Value #G":"Memory Usage (Cache)","Value #H":"Memory Usage (Swap)","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/Bandwidth/"},"properties":[{"id":"unit","value":"bps"}]},{"matcher":{"id":"byRegexp","options":"/Packets/"},"properties":[{"id":"unit","value":"pps"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":35},"id":9,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum((8 * rate(container_network_receive_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum((8 * rate(container_network_transmit_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true}],"title":"Current Network Usage","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":7,"Value #B":8,"Value #C":9,"Value #D":10,"Value #E":11,"Value #F":12,"pod":6},"renameByName":{"Value #A":"Current Receive Bandwidth","Value #B":"Current Transmit Bandwidth","Value #C":"Rate of Received Packets","Value #D":"Rate of Transmitted Packets","Value #E":"Rate of Received Packets Dropped","Value #F":"Rate of Transmitted Packets Dropped","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":42},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum((8 * rate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))) by (pod)","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":42},"id":11,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum((8 * rate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))) by (pod)","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":0,"y":49},"id":12,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":12,"y":49},"id":13,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":0,"y":56},"id":14,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":12,"y":56},"id":15,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"iops"}},"gridPos":{"h":7,"w":12,"x":0,"y":63},"id":16,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"ceil(sum by(pod) (rate(container_fs_reads_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])))","legendFormat":"__auto"}],"title":"IOPS(Reads+Writes)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":63},"id":17,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","legendFormat":"__auto"}],"title":"ThroughPut(Read+Write)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/IOPS/"},"properties":[{"id":"unit","value":"iops"}]},{"matcher":{"id":"byRegexp","options":"/Throughput/"},"properties":[{"id":"unit","value":"bps"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":70},"id":18,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_reads_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_writes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_reads_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_reads_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_writes_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_reads_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true}],"title":"Current Storage IO","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":7,"Value #B":8,"Value #C":9,"Value #D":10,"Value #E":11,"Value #F":12,"pod":6},"renameByName":{"Value #A":"IOPS(Reads)","Value #B":"IOPS(Writes)","Value #C":"IOPS(Reads + Writes)","Value #D":"Throughput(Read)","Value #E":"Throughput(Write)","Value #F":"Throughput(Read + Write)","pod":"Pod"}}}],"type":"table"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"namespace","name":"namespace","query":"label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Namespace (Pods)","uid":"85a562078cdf77779eaa1add43ccec1e"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-namespace" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-namespace" | trunc 63 | trimSuffix "-" }} + key: k8s-resources-namespace.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-node.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-node.yaml new file mode 100644 index 0000000..163e8a5 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-node.yaml @@ -0,0 +1,56 @@ +{{- /* +Generated from 'k8s-resources-node' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-node" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + k8s-resources-node.json: |- + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true,"stacking":{"mode":"normal"}}},"overrides":[{"matcher":{"id":"byName","options":"max capacity"},"properties":[{"id":"color","value":{"fixedColor":"red","mode":"fixed"}},{"id":"custom.stacking","value":{"mode":"none"}},{"id":"custom.hideFrom","value":{"legend":false,"tooltip":true,"viz":false}},{"id":"custom.lineStyle","value":{"dash":[10,10],"fill":"dash"}}]},{"matcher":{"id":"byName","options":"max allocatable"},"properties":[{"id":"color","value":{"fixedColor":"super-light-red","mode":"fixed"}},{"id":"custom.stacking","value":{"mode":"none"}},{"id":"custom.hideFrom","value":{"legend":false,"tooltip":true,"viz":false}},{"id":"custom.lineStyle","value":{"dash":[10,10],"fill":"dash"}},{"id":"custom.fillOpacity","value":0}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_node_status_capacity{cluster=\"$cluster\", job=\"kube-state-metrics\", node=~\"$node\", resource=\"cpu\"})","legendFormat":"max capacity"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_node_status_allocatable{cluster=\"$cluster\", job=\"kube-state-metrics\", node=~\"$node\", resource=\"cpu\"})","legendFormat":"max allocatable"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", node=~\"$node\"})) by (pod)","legendFormat":"{{pod}}"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":6},"id":2,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", node=~\"$node\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", node=~\"$node\"})) by (pod) / sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", node=~\"$node\"})) by (pod) / sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"})) by (pod)","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"renameByName":{"Value #A":"CPU Usage","Value #B":"CPU Requests","Value #C":"CPU Requests %","Value #D":"CPU Limits","Value #E":"CPU Limits %","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true,"stacking":{"mode":"normal"}},"unit":"bytes"},"overrides":[{"matcher":{"id":"byName","options":"max capacity"},"properties":[{"id":"color","value":{"fixedColor":"red","mode":"fixed"}},{"id":"custom.stacking","value":{"mode":"none"}},{"id":"custom.hideFrom","value":{"legend":false,"tooltip":true,"viz":false}},{"id":"custom.lineStyle","value":{"dash":[10,10],"fill":"dash"}}]},{"matcher":{"id":"byName","options":"max allocatable"},"properties":[{"id":"color","value":{"fixedColor":"super-light-red","mode":"fixed"}},{"id":"custom.stacking","value":{"mode":"none"}},{"id":"custom.hideFrom","value":{"legend":false,"tooltip":true,"viz":false}},{"id":"custom.lineStyle","value":{"dash":[10,10],"fill":"dash"}},{"id":"custom.fillOpacity","value":0}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":12},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_node_status_capacity{cluster=\"$cluster\", job=\"kube-state-metrics\", node=~\"$node\", resource=\"memory\"})","legendFormat":"max capacity"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_node_status_allocatable{cluster=\"$cluster\", job=\"kube-state-metrics\", node=~\"$node\", resource=\"memory\"})","legendFormat":"max allocatable"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\", container!=\"\"})) by (pod)","legendFormat":"{{pod}}"}],"title":"Memory Usage (w/cache)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true,"stacking":{"mode":"normal"}},"unit":"bytes"},"overrides":[{"matcher":{"id":"byName","options":"max capacity"},"properties":[{"id":"color","value":{"fixedColor":"red","mode":"fixed"}},{"id":"custom.stacking","value":{"mode":"none"}},{"id":"custom.hideFrom","value":{"legend":false,"tooltip":true,"viz":false}},{"id":"custom.lineStyle","value":{"dash":[10,10],"fill":"dash"}}]},{"matcher":{"id":"byName","options":"max allocatable"},"properties":[{"id":"color","value":{"fixedColor":"super-light-red","mode":"fixed"}},{"id":"custom.stacking","value":{"mode":"none"}},{"id":"custom.hideFrom","value":{"legend":false,"tooltip":true,"viz":false}},{"id":"custom.lineStyle","value":{"dash":[10,10],"fill":"dash"}},{"id":"custom.fillOpacity","value":0}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":18},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_node_status_capacity{cluster=\"$cluster\", job=\"kube-state-metrics\", node=~\"$node\", resource=\"memory\"})","legendFormat":"max capacity"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_node_status_allocatable{cluster=\"$cluster\", job=\"kube-state-metrics\", node=~\"$node\", resource=\"memory\"})","legendFormat":"max allocatable"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_memory_rss{cluster=\"$cluster\", node=~\"$node\", container!=\"\"})) by (pod)","legendFormat":"{{pod}}"}],"title":"Memory Usage (w/o cache)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":24},"id":5,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"})) by (pod) / sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"})) by (pod) / sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_memory_rss{cluster=\"$cluster\", node=~\"$node\",container!=\"\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_memory_cache{cluster=\"$cluster\", node=~\"$node\",container!=\"\"})) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_memory_swap{cluster=\"$cluster\", node=~\"$node\",container!=\"\"})) by (pod)","format":"table","instant":true}],"title":"Memory Quota","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"Time 7":true,"Time 8":true},"renameByName":{"Value #A":"Memory Usage","Value #B":"Memory Requests","Value #C":"Memory Requests %","Value #D":"Memory Limits","Value #E":"Memory Limits %","Value #F":"Memory Usage (RSS)","Value #G":"Memory Usage (Cache)","Value #H":"Memory Usage (Swap)","pod":"Pod"}}}],"type":"table"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"node","multi":true,"name":"node","query":"label_values(kube_node_info{cluster=\"$cluster\"}, node)","refresh":2,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Node (Pods)","uid":"200ac8fdbfbb74b39aff88118e4d1c2c"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-node" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-node" | trunc 63 | trimSuffix "-" }} + key: k8s-resources-node.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml new file mode 100644 index 0000000..3e427a4 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'k8s-resources-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-pod" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + k8s-resources-pod.json: |- + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true}},"overrides":[{"matcher":{"id":"byFrameRefID","options":"B"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"red","mode":"fixed"}}]},{"matcher":{"id":"byFrameRefID","options":"C"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"orange","mode":"fixed"}}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\", container!=\"\"})) by (container)","legendFormat":"__auto"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n","legendFormat":"requests"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n","legendFormat":"limits"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"axisColorMode":"thresholds","axisSoftMax":1,"axisSoftMin":0,"fillOpacity":10,"showPoints":"never","spanNulls":true,"thresholdsStyle":{"mode":"dashed+area"}},"unit":"percentunit"},"overrides":[{"matcher":{"id":"byFrameRefID","options":"A"},"properties":[{"id":"thresholds","value":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":0.25}]}},{"id":"color","value":{"mode":"thresholds","seriesBy":"lastNotNull"}}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":7},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(increase(container_cpu_cfs_throttled_periods_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container) /sum(increase(container_cpu_cfs_periods_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container)","legendFormat":"__auto"}],"title":"CPU Throttling","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":3,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\", container!=\"\"})) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"})) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"})) by (container) / sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"})) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"})) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"})) by (container) / sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"})) by (container)","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"container","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"container":5},"renameByName":{"Value #A":"CPU Usage","Value #B":"CPU Requests","Value #C":"CPU Requests %","Value #D":"CPU Limits","Value #E":"CPU Limits %","container":"Container"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"},"overrides":[{"matcher":{"id":"byFrameRefID","options":"B"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"red","mode":"fixed"}}]},{"matcher":{"id":"byFrameRefID","options":"C"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"orange","mode":"fixed"}}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":21},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"})) by (container)","legendFormat":"__auto"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n","legendFormat":"requests"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n","legendFormat":"limits"}],"title":"Memory Usage (WSS)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":28},"id":5,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"})) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", image!=\"\"})) by (container) / sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"})) by (container) / sum(max by (cluster, namespace, pod, container)(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_rss{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"})) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_cache{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"})) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(max by (cluster, namespace, pod, container)(container_memory_swap{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"})) by (container)","format":"table","instant":true}],"title":"Memory Quota","transformations":[{"id":"joinByField","options":{"byField":"container","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"Time 7":true,"Time 8":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Time 7":6,"Time 8":7,"Value #A":9,"Value #B":10,"Value #C":11,"Value #D":12,"Value #E":13,"Value #F":14,"Value #G":15,"Value #H":16,"container":8},"renameByName":{"Value #A":"Memory Usage","Value #B":"Memory Requests","Value #C":"Memory Requests %","Value #D":"Memory Limits","Value #E":"Memory Limits %","Value #F":"Memory Usage (RSS)","Value #G":"Memory Usage (Cache)","Value #H":"Memory Usage (Swap)","container":"Container"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":35},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum((8 * irate(container_network_receive_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval]))) by (pod)","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":35},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum((8 * rate(container_network_transmit_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval]))) by (pod)","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":0,"y":42},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":12,"y":42},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":0,"y":49},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":12,"y":49},"id":11,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"iops"}},"gridPos":{"h":7,"w":12,"x":0,"y":56},"id":12,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"ceil(sum by(pod) (rate(container_fs_reads_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])))","legendFormat":"Reads"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"ceil(sum by(pod) (rate(container_fs_writes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\",namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])))","legendFormat":"Writes"}],"title":"IOPS (Pod)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":56},"id":13,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_reads_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval]))","legendFormat":"Reads"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_writes_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval]))","legendFormat":"Writes"}],"title":"ThroughPut (Pod)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"iops"}},"gridPos":{"h":7,"w":12,"x":0,"y":63},"id":14,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"ceil(sum by(container) (rate(container_fs_reads_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval])))","legendFormat":"__auto"}],"title":"IOPS (Containers)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":63},"id":15,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(container) (rate(container_fs_reads_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","legendFormat":"__auto"}],"title":"ThroughPut (Containers)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/IOPS/"},"properties":[{"id":"unit","value":"iops"}]},{"matcher":{"id":"byRegexp","options":"/Throughput/"},"properties":[{"id":"unit","value":"Bps"}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":70},"id":16,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(container) (rate(container_fs_reads_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(container) (rate(container_fs_writes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\",device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(container) (rate(container_fs_reads_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(container) (rate(container_fs_reads_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(container) (rate(container_fs_writes_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(container) (rate(container_fs_reads_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true}],"title":"Current Storage IO","transformations":[{"id":"joinByField","options":{"byField":"container","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":7,"Value #B":8,"Value #C":9,"Value #D":10,"Value #E":11,"Value #F":12,"container":6},"renameByName":{"Value #A":"IOPS(Reads)","Value #B":"IOPS(Writes)","Value #C":"IOPS(Reads + Writes)","Value #D":"Throughput(Read)","Value #E":"Throughput(Write)","Value #F":"Throughput(Read + Write)","container":"Container"}}}],"type":"table"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"namespace","name":"namespace","query":"label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"pod","name":"pod","query":"label_values(kube_pod_info{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\"}, pod)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Pod","uid":"6581e46e4e5c7ba40a07646395ef7b23"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-pod" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-pod" | trunc 63 | trimSuffix "-" }} + key: k8s-resources-pod.json +{{- end }} diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-windows-cluster.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-windows-cluster.yaml similarity index 80% rename from charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-windows-cluster.yaml rename to charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-windows-cluster.yaml index 9dbed47..8905448 100644 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-windows-cluster.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-windows-cluster.yaml @@ -14,11 +14,43 @@ metadata: {{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} labels: {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} {{- end }} app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} data: k8s-resources-windows-cluster.json: |- - {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"none"}},"gridPos":{"h":3,"w":4,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"1 - avg(rate(windows_cpu_time_total{cluster=\"$cluster\", job=\"windows-exporter\", mode=\"idle\"}[$__rate_interval]))","instant":true}],"title":"CPU Utilisation","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":4,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\"}) / sum(node:windows_node_num_cpu:sum{cluster=\"$cluster\"})","instant":true}],"title":"CPU Requests Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":8,"y":0},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\"}) / sum(node:windows_node_num_cpu:sum{cluster=\"$cluster\"})","instant":true}],"title":"CPU Limits Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":12,"y":0},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"1 - sum(:windows_node_memory_MemFreeCached_bytes:sum{cluster=\"$cluster\"}) / sum(:windows_node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})","instant":true}],"title":"Memory Utilisation","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":16,"y":0},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\"}) / sum(:windows_node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})","instant":true}],"title":"Memory Requests Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":20,"y":0},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\"}) / sum(:windows_node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})","instant":true}],"title":"Memory Limits Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true}}},"gridPos":{"h":7,"w":24,"x":0,"y":7},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)","legendFormat":"__auto"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Namespace"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/490b402361724ab1d4c45666c1fa9b6f/k8s-resources-windows-namespace?${datasource:queryparam}&var-cluster=$cluster&var-namespace=${__data.fields.Namespace}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":8,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"namespace","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"namespace":5},"renameByName":{"Value #A":"CPU Usage","Value #B":"CPU Requests","Value #C":"CPU Requests %","Value #D":"CPU Limits","Value #E":"CPU Limits %","namespace":"Namespace"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"decbytes"}},"gridPos":{"h":7,"w":24,"x":0,"y":21},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\"}) by (namespace)","legendFormat":"__auto"}],"title":"Memory Usage (Private Working Set)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Memory Usage"},"properties":[{"id":"unit","value":"decbytes"}]},{"matcher":{"id":"byName","options":"Memory Requests"},"properties":[{"id":"unit","value":"decbytes"}]},{"matcher":{"id":"byName","options":"Memory Limits"},"properties":[{"id":"unit","value":"decbytes"}]},{"matcher":{"id":"byName","options":"Namespace"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/490b402361724ab1d4c45666c1fa9b6f/k8s-resources-windows-namespace?${datasource:queryparam}&var-cluster=$cluster&var-namespace=${__data.fields.Namespace}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":28},"id":10,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true}],"title":"Memory Requests by Namespace","transformations":[{"id":"joinByField","options":{"byField":"namespace","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"namespace":5},"renameByName":{"Value #A":"Memory Usage","Value #B":"Memory Requests","Value #C":"Memory Requests %","Value #D":"Memory Limits","Value #E":"Memory Limits %","namespace":"Namespace"}}}],"type":"table"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"windows-exporter\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Cluster(Windows)","uid":"4d08557fd9391b100730f2494bccac68"}`}} -{{- end }} \ No newline at end of file + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"none"}},"gridPos":{"h":3,"w":4,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"1 - avg(rate(windows_cpu_time_total{cluster=\"$cluster\", job=\"windows-exporter\", mode=\"idle\"}[$__rate_interval]))","instant":true}],"title":"CPU Utilisation","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":4,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\"}) / sum(node:windows_node_num_cpu:sum{cluster=\"$cluster\"})","instant":true}],"title":"CPU Requests Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":8,"y":0},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\"}) / sum(node:windows_node_num_cpu:sum{cluster=\"$cluster\"})","instant":true}],"title":"CPU Limits Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":12,"y":0},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"1 - sum(:windows_node_memory_MemFreeCached_bytes:sum{cluster=\"$cluster\"}) / sum(:windows_node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})","instant":true}],"title":"Memory Utilisation","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":16,"y":0},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\"}) / sum(:windows_node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})","instant":true}],"title":"Memory Requests Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":20,"y":0},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\"}) / sum(:windows_node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})","instant":true}],"title":"Memory Limits Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true}}},"gridPos":{"h":7,"w":24,"x":0,"y":7},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)","legendFormat":"__auto"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Namespace"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/490b402361724ab1d4c45666c1fa9b6f/k8s-resources-windows-namespace?${datasource:queryparam}&var-cluster=$cluster&var-namespace=${__data.fields.Namespace}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":8,"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"namespace","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"namespace":5},"renameByName":{"Value #A":"CPU Usage","Value #B":"CPU Requests","Value #C":"CPU Requests %","Value #D":"CPU Limits","Value #E":"CPU Limits %","namespace":"Namespace"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"decbytes"}},"gridPos":{"h":7,"w":24,"x":0,"y":21},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\"}) by (namespace)","legendFormat":"__auto"}],"title":"Memory Usage (Private Working Set)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Memory Usage"},"properties":[{"id":"unit","value":"decbytes"}]},{"matcher":{"id":"byName","options":"Memory Requests"},"properties":[{"id":"unit","value":"decbytes"}]},{"matcher":{"id":"byName","options":"Memory Limits"},"properties":[{"id":"unit","value":"decbytes"}]},{"matcher":{"id":"byName","options":"Namespace"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/490b402361724ab1d4c45666c1fa9b6f/k8s-resources-windows-namespace?${datasource:queryparam}&var-cluster=$cluster&var-namespace=${__data.fields.Namespace}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":28},"id":10,"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true}],"title":"Memory Requests by Namespace","transformations":[{"id":"joinByField","options":{"byField":"namespace","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"namespace":5},"renameByName":{"Value #A":"Memory Usage","Value #B":"Memory Requests","Value #C":"Memory Requests %","Value #D":"Memory Limits","Value #E":"Memory Limits %","namespace":"Namespace"}}}],"type":"table"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"windows-exporter\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Cluster(Windows)","uid":"4d08557fd9391b100730f2494bccac68"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.windowsMonitoring.enabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-windows-cluster" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-windows-cluster" | trunc 63 | trimSuffix "-" }} + key: k8s-resources-windows-cluster.json +{{- end }} diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-windows-namespace.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-windows-namespace.yaml similarity index 78% rename from charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-windows-namespace.yaml rename to charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-windows-namespace.yaml index ef75d6d..a7cf05e 100644 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-windows-namespace.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-windows-namespace.yaml @@ -14,11 +14,43 @@ metadata: {{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} labels: {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} {{- end }} app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} data: k8s-resources-windows-namespace.json: |- - {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true}}},"gridPos":{"h":7,"w":24,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","legendFormat":"__auto"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/40597a704a610e936dc6ed374a7ce023/k8s-resources-windows-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":7},"id":2,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"pod":5},"renameByName":{"Value #A":"CPU Usage","Value #B":"CPU Requests","Value #C":"CPU Requests %","Value #D":"CPU Limits","Value #E":"CPU Limits %","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"decbytes"}},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","legendFormat":"__auto"}],"title":"Memory Usage (Private Working Set)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/40597a704a610e936dc6ed374a7ce023/k8s-resources-windows-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":21},"id":4,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true}],"title":"Memory Quota","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"pod":5},"renameByName":{"Value #A":"Memory Usage","Value #B":"Memory Requests","Value #C":"Memory Requests %","Value #D":"Memory Limits","Value #E":"Memory Limits %","pod":"Pod"}}}],"type":"table"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"windows-exporter\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"namespace","name":"namespace","query":"label_values(windows_pod_container_available{cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Namespace(Windows)","uid":"490b402361724ab1d4c45666c1fa9b6f"}`}} -{{- end }} \ No newline at end of file + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true}}},"gridPos":{"h":7,"w":24,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","legendFormat":"__auto"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/40597a704a610e936dc6ed374a7ce023/k8s-resources-windows-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":7},"id":2,"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"pod":5},"renameByName":{"Value #A":"CPU Usage","Value #B":"CPU Requests","Value #C":"CPU Requests %","Value #D":"CPU Limits","Value #E":"CPU Limits %","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"decbytes"}},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","legendFormat":"__auto"}],"title":"Memory Usage (Private Working Set)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/40597a704a610e936dc6ed374a7ce023/k8s-resources-windows-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":21},"id":4,"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true}],"title":"Memory Quota","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"pod":5},"renameByName":{"Value #A":"Memory Usage","Value #B":"Memory Requests","Value #C":"Memory Requests %","Value #D":"Memory Limits","Value #E":"Memory Limits %","pod":"Pod"}}}],"type":"table"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"windows-exporter\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"namespace","name":"namespace","query":"label_values(windows_pod_container_available{cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Namespace(Windows)","uid":"490b402361724ab1d4c45666c1fa9b6f"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.windowsMonitoring.enabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-windows-namespace" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-windows-namespace" | trunc 63 | trimSuffix "-" }} + key: k8s-resources-windows-namespace.json +{{- end }} diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-windows-pod.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-windows-pod.yaml similarity index 80% rename from charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-windows-pod.yaml rename to charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-windows-pod.yaml index 556c1a0..cb4720f 100644 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-windows-pod.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-windows-pod.yaml @@ -14,11 +14,43 @@ metadata: {{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} labels: {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} {{- end }} app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} data: k8s-resources-windows-pod.json: |- - {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true}}},"gridPos":{"h":7,"w":24,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","legendFormat":"__auto"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Namespace"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/490b402361724ab1d4c45666c1fa9b6f/k8s-resources-windows-namespace?${datasource:queryparam}&var-cluster=$cluster&var-namespace=${__data.fields.Namespace}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":7},"id":2,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"container","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"container":5},"renameByName":{"Value #A":"CPU Usage","Value #B":"CPU Requests","Value #C":"CPU Requests %","Value #D":"CPU Limits","Value #E":"CPU Limits %","container":"Container"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"decbytes"}},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","legendFormat":"__auto"}],"title":"Memory Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":21},"id":4,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true}],"title":"Memory Quota","transformations":[{"id":"joinByField","options":{"byField":"container","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"container":5},"renameByName":{"Value #A":"Memory Usage","Value #B":"Memory Requests","Value #C":"Memory Requests %","Value #D":"Memory Limits","Value #E":"Memory Limits %","container":"Container"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"}},"gridPos":{"h":7,"w":24,"x":0,"y":28},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum by (container) (rate(windows_container_network_received_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval])))","legendFormat":"Received : {{ container }}"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum by (container) (rate(windows_container_network_transmitted_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval])))","legendFormat":"Transmitted : {{ container }}"}],"title":"Network I/O","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"windows-exporter\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"namespace","name":"namespace","query":"label_values(windows_pod_container_available{cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"pod","name":"pod","query":"label_values(windows_pod_container_available{cluster=\"$cluster\",namespace=\"$namespace\"}, pod)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Pod(Windows)","uid":"40597a704a610e936dc6ed374a7ce023"}`}} -{{- end }} \ No newline at end of file + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true}}},"gridPos":{"h":7,"w":24,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","legendFormat":"__auto"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Namespace"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/490b402361724ab1d4c45666c1fa9b6f/k8s-resources-windows-namespace?${datasource:queryparam}&var-cluster=$cluster&var-namespace=${__data.fields.Namespace}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":7},"id":2,"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_windows_container_resource_cpu_cores_request{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_pod_container:windows_container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_windows_container_resource_cpu_cores_limit{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"container","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"container":5},"renameByName":{"Value #A":"CPU Usage","Value #B":"CPU Requests","Value #C":"CPU Requests %","Value #D":"CPU Limits","Value #E":"CPU Limits %","container":"Container"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"decbytes"}},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","legendFormat":"__auto"}],"title":"Memory Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":21},"id":4,"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_windows_container_resource_memory_request{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(windows_container_private_working_set_usage{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_windows_container_resource_memory_limit{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true}],"title":"Memory Quota","transformations":[{"id":"joinByField","options":{"byField":"container","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"container":5},"renameByName":{"Value #A":"Memory Usage","Value #B":"Memory Requests","Value #C":"Memory Requests %","Value #D":"Memory Limits","Value #E":"Memory Limits %","container":"Container"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"}},"gridPos":{"h":7,"w":24,"x":0,"y":28},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum by (container) (rate(windows_container_network_received_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval])))","legendFormat":"Received : {{ container }}"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum by (container) (rate(windows_container_network_transmitted_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval])))","legendFormat":"Transmitted : {{ container }}"}],"title":"Network I/O","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"windows-exporter\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"namespace","name":"namespace","query":"label_values(windows_pod_container_available{cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"pod","name":"pod","query":"label_values(windows_pod_container_available{cluster=\"$cluster\",namespace=\"$namespace\"}, pod)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Pod(Windows)","uid":"40597a704a610e936dc6ed374a7ce023"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.windowsMonitoring.enabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-windows-pod" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-windows-pod" | trunc 63 | trimSuffix "-" }} + key: k8s-resources-windows-pod.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml new file mode 100644 index 0000000..542accd --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'k8s-resources-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workload" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + k8s-resources-workload.json: |- + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true}}},"gridPos":{"h":7,"w":24,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", namespace=\"$namespace\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","legendFormat":"__auto"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":7},"id":2,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", namespace=\"$namespace\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", namespace=\"$namespace\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n/sum(\n max by (cluster, namespace, pod, container)(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", namespace=\"$namespace\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n/sum(\n max by (cluster, namespace, pod, container)(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"pod":5},"renameByName":{"Value #A":"CPU Usage","Value #B":"CPU Requests","Value #C":"CPU Requests %","Value #D":"CPU Limits","Value #E":"CPU Limits %","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"}},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","legendFormat":"__auto"}],"title":"Memory Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":21},"id":4,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n/sum(\n max by (cluster, namespace, pod, container)(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n/sum(\n max by (cluster, namespace, pod, container)(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true}],"title":"Memory Quota","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":9,"Value #B":10,"Value #C":11,"Value #D":12,"Value #E":13,"pod":8},"renameByName":{"Value #A":"Memory Usage","Value #B":"Memory Requests","Value #C":"Memory Requests %","Value #D":"Memory Limits","Value #E":"Memory Limits %","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/Bandwidth/"},"properties":[{"id":"unit","value":"bps"}]},{"matcher":{"id":"byRegexp","options":"/Packets/"},"properties":[{"id":"unit","value":"pps"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":28},"id":5,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum((8 * rate(container_network_receive_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum((8 * rate(container_network_transmit_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true}],"title":"Current Network Usage","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":7,"Value #B":8,"Value #C":9,"Value #D":10,"Value #E":11,"Value #F":12,"pod":6},"renameByName":{"Value #A":"Current Receive Bandwidth","Value #B":"Current Transmit Bandwidth","Value #C":"Rate of Received Packets","Value #D":"Rate of Transmitted Packets","Value #E":"Rate of Received Packets Dropped","Value #F":"Rate of Transmitted Packets Dropped","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":35},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum((8 * rate(container_network_receive_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":35},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum((8 * rate(container_network_transmit_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":42},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(avg((8 * rate(container_network_receive_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Average Container Bandwidth by Pod: Received","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":42},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(avg((8 * rate(container_network_transmit_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Average Container Bandwidth by Pod: Transmitted","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":0,"y":49},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":12,"y":49},"id":11,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":0,"y":56},"id":12,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":12,"y":56},"id":13,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"namespace","name":"namespace","query":"label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"label":"workload_type","name":"type","query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\"}, workload_type)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"label":"workload","name":"workload","query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}, workload)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Workload","uid":"a164a7f0339f99e89cea5cb47e9be617"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workload" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workload" | trunc 63 | trimSuffix "-" }} + key: k8s-resources-workload.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml new file mode 100644 index 0000000..8b61e27 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'k8s-resources-workloads-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workloads-namespace" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + k8s-resources-workloads-namespace.json: |- + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true}},"overrides":[{"matcher":{"id":"byFrameRefID","options":"B"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"red","mode":"fixed"}}]},{"matcher":{"id":"byFrameRefID","options":"C"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"orange","mode":"fixed"}}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", namespace=\"$namespace\"})\n* on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","legendFormat":"{{workload}} - {{workload_type}}"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"scalar(max(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=~\"requests.cpu|cpu\"}))","legendFormat":"quota - requests"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"scalar(max(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=~\"limits.cpu\"}))","legendFormat":"quota - limits"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Workload"},"properties":[{"id":"links","value":[{"title":"Drill down to workloads","url":"/d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-type=${__data.fields.Type}&var-workload=${__data.fields.Workload}"}]}]},{"matcher":{"id":"byName","options":"Running Pods"},"properties":[{"id":"unit","value":"none"}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":7},"id":2,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload, workload_type)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", namespace=\"$namespace\"})\n* on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})\n* on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", namespace=\"$namespace\"})\n* on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n/sum(\n max by (cluster, namespace, pod, container)(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})\n* on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})\n* on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m{cluster=\"$cluster\", namespace=\"$namespace\"})\n* on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n/sum(\n max by (cluster, namespace, pod, container)(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})\n* on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"workload","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"workload_type 2":true,"workload_type 3":true,"workload_type 4":true,"workload_type 5":true,"workload_type 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":8,"Value #B":9,"Value #C":10,"Value #D":11,"Value #E":12,"Value #F":13,"workload":6,"workload_type 1":7,"workload_type 2":14,"workload_type 3":15,"workload_type 4":16,"workload_type 5":17,"workload_type 6":18},"renameByName":{"Value #A":"Running Pods","Value #B":"CPU Usage","Value #C":"CPU Requests","Value #D":"CPU Requests %","Value #E":"CPU Limits","Value #F":"CPU Limits %","workload":"Workload","workload_type 1":"Type"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"},"overrides":[{"matcher":{"id":"byFrameRefID","options":"B"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"red","mode":"fixed"}}]},{"matcher":{"id":"byFrameRefID","options":"C"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"orange","mode":"fixed"}}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","legendFormat":"{{workload}} - {{workload_type}}"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"scalar(max(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=~\"requests.memory|memory\"}))","legendFormat":"quota - requests"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"scalar(max(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=~\"limits.memory\"}))","legendFormat":"quota - limits"}],"title":"Memory Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Workload"},"properties":[{"id":"links","value":[{"title":"Drill down to workloads","url":"/d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-type=${__data.fields.Type}&var-workload=${__data.fields.Workload}"}]}]},{"matcher":{"id":"byName","options":"Running Pods"},"properties":[{"id":"unit","value":"none"}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":21},"id":4,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload, workload_type)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})\n* on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n/sum(\n max by (cluster, namespace, pod, container)(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})\n* on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})\n* on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n max by (cluster, namespace, pod, container)(container_memory_working_set_bytes{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"})\n * on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n/sum(\n max by (cluster, namespace, pod, container)(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})\n* on(cluster, namespace, pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true}],"title":"Memory Quota","transformations":[{"id":"joinByField","options":{"byField":"workload","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"workload_type 2":true,"workload_type 3":true,"workload_type 4":true,"workload_type 5":true,"workload_type 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":8,"Value #B":9,"Value #C":10,"Value #D":11,"Value #E":12,"Value #F":13,"workload":6,"workload_type 1":7,"workload_type 2":14,"workload_type 3":15,"workload_type 4":16,"workload_type 5":17,"workload_type 6":18},"renameByName":{"Value #A":"Running Pods","Value #B":"Memory Usage","Value #C":"Memory Requests","Value #D":"Memory Requests %","Value #E":"Memory Limits","Value #F":"Memory Limits %","workload":"Workload","workload_type 1":"Type"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/Bandwidth/"},"properties":[{"id":"unit","value":"bps"}]},{"matcher":{"id":"byRegexp","options":"/Packets/"},"properties":[{"id":"unit","value":"pps"}]},{"matcher":{"id":"byName","options":"Workload"},"properties":[{"id":"links","value":[{"title":"Drill down to workloads","url":"/d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-type=${__data.fields.Type}&var-workload=${__data.fields.Workload}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":28},"id":5,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum((8 * rate(container_network_receive_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum((8 * rate(container_network_transmit_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true}],"title":"Current Network Usage","transformations":[{"id":"joinByField","options":{"byField":"workload","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":7,"Value #B":8,"Value #C":9,"Value #D":10,"Value #E":11,"Value #F":12,"workload":6},"renameByName":{"Value #A":"Current Receive Bandwidth","Value #B":"Current Transmit Bandwidth","Value #C":"Rate of Received Packets","Value #D":"Rate of Transmitted Packets","Value #E":"Rate of Received Packets Dropped","Value #F":"Rate of Transmitted Packets Dropped","workload":"Workload"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":35},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum((8 * rate(container_network_receive_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":35},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum((8 * rate(container_network_transmit_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":42},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(avg((8 * rate(container_network_receive_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Average Container Bandwidth by Workload: Received","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":42},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(avg((8 * rate(container_network_transmit_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Average Container Bandwidth by Workload: Transmitted","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":0,"y":49},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":12,"y":49},"id":11,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":0,"y":56},"id":12,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":12,"y":56},"id":13,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"namespace","name":"namespace","query":"label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"label":"workload_type","name":"type","query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\"}, workload_type)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Namespace (Workloads)","uid":"a87fb0d919ec0ea5f6543124e16c42a5"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workloads-namespace" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workloads-namespace" | trunc 63 | trimSuffix "-" }} + key: k8s-resources-workloads-namespace.json +{{- end }} diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-windows-cluster-rsrc-use.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-windows-cluster-rsrc-use.yaml similarity index 71% rename from charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-windows-cluster-rsrc-use.yaml rename to charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-windows-cluster-rsrc-use.yaml index e873a6f..508cf05 100644 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-windows-cluster-rsrc-use.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-windows-cluster-rsrc-use.yaml @@ -14,11 +14,43 @@ metadata: {{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} labels: {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} {{- end }} app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} data: k8s-windows-cluster-rsrc-use.json: |- - {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":24,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_cpu_utilisation:avg1m{cluster=\"$cluster\"} * node:windows_node_num_cpu:sum{cluster=\"$cluster\"} / scalar(sum(node:windows_node_num_cpu:sum{cluster=\"$cluster\"}))","legendFormat":"{{instance}}"}],"title":"CPU Utilisation","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":7},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_memory_utilisation:ratio{cluster=\"$cluster\"}","legendFormat":"{{instance}}"}],"title":"Memory Utilisation","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"short"}},"gridPos":{"h":7,"w":12,"x":12,"y":7},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_memory_swap_io_pages:irate{cluster=\"$cluster\"}","legendFormat":"{{instance}}"}],"title":"Memory Saturation (Swap I/O Pages)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_disk_utilisation:avg_irate{cluster=\"$cluster\"} / scalar(node:windows_node:sum{cluster=\"$cluster\"})","legendFormat":"{{instance}}"}],"title":"Disk IO Utilisation","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":21},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_net_utilisation:sum_irate{cluster=\"$cluster\"}","legendFormat":"{{instance}}"}],"title":"Net Utilisation (Transmitted)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":21},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_net_saturation:sum_irate{cluster=\"$cluster\"}","legendFormat":"{{instance}}"}],"title":"Net Utilisation (Dropped)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":24,"x":0,"y":28},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (instance)(node:windows_node_filesystem_usage:{cluster=\"$cluster\"})","legendFormat":"{{instance}}"}],"title":"Disk Capacity","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"windows-exporter\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / USE Method / Cluster(Windows)","uid":"53a43377ec9aaf2ff64dfc7a1f539334"}`}} -{{- end }} \ No newline at end of file + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":24,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_cpu_utilisation:avg1m{cluster=\"$cluster\"} * node:windows_node_num_cpu:sum{cluster=\"$cluster\"} / scalar(sum(node:windows_node_num_cpu:sum{cluster=\"$cluster\"}))","legendFormat":"{{instance}}"}],"title":"CPU Utilisation","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":7},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_memory_utilisation:ratio{cluster=\"$cluster\"}","legendFormat":"{{instance}}"}],"title":"Memory Utilisation","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"short"}},"gridPos":{"h":7,"w":12,"x":12,"y":7},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_memory_swap_io_pages:irate{cluster=\"$cluster\"}","legendFormat":"{{instance}}"}],"title":"Memory Saturation (Swap I/O Pages)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_disk_utilisation:avg_irate{cluster=\"$cluster\"} / scalar(node:windows_node:sum{cluster=\"$cluster\"})","legendFormat":"{{instance}}"}],"title":"Disk IO Utilisation","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":21},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_net_utilisation:sum_irate{cluster=\"$cluster\"}","legendFormat":"{{instance}}"}],"title":"Net Utilisation (Transmitted)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":21},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_net_saturation:sum_irate{cluster=\"$cluster\"}","legendFormat":"{{instance}}"}],"title":"Net Utilisation (Dropped)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":24,"x":0,"y":28},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (instance)(node:windows_node_filesystem_usage:{cluster=\"$cluster\"})","legendFormat":"{{instance}}"}],"title":"Disk Capacity","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"windows-exporter\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / USE Method / Cluster(Windows)","uid":"53a43377ec9aaf2ff64dfc7a1f539334"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.windowsMonitoring.enabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-windows-cluster-rsrc-use" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-windows-cluster-rsrc-use" | trunc 63 | trimSuffix "-" }} + key: k8s-windows-cluster-rsrc-use.json +{{- end }} diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-windows-node-rsrc-use.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-windows-node-rsrc-use.yaml similarity index 75% rename from charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-windows-node-rsrc-use.yaml rename to charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-windows-node-rsrc-use.yaml index ab9f77b..d6b90f8 100644 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-windows-node-rsrc-use.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-windows-node-rsrc-use.yaml @@ -14,11 +14,43 @@ metadata: {{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} labels: {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} {{- end }} app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} data: k8s-windows-node-rsrc-use.json: |- - {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_cpu_utilisation:avg1m{cluster=\"$cluster\", instance=\"$instance\"}","legendFormat":"Utilisation"}],"title":"CPU Utilisation","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":12,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (core) (irate(windows_cpu_time_total{cluster=\"$cluster\", job=\"windows-exporter\", mode!=\"idle\", instance=\"$instance\"}[$__rate_interval]))","legendFormat":"{{core}}"}],"title":"CPU Usage Per Core","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":8,"x":0,"y":7},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_memory_utilisation:{cluster=\"$cluster\", instance=\"$instance\"}","legendFormat":"Memory"}],"title":"Memory Utilisation %","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"}},"gridPos":{"h":7,"w":8,"x":8,"y":7},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"max(\n windows_os_visible_memory_bytes{cluster=\"$cluster\", job=\"windows-exporter\", instance=\"$instance\"}\n - windows_memory_available_bytes{cluster=\"$cluster\", job=\"windows-exporter\", instance=\"$instance\"}\n)\n","legendFormat":"memory used"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"max(node:windows_node_memory_totalCached_bytes:sum{cluster=\"$cluster\", instance=\"$instance\"})","legendFormat":"memory cached"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"max(windows_memory_available_bytes{cluster=\"$cluster\", job=\"windows-exporter\", instance=\"$instance\"})","legendFormat":"memory free"}],"title":"Memory Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"short"}},"gridPos":{"h":7,"w":8,"x":16,"y":7},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_memory_swap_io_pages:irate{cluster=\"$cluster\", instance=\"$instance\"}","legendFormat":"Swap IO"}],"title":"Memory Saturation (Swap I/O) Pages","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":14},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_disk_utilisation:avg_irate{cluster=\"$cluster\", instance=\"$instance\"}","legendFormat":"Utilisation"}],"title":"Disk IO Utilisation","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/io time/"},"properties":[{"id":"unit","value":"ms"}]}]},"gridPos":{"h":7,"w":12,"x":12,"y":14},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"max(rate(windows_logical_disk_read_bytes_total{cluster=\"$cluster\", job=\"windows-exporter\", instance=\"$instance\"}[$__rate_interval]))","legendFormat":"read"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"max(rate(windows_logical_disk_write_bytes_total{cluster=\"$cluster\", job=\"windows-exporter\", instance=\"$instance\"}[$__rate_interval]))","legendFormat":"written"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"max(rate(windows_logical_disk_read_seconds_total{cluster=\"$cluster\", job=\"windows-exporter\", instance=\"$instance\"}[$__rate_interval]) + rate(windows_logical_disk_write_seconds_total{cluster=\"$cluster\", job=\"windows-exporter\", instance=\"$instance\"}[$__rate_interval]))","legendFormat":"io time"}],"title":"Disk IO","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":24,"x":0,"y":21},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_filesystem_usage:{cluster=\"$cluster\", instance=\"$instance\"}","legendFormat":"{{volume}}"}],"title":"Disk Utilisation","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":28},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_net_utilisation:sum_irate{cluster=\"$cluster\", instance=\"$instance\"}","legendFormat":"Utilisation"}],"title":"Net Utilisation (Transmitted)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":28},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_net_saturation:sum_irate{cluster=\"$cluster\", instance=\"$instance\"}","legendFormat":"Saturation"}],"title":"Net Saturation (Dropped)","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"windows-exporter\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"instance","name":"instance","query":"label_values(windows_system_system_up_time{cluster=\"$cluster\"}, instance)","refresh":2,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / USE Method / Node(Windows)","uid":"96e7484b0bb53b74fbc2bcb7723cd40b"}`}} -{{- end }} \ No newline at end of file + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_cpu_utilisation:avg1m{cluster=\"$cluster\", instance=\"$instance\"}","legendFormat":"Utilisation"}],"title":"CPU Utilisation","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":12,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (core) (irate(windows_cpu_time_total{cluster=\"$cluster\", job=\"windows-exporter\", mode!=\"idle\", instance=\"$instance\"}[$__rate_interval]))","legendFormat":"{{core}}"}],"title":"CPU Usage Per Core","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":8,"x":0,"y":7},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_memory_utilisation:{cluster=\"$cluster\", instance=\"$instance\"}","legendFormat":"Memory"}],"title":"Memory Utilisation %","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"}},"gridPos":{"h":7,"w":8,"x":8,"y":7},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"max(\n windows_os_visible_memory_bytes{cluster=\"$cluster\", job=\"windows-exporter\", instance=\"$instance\"}\n - windows_memory_available_bytes{cluster=\"$cluster\", job=\"windows-exporter\", instance=\"$instance\"}\n)\n","legendFormat":"memory used"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"max(node:windows_node_memory_totalCached_bytes:sum{cluster=\"$cluster\", instance=\"$instance\"})","legendFormat":"memory cached"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"max(windows_memory_available_bytes{cluster=\"$cluster\", job=\"windows-exporter\", instance=\"$instance\"})","legendFormat":"memory free"}],"title":"Memory Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"short"}},"gridPos":{"h":7,"w":8,"x":16,"y":7},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_memory_swap_io_pages:irate{cluster=\"$cluster\", instance=\"$instance\"}","legendFormat":"Swap IO"}],"title":"Memory Saturation (Swap I/O) Pages","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":14},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_disk_utilisation:avg_irate{cluster=\"$cluster\", instance=\"$instance\"}","legendFormat":"Utilisation"}],"title":"Disk IO Utilisation","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/io time/"},"properties":[{"id":"unit","value":"ms"}]}]},"gridPos":{"h":7,"w":12,"x":12,"y":14},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"max(rate(windows_logical_disk_read_bytes_total{cluster=\"$cluster\", job=\"windows-exporter\", instance=\"$instance\"}[$__rate_interval]))","legendFormat":"read"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"max(rate(windows_logical_disk_write_bytes_total{cluster=\"$cluster\", job=\"windows-exporter\", instance=\"$instance\"}[$__rate_interval]))","legendFormat":"written"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"max(rate(windows_logical_disk_read_seconds_total{cluster=\"$cluster\", job=\"windows-exporter\", instance=\"$instance\"}[$__rate_interval]) + rate(windows_logical_disk_write_seconds_total{cluster=\"$cluster\", job=\"windows-exporter\", instance=\"$instance\"}[$__rate_interval]))","legendFormat":"io time"}],"title":"Disk IO","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"percentunit"}},"gridPos":{"h":7,"w":24,"x":0,"y":21},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_filesystem_usage:{cluster=\"$cluster\", instance=\"$instance\"}","legendFormat":"{{volume}}"}],"title":"Disk Utilisation","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":28},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_net_utilisation:sum_irate{cluster=\"$cluster\", instance=\"$instance\"}","legendFormat":"Utilisation"}],"title":"Net Utilisation (Transmitted)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":28},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.1.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"node:windows_node_net_saturation:sum_irate{cluster=\"$cluster\", instance=\"$instance\"}","legendFormat":"Saturation"}],"title":"Net Saturation (Dropped)","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"windows-exporter\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"instance","name":"instance","query":"label_values(windows_system_boot_time_timestamp_seconds{cluster=\"$cluster\"}, instance)","refresh":2,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / USE Method / Node(Windows)","uid":"96e7484b0bb53b74fbc2bcb7723cd40b"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.windowsMonitoring.enabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-windows-node-rsrc-use" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-windows-node-rsrc-use" | trunc 63 | trimSuffix "-" }} + key: k8s-windows-node-rsrc-use.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/kubelet.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/kubelet.yaml new file mode 100644 index 0000000..322b92f --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/kubelet.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'kubelet' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubelet.enabled }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "kubelet" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + kubelet.json: |- + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"none"}},"gridPos":{"h":7,"w":4,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kubelet_node_name{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\"})","instant":true}],"title":"Running Kubelets","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"none"}},"gridPos":{"h":7,"w":4,"x":4,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kubelet_running_pods{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", instance=~\"$instance\"})","instant":true}],"title":"Running Pods","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"none"}},"gridPos":{"h":7,"w":4,"x":8,"y":0},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kubelet_running_containers{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", instance=~\"$instance\"})","instant":true}],"title":"Running Containers","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"none"}},"gridPos":{"h":7,"w":4,"x":12,"y":0},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", instance=~\"$instance\", state=\"actual_state_of_world\"})","instant":true}],"title":"Actual Volume Count","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"none"}},"gridPos":{"h":7,"w":4,"x":16,"y":0},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", instance=~\"$instance\",state=\"desired_state_of_world\"})","instant":true}],"title":"Desired Volume Count","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"none"}},"gridPos":{"h":7,"w":4,"x":20,"y":0},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(kubelet_node_config_error{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval]))","instant":true}],"title":"Config Error Count","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"ops"}},"gridPos":{"h":7,"w":12,"x":0,"y":7},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(kubelet_runtime_operations_total{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (operation_type, instance)","legendFormat":"{{instance}} {{operation_type}}"}],"title":"Operation Rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"ops"}},"gridPos":{"h":7,"w":12,"x":12,"y":7},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(kubelet_runtime_operations_errors_total{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type)","legendFormat":"{{instance}} {{operation_type}}"}],"title":"Operation Error Rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"s"}},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(kubelet_runtime_operations_duration_seconds_bucket{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type, le))","legendFormat":"{{instance}} {{operation_type}}"}],"title":"Operation Duration 99th quantile","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"ops"}},"gridPos":{"h":7,"w":12,"x":0,"y":21},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance)","legendFormat":"{{instance}} pod"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(kubelet_pod_worker_duration_seconds_count{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance)","legendFormat":"{{instance}} worker"}],"title":"Pod Start Rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"s"}},"gridPos":{"h":7,"w":12,"x":12,"y":21},"id":11,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(kubelet_pod_start_duration_seconds_bucket{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))","legendFormat":"{{instance}} pod"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))","legendFormat":"{{instance}} worker"}],"title":"Pod Start Duration","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"ops"}},"gridPos":{"h":7,"w":12,"x":0,"y":28},"id":12,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(storage_operation_duration_seconds_count{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin)","legendFormat":"{{instance}} {{operation_name}} {{volume_plugin}}"}],"title":"Storage Operation Rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"ops"}},"gridPos":{"h":7,"w":12,"x":12,"y":28},"id":13,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(storage_operation_errors_total{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin)","legendFormat":"{{instance}} {{operation_name}} {{volume_plugin}}"}],"title":"Storage Operation Error Rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"s"}},"gridPos":{"h":7,"w":24,"x":0,"y":35},"id":14,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(storage_operation_duration_seconds_bucket{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin, le))","legendFormat":"{{instance}} {{operation_name}} {{volume_plugin}}"}],"title":"Storage Operation Duration 99th quantile","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"ops"}},"gridPos":{"h":7,"w":12,"x":0,"y":42},"id":15,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(kubelet_cgroup_manager_duration_seconds_count{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type)","legendFormat":"{{operation_type}}"}],"title":"Cgroup manager operation rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"s"}},"gridPos":{"h":7,"w":12,"x":12,"y":42},"id":16,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(kubelet_cgroup_manager_duration_seconds_bucket{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type, le))","legendFormat":"{{instance}} {{operation_type}}"}],"title":"Cgroup manager 99th quantile","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"ops"}},"gridPos":{"h":7,"w":12,"x":0,"y":49},"id":17,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(kubelet_pleg_relist_duration_seconds_count{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance)","legendFormat":"{{instance}}"}],"title":"PLEG relist rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"s"}},"gridPos":{"h":7,"w":12,"x":12,"y":49},"id":18,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_interval_seconds_bucket{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))","legendFormat":"{{instance}}"}],"title":"PLEG relist interval","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"s"}},"gridPos":{"h":7,"w":24,"x":0,"y":56},"id":19,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))","legendFormat":"{{instance}}"}],"title":"PLEG relist duration","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"ops"}},"gridPos":{"h":7,"w":24,"x":0,"y":63},"id":20,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))","legendFormat":"2xx"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))","legendFormat":"3xx"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))","legendFormat":"4xx"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))","legendFormat":"5xx"}],"title":"RPC rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"s"}},"gridPos":{"h":7,"w":24,"x":0,"y":70},"id":21,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, verb, le))","legendFormat":"{{instance}} {{verb}}"}],"title":"Request duration 99th quantile","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"}},"gridPos":{"h":7,"w":8,"x":0,"y":77},"id":22,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"process_resident_memory_bytes{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\",instance=~\"$instance\"}","legendFormat":"{{instance}}"}],"title":"Memory","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"short"}},"gridPos":{"h":7,"w":8,"x":8,"y":77},"id":23,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"rate(process_cpu_seconds_total{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])","legendFormat":"{{instance}}"}],"title":"CPU usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"short"}},"gridPos":{"h":7,"w":8,"x":16,"y":77},"id":24,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"go_goroutines{cluster=\"$cluster\",job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\",instance=~\"$instance\"}","legendFormat":"{{instance}}"}],"title":"Goroutines","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"label":"instance","name":"instance","query":"label_values(up{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\",cluster=\"$cluster\"}, instance)","refresh":2,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Kubelet","uid":"3138fa155d5915769fbded898ac09fd9"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubelet.enabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "kubelet" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "kubelet" | trunc 63 | trimSuffix "-" }} + key: kubelet.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-pod.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-pod.yaml new file mode 100644 index 0000000..a02d94a --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-pod.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'namespace-by-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-pod" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + namespace-by-pod.json: |- + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"displayName":"$namespace","max":10000000000,"min":0,"thresholds":{"steps":[{"color":"dark-green","index":0,"value":null},{"color":"dark-yellow","index":1,"value":5000000000},{"color":"dark-red","index":2,"value":7000000000}]},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum (\n (8 * rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval]))\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Current Rate of Bits Received","type":"gauge"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"displayName":"$namespace","max":10000000000,"min":0,"thresholds":{"steps":[{"color":"dark-green","index":0,"value":null},{"color":"dark-yellow","index":1,"value":5000000000},{"color":"dark-red","index":2,"value":7000000000}]},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":12,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum (\n (8 * rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval]))\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Current Rate of Bits Transmitted","type":"gauge"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/Bandwidth/"},"properties":[{"id":"unit","value":"bps"}]},{"matcher":{"id":"byRegexp","options":"/Packets/"},"properties":[{"id":"unit","value":"pps"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down","url":"/d/7a18067ce943a40ae25454675c19ff5c/kubernetes-networking-pod?${datasource:queryparam}&var-cluster=${cluster}&var-namespace=${namespace}&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":9,"w":24,"x":0,"y":9},"id":3,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n (8 * rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval]))\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n (8 * rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval]))\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true}],"title":"Current Network Usage","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":7,"Value #B":8,"Value #C":9,"Value #D":10,"Value #E":11,"Value #F":12,"pod":6},"renameByName":{"Value #A":"Current Receive Bandwidth","Value #B":"Current Transmit Bandwidth","Value #C":"Rate of Received Packets","Value #D":"Rate of Transmitted Packets","Value #E":"Rate of Received Packets Dropped","Value #F":"Rate of Transmitted Packets Dropped","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":0,"y":18},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n (8 * rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval]))\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":12,"y":18},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n (8 * rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval]))\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":0,"y":27},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":12,"y":27},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":0,"y":36},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":12,"y":36},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"allValue":".+","current":{"selected":false,"text":"kube-system","value":"kube-system"},"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"label":"namespace","name":"namespace","query":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Namespace (Pods)","uid":"8b7a8b326d7a6f1f04244066368c67af"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-pod" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-pod" | trunc 63 | trimSuffix "-" }} + key: namespace-by-pod.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-workload.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-workload.yaml new file mode 100644 index 0000000..4d94d1b --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-workload.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'namespace-by-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-workload" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + namespace-by-workload.json: |- + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"color":{"fixedColor":"green","mode":"fixed"},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"displayMode":"basic","showUnfilled":false},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum((8 * rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Current Rate of Bits Received","type":"bargauge"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"color":{"fixedColor":"green","mode":"fixed"},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":12,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"displayMode":"basic","showUnfilled":false},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum((8 * rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Current Rate of Bits Transmitted","type":"bargauge"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/Bits/"},"properties":[{"id":"unit","value":"bps"}]},{"matcher":{"id":"byRegexp","options":"/Packets/"},"properties":[{"id":"unit","value":"pps"}]},{"matcher":{"id":"byName","options":"Workload"},"properties":[{"id":"links","value":[{"title":"Drill down","url":"/d/728bf77cc1166d2f3133bf25846876cc/kubernetes-networking-workload?${datasource:queryparam}&var-cluster=${cluster}&var-namespace=${namespace}&var-type=${__data.fields.Type}&var-workload=${__data.fields.Workload}"}]}]}]},"gridPos":{"h":9,"w":24,"x":0,"y":9},"id":3,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(\n sum by (workload, workload_type) (\n (8 * rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval]))\n * on (cluster, namespace, pod) group_left\n kube_pod_info{cluster=\"$cluster\",namespace=\"$namespace\",host_network=\"false\"}\n * on (cluster, namespace, pod) group_left (workload, workload_type)\n namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(\n sum by (workload, workload_type) (\n (8 * rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval]))\n * on (cluster, namespace, pod) group_left\n kube_pod_info{cluster=\"$cluster\",namespace=\"$namespace\",host_network=\"false\"}\n * on (cluster, namespace, pod) group_left (workload, workload_type)\n namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(\n avg by (workload, workload_type) (\n (8 * rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval]))\n * on (cluster, namespace, pod) group_left\n kube_pod_info{cluster=\"$cluster\",namespace=\"$namespace\",host_network=\"false\"}\n * on (cluster, namespace, pod) group_left (workload, workload_type)\n namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(\n avg by (workload, workload_type) (\n (8 * rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval]))\n * on (cluster, namespace, pod) group_left\n kube_pod_info{cluster=\"$cluster\",namespace=\"$namespace\",host_network=\"false\"}\n * on (cluster, namespace, pod) group_left (workload, workload_type)\n namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(\n sum by (workload, workload_type) (\n (1 * rate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval]))\n * on (cluster, namespace, pod) group_left\n kube_pod_info{cluster=\"$cluster\",namespace=\"$namespace\",host_network=\"false\"}\n * on (cluster, namespace, pod) group_left (workload, workload_type)\n namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(\n sum by (workload, workload_type) (\n (1 * rate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval]))\n * on (cluster, namespace, pod) group_left\n kube_pod_info{cluster=\"$cluster\",namespace=\"$namespace\",host_network=\"false\"}\n * on (cluster, namespace, pod) group_left (workload, workload_type)\n namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(\n sum by (workload, workload_type) (\n (1 * rate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval]))\n * on (cluster, namespace, pod) group_left\n kube_pod_info{cluster=\"$cluster\",namespace=\"$namespace\",host_network=\"false\"}\n * on (cluster, namespace, pod) group_left (workload, workload_type)\n namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(\n sum by (workload, workload_type) (\n (1 * rate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval]))\n * on (cluster, namespace, pod) group_left\n kube_pod_info{cluster=\"$cluster\",namespace=\"$namespace\",host_network=\"false\"}\n * on (cluster, namespace, pod) group_left (workload, workload_type)\n namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}\n )\n)\n","format":"table","instant":true}],"title":"Current Status","transformations":[{"id":"joinByField","options":{"byField":"workload","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"Time 7":true,"Time 8":true,"workload_type 2":true,"workload_type 3":true,"workload_type 4":true,"workload_type 5":true,"workload_type 6":true,"workload_type 7":true,"workload_type 8":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Time 7":6,"Time 8":7,"Value #A":10,"Value #B":11,"Value #C":12,"Value #D":13,"Value #E":14,"Value #F":15,"Value #G":16,"Value #H":17,"workload":8,"workload_type 1":9,"workload_type 2":18,"workload_type 3":19,"workload_type 4":20,"workload_type 5":21,"workload_type 6":22,"workload_type 7":23,"workload_type 8":24},"renameByName":{"Value #A":"Rx Bits","Value #B":"Tx Bits","Value #C":"Rx Bits (Avg)","Value #D":"Tx Bits (Avg)","Value #E":"Rx Packets","Value #F":"Tx Packets","Value #G":"Rx Packets Dropped","Value #H":"Tx Packets Dropped","workload":"Workload","workload_type 1":"Type"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":0,"y":18},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum((8 * rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":12,"y":18},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum((8 * rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":0,"y":27},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(avg((8 * rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Average Container Bandwidth by Workload: Received","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":12,"y":27},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(avg((8 * rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval]))\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Average Container Bandwidth by Workload: Transmitted","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":0,"y":36},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":12,"y":36},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":0,"y":45},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":12,"y":45},"id":11,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"current":{"selected":false,"text":"kube-system","value":"kube-system"},"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"namespace","name":"namespace","query":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"label":"workload_type","name":"type","query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\"}, workload_type)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Namespace (Workload)","uid":"bbb2a765a623ae38130206c7d94a160f"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-workload" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-workload" | trunc 63 | trimSuffix "-" }} + key: namespace-by-workload.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml new file mode 100644 index 0000000..daa979e --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml @@ -0,0 +1,56 @@ +{{- /* +Generated from 'node-cluster-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-cluster-rsrc-use" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + node-cluster-rsrc-use.json: |- + {{`{"graphTooltip":1,"panels":[{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":1,"panels":[],"title":"CPU","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":1},"id":2,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"((\n instance:node_cpu_utilisation:rate5m{job=\"node-exporter\", cluster=~\"$cluster\"}\n *\n instance:node_num_cpu:sum{job=\"node-exporter\", cluster=~\"$cluster\"}\n) != 0 )\n/ scalar(sum(instance:node_num_cpu:sum{job=\"node-exporter\", cluster=~\"$cluster\"}))\n","legendFormat":"{{ instance }}"}],"title":"CPU Utilisation","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":12,"y":1},"id":3,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"(\n instance:node_load1_per_cpu:ratio{job=\"node-exporter\", cluster=~\"$cluster\"}\n / scalar(count(instance:node_load1_per_cpu:ratio{job=\"node-exporter\", cluster=~\"$cluster\"}))\n) != 0\n","legendFormat":"{{ instance }}"}],"title":"CPU Saturation (Load1 per CPU)","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":8},"id":4,"panels":[],"title":"Memory","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":9},"id":5,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"(\n instance:node_memory_utilisation:ratio{job=\"node-exporter\", cluster=~\"$cluster\"}\n / scalar(count(instance:node_memory_utilisation:ratio{job=\"node-exporter\", cluster=~\"$cluster\"}))\n) != 0\n","legendFormat":"{{ instance }}"}],"title":"Memory Utilisation","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"rds"}},"gridPos":{"h":7,"w":12,"x":12,"y":9},"id":6,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\", cluster=~\"$cluster\"}","legendFormat":"{{ instance }}"}],"title":"Memory Saturation (Major Page Faults)","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":16},"id":7,"panels":[],"title":"Network","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"Bps"},"overrides":[{"matcher":{"id":"byRegexp","options":"/Transmit/"},"properties":[{"id":"custom.transform","value":"negative-Y"}]}]},"gridPos":{"h":7,"w":12,"x":0,"y":17},"id":8,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\", cluster=~\"$cluster\"} != 0","legendFormat":"{{ instance }} Receive"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\", cluster=~\"$cluster\"} != 0","legendFormat":"{{ instance }} Transmit"}],"title":"Network Utilisation (Bytes Receive/Transmit)","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"Bps"},"overrides":[{"matcher":{"id":"byRegexp","options":"/Transmit/"},"properties":[{"id":"custom.transform","value":"negative-Y"}]}]},"gridPos":{"h":7,"w":12,"x":12,"y":17},"id":9,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\", cluster=~\"$cluster\"} != 0","legendFormat":"{{ instance }} Receive"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\", cluster=~\"$cluster\"} != 0","legendFormat":"{{ instance }} Transmit"}],"title":"Network Saturation (Drops Receive/Transmit)","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":24},"id":10,"panels":[],"title":"Disk IO","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":25},"id":11,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", cluster=~\"$cluster\"}\n/ scalar(count(instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", cluster=~\"$cluster\"}))\n","legendFormat":"{{ instance }} {{device}}"}],"title":"Disk IO Utilisation","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":12,"y":25},"id":12,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", cluster=~\"$cluster\"}\n/ scalar(count(instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", cluster=~\"$cluster\"}))\n","legendFormat":"{{ instance }} {{device}}"}],"title":"Disk IO Saturation","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":34},"id":13,"panels":[],"title":"Disk Space","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":24,"x":0,"y":35},"id":14,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum without (device) (\n max without (fstype, mountpoint) ((\n node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", mountpoint!=\"\", cluster=~\"$cluster\"}\n -\n node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\", mountpoint!=\"\", cluster=~\"$cluster\"}\n ) != 0)\n)\n/ scalar(sum(max without (fstype, mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", mountpoint!=\"\", cluster=~\"$cluster\"})))\n","legendFormat":"{{ instance }}"}],"title":"Disk Space Utilisation","type":"timeseries"}],"refresh":"30s","schemaVersion":39,"tags":["node-exporter-mixin"],"templating":{"list":[{"name":"datasource","query":"prometheus","type":"datasource"},{"allValue":".*","datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":true,"name":"cluster","query":"label_values(node_time_seconds, cluster)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Node Exporter / USE Method / Cluster","uid":"3e97d1d02672cdd0861f4c97c64f89b2"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-cluster-rsrc-use" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-cluster-rsrc-use" | trunc 63 | trimSuffix "-" }} + key: node-cluster-rsrc-use.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-rsrc-use.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-rsrc-use.yaml new file mode 100644 index 0000000..d8c98e7 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-rsrc-use.yaml @@ -0,0 +1,56 @@ +{{- /* +Generated from 'node-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-rsrc-use" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + node-rsrc-use.json: |- + {{`{"graphTooltip":1,"panels":[{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":1,"panels":[],"title":"CPU","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":1},"id":2,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_cpu_utilisation:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Utilisation"}],"title":"CPU Utilisation","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":12,"y":1},"id":3,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_load1_per_cpu:ratio{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Saturation"}],"title":"CPU Saturation (Load1 per CPU)","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":8},"id":4,"panels":[],"title":"Memory","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":9},"id":5,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_memory_utilisation:ratio{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Utilisation"}],"title":"Memory Utilisation","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"rds"}},"gridPos":{"h":7,"w":12,"x":12,"y":9},"id":6,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Major page Faults"}],"title":"Memory Saturation (Major Page Faults)","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":16},"id":7,"panels":[],"title":"Network","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"Bps"},"overrides":[{"matcher":{"id":"byRegexp","options":"/Transmit/"},"properties":[{"id":"custom.transform","value":"negative-Y"}]}]},"gridPos":{"h":7,"w":12,"x":0,"y":17},"id":8,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_network_receive_bytes_physical:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Receive"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_network_transmit_bytes_physical:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Transmit"}],"title":"Network Utilisation (Bytes Receive/Transmit)","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"Bps"},"overrides":[{"matcher":{"id":"byRegexp","options":"/Transmit/"},"properties":[{"id":"custom.transform","value":"negative-Y"}]}]},"gridPos":{"h":7,"w":12,"x":12,"y":17},"id":9,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_network_receive_drop_physical:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Receive"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_network_transmit_drop_physical:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Transmit"}],"title":"Network Saturation (Drops Receive/Transmit)","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":24},"id":10,"panels":[],"title":"Disk IO","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":25},"id":11,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"{{device}}"}],"title":"Disk IO Utilisation","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":12,"y":25},"id":12,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"{{device}}"}],"title":"Disk IO Saturation","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":34},"id":13,"panels":[],"title":"Disk Space","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":24,"x":0,"y":35},"id":14,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sort_desc(1 -\n (\n max without (mountpoint, fstype) (node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\", cluster=~\"$cluster\"})\n /\n max without (mountpoint, fstype) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\", cluster=~\"$cluster\"})\n ) != 0\n)\n","legendFormat":"{{device}}"}],"title":"Disk Space Utilisation","type":"timeseries"}],"refresh":"30s","schemaVersion":39,"tags":["node-exporter-mixin"],"templating":{"list":[{"name":"datasource","query":"prometheus","type":"datasource"},{"allValue":".*","datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":true,"name":"cluster","query":"label_values(node_time_seconds, cluster)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"name":"instance","query":"label_values(node_exporter_build_info{job=\"node-exporter\", cluster=~\"$cluster\"}, instance)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Node Exporter / USE Method / Node","uid":"fac67cfbe174d3ef53eb473d73d9212f"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-rsrc-use" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-rsrc-use" | trunc 63 | trimSuffix "-" }} + key: node-rsrc-use.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-aix.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-aix.yaml new file mode 100644 index 0000000..98982bd --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-aix.yaml @@ -0,0 +1,56 @@ +{{- /* +Generated from 'nodes-aix' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (and (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) .Values.nodeExporter.operatingSystems.aix.enabled) }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes-aix" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + nodes-aix.json: |- + {{`{"graphTooltip":1,"panels":[{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":1,"panels":[],"title":"CPU","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","stacking":{"mode":"normal"}},"max":1,"min":0,"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":1},"id":2,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"(\n (1 - sum without (mode) (rate(node_cpu_seconds_total{job=\"node-exporter\", mode=~\"idle|iowait|steal\", instance=\"$instance\", cluster=~\"$cluster\"}[$__rate_interval])))\n/ ignoring(cpu) group_left\n count without (cpu, mode) (node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\", cluster=~\"$cluster\"})\n)\n","intervalFactor":5,"legendFormat":"{{cpu}}"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"},"min":0,"unit":"short"}},"gridPos":{"h":7,"w":12,"x":12,"y":1},"id":3,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_load1{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}","legendFormat":"1m load average"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_load5{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}","legendFormat":"5m load average"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_load15{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}","legendFormat":"15m load average"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", mode=\"idle\"})","legendFormat":"logical cores"}],"title":"Load Average","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":8},"id":4,"title":"Memory","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","stacking":{"mode":"none"}},"min":0,"unit":"bytes"}},"gridPos":{"h":7,"w":18,"x":0,"y":9},"id":5,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}","legendFormat":"Physical Memory"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"(\n node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} -\n node_memory_available_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}\n)\n","legendFormat":"Memory Used"}],"title":"Memory Usage","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"max":100,"min":0,"thresholds":{"steps":[{"color":"rgba(50, 172, 45, 0.97)"},{"color":"rgba(237, 129, 40, 0.89)","value":80},{"color":"rgba(245, 54, 54, 0.9)","value":90}]},"unit":"percent"}},"gridPos":{"h":7,"w":6,"x":18,"y":9},"id":6,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"100 -\n(\n avg(node_memory_available_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}) /\n avg(node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"})\n * 100\n)\n"}],"title":"Memory Usage","type":"gauge"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":18},"id":7,"panels":[],"title":"Disk","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"},"min":0},"overrides":[{"matcher":{"id":"byRegexp","options":"/ read| written/"},"properties":[{"id":"unit","value":"Bps"}]},{"matcher":{"id":"byRegexp","options":"/ io time/"},"properties":[{"id":"unit","value":"percentunit"}]}]},"gridPos":{"h":7,"w":12,"x":0,"y":19},"id":8,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","intervalFactor":1,"legendFormat":"{{device}} read"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","intervalFactor":1,"legendFormat":"{{device}} written"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","intervalFactor":1,"legendFormat":"{{device}} io time"}],"title":"Disk I/O","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"thresholds":{"steps":[{"color":"green"},{"color":"yellow","value":0.8},{"color":"red","value":0.9}]},"unit":"decbytes"},"overrides":[{"matcher":{"id":"byName","options":"Mounted on"},"properties":[{"id":"custom.width","value":260}]},{"matcher":{"id":"byName","options":"Size"},"properties":[{"id":"custom.width","value":93}]},{"matcher":{"id":"byName","options":"Used"},"properties":[{"id":"custom.width","value":72}]},{"matcher":{"id":"byName","options":"Available"},"properties":[{"id":"custom.width","value":88}]},{"matcher":{"id":"byName","options":"Used, %"},"properties":[{"id":"unit","value":"percentunit"},{"id":"custom.cellOptions","value":{"type":"gauge"}},{"id":"max","value":1},{"id":"min","value":0}]}]},"gridPos":{"h":7,"w":12,"x":12,"y":19},"id":9,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"max by (mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", fstype!=\"\", mountpoint!=\"\"})\n","format":"table","instant":true,"legendFormat":""},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"max by (mountpoint) (node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", fstype!=\"\", mountpoint!=\"\"})\n","format":"table","instant":true,"legendFormat":""}],"title":"Disk Space Usage","transformations":[{"id":"groupBy","options":{"fields":{"Value #A":{"aggregations":["lastNotNull"],"operation":"aggregate"},"Value #B":{"aggregations":["lastNotNull"],"operation":"aggregate"},"mountpoint":{"aggregations":[],"operation":"groupby"}}}},{"id":"merge"},{"id":"calculateField","options":{"alias":"Used","binary":{"left":"Value #A (lastNotNull)","operator":"-","reducer":"sum","right":"Value #B (lastNotNull)"},"mode":"binary","reduce":{"reducer":"sum"}}},{"id":"calculateField","options":{"alias":"Used, %","binary":{"left":"Used","operator":"/","reducer":"sum","right":"Value #A (lastNotNull)"},"mode":"binary","reduce":{"reducer":"sum"}}},{"id":"organize","options":{"excludeByName":{},"indexByName":{},"renameByName":{"Value #A (lastNotNull)":"Size","Value #B (lastNotNull)":"Available","mountpoint":"Mounted on"}}},{"id":"sortBy","options":{"fields":{},"sort":[{"field":"Mounted on"}]}}],"type":"table"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":26},"id":10,"panels":[],"title":"Network","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"description":"Network received (bits/s)","fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"},"min":0,"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":27},"id":11,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", device!=\"lo\"}[$__rate_interval]) * 8","intervalFactor":1,"legendFormat":"{{device}}"}],"title":"Network Received","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"description":"Network transmitted (bits/s)","fieldConfig":{"defaults":{"custom":{"fillOpacity":0},"min":0,"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":27},"id":12,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", device!=\"lo\"}[$__rate_interval]) * 8","intervalFactor":1,"legendFormat":"{{device}}"}],"title":"Network Transmitted","type":"timeseries"}],"refresh":"30s","schemaVersion":39,"tags":["node-exporter-mixin"],"templating":{"list":[{"name":"datasource","query":"prometheus","type":"datasource"},{"allValue":".*","datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":true,"label":"Cluster","name":"cluster","query":"label_values(node_uname_info{job=\"node-exporter\", sysname!=\"Darwin\"}, cluster)","refresh":2,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"label":"Instance","name":"instance","query":"label_values(node_uname_info{job=\"node-exporter\", cluster=~\"$cluster\", sysname!=\"Darwin\"}, instance)","refresh":2,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Node Exporter / AIX","uid":"7e0a61e486f727d763fb1d86fdd629c2"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (and (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) .Values.nodeExporter.operatingSystems.aix.enabled) }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes-aix" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes-aix" | trunc 63 | trimSuffix "-" }} + key: nodes-aix.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-darwin.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-darwin.yaml new file mode 100644 index 0000000..6abc654 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-darwin.yaml @@ -0,0 +1,56 @@ +{{- /* +Generated from 'nodes-darwin' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (and (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) .Values.nodeExporter.operatingSystems.darwin.enabled) }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes-darwin" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + nodes-darwin.json: |- + {{`{"graphTooltip":1,"panels":[{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":1,"panels":[],"title":"CPU","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","stacking":{"mode":"normal"}},"max":1,"min":0,"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":1},"id":2,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"(\n (1 - sum without (mode) (rate(node_cpu_seconds_total{job=\"node-exporter\", mode=~\"idle|iowait|steal\", instance=\"$instance\", cluster=~\"$cluster\"}[$__rate_interval])))\n/ ignoring(cpu) group_left\n count without (cpu, mode) (node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\", cluster=~\"$cluster\"})\n)\n","intervalFactor":5,"legendFormat":"{{cpu}}"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"},"min":0,"unit":"short"}},"gridPos":{"h":7,"w":12,"x":12,"y":1},"id":3,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_load1{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}","legendFormat":"1m load average"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_load5{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}","legendFormat":"5m load average"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_load15{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}","legendFormat":"15m load average"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", mode=\"idle\"})","legendFormat":"logical cores"}],"title":"Load Average","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":8},"id":4,"title":"Memory","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","stacking":{"mode":"none"}},"min":0,"unit":"bytes"}},"gridPos":{"h":7,"w":18,"x":0,"y":9},"id":5,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}","legendFormat":"Physical Memory"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"(\n node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} -\n node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} +\n node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} +\n node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}\n)\n","legendFormat":"Memory Used"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"(\n node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} -\n node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}\n)\n","legendFormat":"App Memory"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}","legendFormat":"Wired Memory"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}","legendFormat":"Compressed"}],"title":"Memory Usage","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"max":100,"min":0,"thresholds":{"steps":[{"color":"rgba(50, 172, 45, 0.97)"},{"color":"rgba(237, 129, 40, 0.89)","value":80},{"color":"rgba(245, 54, 54, 0.9)","value":90}]},"unit":"percent"}},"gridPos":{"h":7,"w":6,"x":18,"y":9},"id":6,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"(\n (\n avg(node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}) -\n avg(node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}) +\n avg(node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}) +\n avg(node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"})\n ) /\n avg(node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"})\n)\n*\n100\n"}],"title":"Memory Usage","type":"gauge"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":18},"id":7,"panels":[],"title":"Disk","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"},"min":0},"overrides":[{"matcher":{"id":"byRegexp","options":"/ read| written/"},"properties":[{"id":"unit","value":"Bps"}]},{"matcher":{"id":"byRegexp","options":"/ io time/"},"properties":[{"id":"unit","value":"percentunit"}]}]},"gridPos":{"h":7,"w":12,"x":0,"y":19},"id":8,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","intervalFactor":1,"legendFormat":"{{device}} read"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","intervalFactor":1,"legendFormat":"{{device}} written"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","intervalFactor":1,"legendFormat":"{{device}} io time"}],"title":"Disk I/O","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"thresholds":{"steps":[{"color":"green"},{"color":"yellow","value":0.8},{"color":"red","value":0.9}]},"unit":"decbytes"},"overrides":[{"matcher":{"id":"byName","options":"Mounted on"},"properties":[{"id":"custom.width","value":260}]},{"matcher":{"id":"byName","options":"Size"},"properties":[{"id":"custom.width","value":93}]},{"matcher":{"id":"byName","options":"Used"},"properties":[{"id":"custom.width","value":72}]},{"matcher":{"id":"byName","options":"Available"},"properties":[{"id":"custom.width","value":88}]},{"matcher":{"id":"byName","options":"Used, %"},"properties":[{"id":"unit","value":"percentunit"},{"id":"custom.cellOptions","value":{"type":"gauge"}},{"id":"max","value":1},{"id":"min","value":0}]}]},"gridPos":{"h":7,"w":12,"x":12,"y":19},"id":9,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"max by (mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", fstype!=\"\", mountpoint!=\"\"})\n","format":"table","instant":true,"legendFormat":""},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"max by (mountpoint) (node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", fstype!=\"\", mountpoint!=\"\"})\n","format":"table","instant":true,"legendFormat":""}],"title":"Disk Space Usage","transformations":[{"id":"groupBy","options":{"fields":{"Value #A":{"aggregations":["lastNotNull"],"operation":"aggregate"},"Value #B":{"aggregations":["lastNotNull"],"operation":"aggregate"},"mountpoint":{"aggregations":[],"operation":"groupby"}}}},{"id":"merge"},{"id":"calculateField","options":{"alias":"Used","binary":{"left":"Value #A (lastNotNull)","operator":"-","reducer":"sum","right":"Value #B (lastNotNull)"},"mode":"binary","reduce":{"reducer":"sum"}}},{"id":"calculateField","options":{"alias":"Used, %","binary":{"left":"Used","operator":"/","reducer":"sum","right":"Value #A (lastNotNull)"},"mode":"binary","reduce":{"reducer":"sum"}}},{"id":"organize","options":{"excludeByName":{},"indexByName":{},"renameByName":{"Value #A (lastNotNull)":"Size","Value #B (lastNotNull)":"Available","mountpoint":"Mounted on"}}},{"id":"sortBy","options":{"fields":{},"sort":[{"field":"Mounted on"}]}}],"type":"table"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":26},"id":10,"panels":[],"title":"Network","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"description":"Network received (bits/s)","fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"},"min":0,"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":27},"id":11,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", device!=\"lo\"}[$__rate_interval]) * 8","intervalFactor":1,"legendFormat":"{{device}}"}],"title":"Network Received","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"description":"Network transmitted (bits/s)","fieldConfig":{"defaults":{"custom":{"fillOpacity":0},"min":0,"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":27},"id":12,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", device!=\"lo\"}[$__rate_interval]) * 8","intervalFactor":1,"legendFormat":"{{device}}"}],"title":"Network Transmitted","type":"timeseries"}],"refresh":"30s","schemaVersion":39,"tags":["node-exporter-mixin"],"templating":{"list":[{"name":"datasource","query":"prometheus","type":"datasource"},{"allValue":".*","datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":true,"label":"Cluster","name":"cluster","query":"label_values(node_uname_info{job=\"node-exporter\", sysname=\"Darwin\"}, cluster)","refresh":2,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"label":"Instance","name":"instance","query":"label_values(node_uname_info{job=\"node-exporter\", cluster=~\"$cluster\", sysname=\"Darwin\"}, instance)","refresh":2,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Node Exporter / MacOS","uid":"629701ea43bf69291922ea45f4a87d37"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (and (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) .Values.nodeExporter.operatingSystems.darwin.enabled) }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes-darwin" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes-darwin" | trunc 63 | trimSuffix "-" }} + key: nodes-darwin.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes.yaml new file mode 100644 index 0000000..5b54ac8 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes.yaml @@ -0,0 +1,56 @@ +{{- /* +Generated from 'nodes' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (and (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) .Values.nodeExporter.operatingSystems.linux.enabled) }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + nodes.json: |- + {{`{"graphTooltip":1,"panels":[{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":1,"panels":[],"title":"CPU","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","stacking":{"mode":"normal"}},"max":1,"min":0,"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":1},"id":2,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"(\n (1 - sum without (mode) (rate(node_cpu_seconds_total{job=\"node-exporter\", mode=~\"idle|iowait|steal\", instance=\"$instance\", cluster=~\"$cluster\"}[$__rate_interval])))\n/ ignoring(cpu) group_left\n count without (cpu, mode) (node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\", cluster=~\"$cluster\"})\n)\n","intervalFactor":5,"legendFormat":"{{cpu}}"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"},"min":0,"unit":"short"}},"gridPos":{"h":7,"w":12,"x":12,"y":1},"id":3,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_load1{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}","legendFormat":"1m load average"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_load5{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}","legendFormat":"5m load average"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_load15{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}","legendFormat":"15m load average"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", mode=\"idle\"})","legendFormat":"logical cores"}],"title":"Load Average","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":8},"id":4,"title":"Memory","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","stacking":{"mode":"normal"}},"min":0,"unit":"bytes"}},"gridPos":{"h":7,"w":18,"x":0,"y":9},"id":5,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"(\n node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}\n-\n node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}\n-\n node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}\n-\n node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}\n)\n","legendFormat":"memory used"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}","legendFormat":"memory buffers"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}","legendFormat":"memory cached"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}","legendFormat":"memory free"}],"title":"Memory Usage","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"max":100,"min":0,"thresholds":{"steps":[{"color":"rgba(50, 172, 45, 0.97)"},{"color":"rgba(237, 129, 40, 0.89)","value":80},{"color":"rgba(245, 54, 54, 0.9)","value":90}]},"unit":"percent"}},"gridPos":{"h":7,"w":6,"x":18,"y":9},"id":6,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"100 -\n(\n avg(node_memory_MemAvailable_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"}) /\n avg(node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"})\n* 100\n)\n"}],"title":"Memory Usage","type":"gauge"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":18},"id":7,"panels":[],"title":"Disk","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"},"min":0},"overrides":[{"matcher":{"id":"byRegexp","options":"/ read| written/"},"properties":[{"id":"unit","value":"Bps"}]},{"matcher":{"id":"byRegexp","options":"/ io time/"},"properties":[{"id":"unit","value":"percentunit"}]}]},"gridPos":{"h":7,"w":12,"x":0,"y":19},"id":8,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","intervalFactor":1,"legendFormat":"{{device}} read"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","intervalFactor":1,"legendFormat":"{{device}} written"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","intervalFactor":1,"legendFormat":"{{device}} io time"}],"title":"Disk I/O","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"thresholds":{"steps":[{"color":"green"},{"color":"yellow","value":0.8},{"color":"red","value":0.9}]},"unit":"decbytes"},"overrides":[{"matcher":{"id":"byName","options":"Mounted on"},"properties":[{"id":"custom.width","value":260}]},{"matcher":{"id":"byName","options":"Size"},"properties":[{"id":"custom.width","value":93}]},{"matcher":{"id":"byName","options":"Used"},"properties":[{"id":"custom.width","value":72}]},{"matcher":{"id":"byName","options":"Available"},"properties":[{"id":"custom.width","value":88}]},{"matcher":{"id":"byName","options":"Used, %"},"properties":[{"id":"unit","value":"percentunit"},{"id":"custom.cellOptions","value":{"type":"gauge"}},{"id":"max","value":1},{"id":"min","value":0}]}]},"gridPos":{"h":7,"w":12,"x":12,"y":19},"id":9,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"max by (mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", fstype!=\"\", mountpoint!=\"\"})\n","format":"table","instant":true,"legendFormat":""},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"max by (mountpoint) (node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", fstype!=\"\", mountpoint!=\"\"})\n","format":"table","instant":true,"legendFormat":""}],"title":"Disk Space Usage","transformations":[{"id":"groupBy","options":{"fields":{"Value #A":{"aggregations":["lastNotNull"],"operation":"aggregate"},"Value #B":{"aggregations":["lastNotNull"],"operation":"aggregate"},"mountpoint":{"aggregations":[],"operation":"groupby"}}}},{"id":"merge"},{"id":"calculateField","options":{"alias":"Used","binary":{"left":"Value #A (lastNotNull)","operator":"-","reducer":"sum","right":"Value #B (lastNotNull)"},"mode":"binary","reduce":{"reducer":"sum"}}},{"id":"calculateField","options":{"alias":"Used, %","binary":{"left":"Used","operator":"/","reducer":"sum","right":"Value #A (lastNotNull)"},"mode":"binary","reduce":{"reducer":"sum"}}},{"id":"organize","options":{"excludeByName":{},"indexByName":{},"renameByName":{"Value #A (lastNotNull)":"Size","Value #B (lastNotNull)":"Available","mountpoint":"Mounted on"}}},{"id":"sortBy","options":{"fields":{},"sort":[{"field":"Mounted on"}]}}],"type":"table"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":26},"id":10,"panels":[],"title":"Network","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"description":"Network received (bits/s)","fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"},"min":0,"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":27},"id":11,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", device!=\"lo\"}[$__rate_interval]) * 8","intervalFactor":1,"legendFormat":"{{device}}"}],"title":"Network Received","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"description":"Network transmitted (bits/s)","fieldConfig":{"defaults":{"custom":{"fillOpacity":0},"min":0,"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":27},"id":12,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\", device!=\"lo\"}[$__rate_interval]) * 8","intervalFactor":1,"legendFormat":"{{device}}"}],"title":"Network Transmitted","type":"timeseries"}],"refresh":"30s","schemaVersion":39,"tags":["node-exporter-mixin"],"templating":{"list":[{"name":"datasource","query":"prometheus","type":"datasource"},{"allValue":".*","datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":true,"label":"Cluster","name":"cluster","query":"label_values(node_uname_info{job=\"node-exporter\", sysname!=\"Darwin\"}, cluster)","refresh":2,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"label":"Instance","name":"instance","query":"label_values(node_uname_info{job=\"node-exporter\", cluster=~\"$cluster\", sysname!=\"Darwin\"}, instance)","refresh":2,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Node Exporter / Nodes","uid":"7d57716318ee0dddbac5a7f451fb7753"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (and (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) .Values.nodeExporter.operatingSystems.linux.enabled) }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes" | trunc 63 | trimSuffix "-" }} + key: nodes.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml new file mode 100644 index 0000000..eb52131 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'persistentvolumesusage' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "persistentvolumesusage" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + persistentvolumesusage.json: |- + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"}},"gridPos":{"h":7,"w":18,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n","legendFormat":"Used Space"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n","legendFormat":"Free Space"}],"title":"Volume Space Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"color":{"mode":"thresholds"},"max":100,"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":0},{"color":"orange","value":80},{"color":"red","value":90}]},"unit":"percent"}},"gridPos":{"h":7,"w":6,"x":18,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"max without(instance,node) (\n(\n topk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n topk(1, kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n/\ntopk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n","instant":true}],"title":"Volume Space Usage","type":"gauge"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"none"}},"gridPos":{"h":7,"w":18,"y":7},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))","legendFormat":"Used inodes"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n","legendFormat":"Free inodes"}],"title":"Volume inodes Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"color":{"mode":"thresholds"},"max":100,"min":0,"thresholds":{"mode":"absolute","steps":[{"color":"green","value":0},{"color":"orange","value":80},{"color":"red","value":90}]},"unit":"percent"}},"gridPos":{"h":7,"w":6,"x":18,"y":7},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"max without(instance,node) (\ntopk(1, kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n/\ntopk(1, kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n","instant":true}],"title":"Volume inodes Usage","type":"gauge"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(kubelet_volume_stats_capacity_bytes{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"Namespace","name":"namespace","query":"label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\"}, namespace)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"PersistentVolumeClaim","name":"volume","query":"label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics\", namespace=\"$namespace\"}, persistentvolumeclaim)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Persistent Volumes","uid":"919b92a8e8041bd567af9edab12c840c"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "persistentvolumesusage" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "persistentvolumesusage" | trunc 63 | trimSuffix "-" }} + key: persistentvolumesusage.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/pod-total.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/pod-total.yaml new file mode 100644 index 0000000..035a7cc --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/pod-total.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'pod-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "pod-total" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + pod-total.json: |- + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"displayName":"$pod","max":10000000000,"min":0,"thresholds":{"steps":[{"color":"dark-green","index":0,"value":null},{"color":"dark-yellow","index":1,"value":5000000000},{"color":"dark-red","index":2,"value":7000000000}]},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum((8 * rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])))","legendFormat":"__auto"}],"title":"Current Rate of Bits Received","type":"gauge"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"displayName":"$pod","max":10000000000,"min":0,"thresholds":{"steps":[{"color":"dark-green","index":0,"value":null},{"color":"dark-yellow","index":1,"value":5000000000},{"color":"dark-red","index":2,"value":7000000000}]},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":12,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum((8 * rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])))","legendFormat":"__auto"}],"title":"Current Rate of Bits Transmitted","type":"gauge"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":0,"y":9},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum((8 * rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval]))) by (pod)","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":12,"y":9},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum((8 * rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval]))) by (pod)","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":0,"y":18},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":12,"y":18},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":0,"y":27},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":12,"y":27},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"allValue":".+","current":{"selected":false,"text":"kube-system","value":"kube-system"},"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"label":"namespace","name":"namespace","query":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"},{"current":{"selected":false,"text":"kube-system","value":"kube-system"},"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"pod","name":"pod","query":"label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Pod","uid":"7a18067ce943a40ae25454675c19ff5c"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "pod-total" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "pod-total" | trunc 63 | trimSuffix "-" }} + key: pod-total.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml new file mode 100644 index 0000000..160a76b --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml @@ -0,0 +1,56 @@ +{{- /* +Generated from 'prometheus-remote-write' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.prometheus.prometheusSpec.remoteWriteDashboards }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus-remote-write" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + prometheus-remote-write.json: |- + {{`{"panels":[{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":1,"panels":[],"title":"Timestamps","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never"},"unit":"short"}},"gridPos":{"h":7,"w":12,"x":0,"y":1},"id":2,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"(\n prometheus_remote_storage_queue_highest_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}\n-\n prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}\n)\n","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}}::{{instance}} {{remote_name}}:{{url}}"}],"title":"Highest Enqueued Timestamp vs. Highest Timestamp Sent","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never"},"unit":"short"}},"gridPos":{"h":7,"w":12,"x":12,"y":1},"id":3,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"clamp_min(\n rate(prometheus_remote_storage_queue_highest_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}[5m])\n-\n rate(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}[5m])\n, 0)\n","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}}:{{instance}} {{remote_name}}:{{url}}"}],"title":"Rate[5m]","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":8},"id":4,"panels":[],"title":"Samples","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never"},"unit":"short"}},"gridPos":{"h":7,"w":24,"x":0,"y":9},"id":5,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(\n prometheus_remote_storage_samples_in_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n-\n ignoring(remote_name, url) group_right(instance) (rate(prometheus_remote_storage_succeeded_samples_total{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}[5m]) or rate(prometheus_remote_storage_samples_total{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}[5m]))\n-\n (rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}[5m]))\n","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}}:{{instance}} {{remote_name}}:{{url}}"}],"title":"Rate, in vs. succeeded or dropped [5m]","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":16},"id":6,"panels":[],"title":"Shards","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never"},"unit":"short"}},"gridPos":{"h":7,"w":24,"x":0,"y":16},"id":7,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"prometheus_remote_storage_shards{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}}:{{instance}} {{remote_name}}:{{url}}"}],"title":"Current Shards","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never"},"unit":"short"}},"gridPos":{"h":7,"w":8,"x":0,"y":23},"id":8,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"prometheus_remote_storage_shards_max{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}}:{{instance}} {{remote_name}}:{{url}}"}],"title":"Max Shards","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never"},"unit":"short"}},"gridPos":{"h":7,"w":8,"x":8,"y":23},"id":9,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"prometheus_remote_storage_shards_min{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}}{{instance}} {{remote_name}}:{{url}}"}],"title":"Min Shards","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never"},"unit":"short"}},"gridPos":{"h":7,"w":8,"x":16,"y":23},"id":10,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"prometheus_remote_storage_shards_desired{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}}:{{instance}} {{remote_name}}:{{url}}"}],"title":"Desired Shards","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":24},"id":11,"panels":[],"title":"Shard Details","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never"},"unit":"short"}},"gridPos":{"h":7,"w":12,"x":0,"y":25},"id":12,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"prometheus_remote_storage_shard_capacity{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}}:{{instance}} {{remote_name}}:{{url}}"}],"title":"Shard Capacity","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never"},"unit":"short"}},"gridPos":{"h":7,"w":12,"x":12,"y":25},"id":13,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"prometheus_remote_storage_pending_samples{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"} or prometheus_remote_storage_samples_pending{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}}:{{instance}} {{remote_name}}:{{url}}"}],"title":"Pending Samples","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":32},"id":14,"panels":[],"title":"Segments","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"},"unit":"none"}},"gridPos":{"h":7,"w":12,"x":0,"y":33},"id":15,"options":{"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"prometheus_tsdb_wal_segment_current{cluster=~\"$cluster\", instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}}:{{instance}}"}],"title":"TSDB Current Segment","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"},"unit":"none"}},"gridPos":{"h":7,"w":12,"x":12,"y":33},"id":16,"options":{"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"prometheus_wal_watcher_current_segment{cluster=~\"$cluster\", instance=~\"$instance\"}","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}}:{{instance}} {{consumer}}"}],"title":"Remote Write Current Segment","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":40},"id":17,"panels":[],"title":"Misc. Rates","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"}}},"gridPos":{"h":7,"w":6,"x":0,"y":41},"id":18,"options":{"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}[5m])","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}}:{{instance}} {{remote_name}}:{{url}}"}],"title":"Dropped Samples","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"}}},"gridPos":{"h":7,"w":6,"x":6,"y":41},"id":19,"options":{"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(prometheus_remote_storage_failed_samples_total{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}[5m])","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}}:{{instance}} {{remote_name}}:{{url}}"}],"title":"Failed Samples","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"}}},"gridPos":{"h":7,"w":6,"x":12,"y":41},"id":20,"options":{"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(prometheus_remote_storage_retried_samples_total{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}[5m]) or rate(prometheus_remote_storage_samples_retried_total{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}[5m])","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}}:{{instance}} {{remote_name}}:{{url}}"}],"title":"Retried Samples","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"}}},"gridPos":{"h":7,"w":6,"x":18,"y":41},"id":21,"options":{"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(prometheus_remote_storage_enqueue_retries_total{cluster=~\"$cluster\", instance=~\"$instance\", url=~\"$url\"}[5m])","format":"time_series","intervalFactor":2,"legendFormat":"{{cluster}}:{{instance}} {{remote_name}}:{{url}}"}],"title":"Enqueue Retries","type":"timeseries"}],"schemaVersion":39,"tags":["prometheus-mixin"],"templating":{"list":[{"current":{"selected":false,"text":"default","value":"default"},"hide":0,"name":"datasource","query":"prometheus","type":"datasource"},{"current":{"selected":false,"text":"$__all","value":"$__all"},"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":true,"name":"cluster","query":"label_values(prometheus_build_info, cluster)","refresh":2,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"includeAll":true,"name":"instance","query":"label_values(prometheus_build_info{cluster=~\"$cluster\"}, instance)","refresh":2,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"includeAll":true,"name":"url","query":"label_values(prometheus_remote_storage_shards{cluster=~\"$cluster\", instance=~\"$instance\"}, url)","refresh":2,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["60s"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Prometheus / Remote Write","uid":"cb079f93-fde4-41f0-862b-d4301d7c1c56"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.prometheus.prometheusSpec.remoteWriteDashboards }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus-remote-write" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus-remote-write" | trunc 63 | trimSuffix "-" }} + key: prometheus-remote-write.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus.yaml new file mode 100644 index 0000000..6457f76 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus.yaml @@ -0,0 +1,56 @@ +{{- /* +Generated from 'prometheus' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + prometheus.json: |- + {{`{"panels":[{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":1,"panels":[],"title":"Prometheus Stats","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"decimals":2,"displayName":"","unit":"short"},"overrides":[{"matcher":{"id":"byName","options":"Time"},"properties":[{"id":"displayName","value":"Time"},{"id":"custom.align","value":null},{"id":"custom.hidden","value":"true"}]},{"matcher":{"id":"byName","options":"cluster"},"properties":[{"id":"custom.align","value":null},{"id":"unit","value":"short"},{"id":"decimals","value":2},{"id":"displayName","value":"Cluster"}]},{"matcher":{"id":"byName","options":"job"},"properties":[{"id":"custom.align","value":null},{"id":"unit","value":"short"},{"id":"decimals","value":2},{"id":"displayName","value":"Job"}]},{"matcher":{"id":"byName","options":"instance"},"properties":[{"id":"displayName","value":"Instance"},{"id":"custom.align","value":null},{"id":"unit","value":"short"},{"id":"decimals","value":2}]},{"matcher":{"id":"byName","options":"version"},"properties":[{"id":"displayName","value":"Version"},{"id":"custom.align","value":null},{"id":"unit","value":"short"},{"id":"decimals","value":2}]},{"matcher":{"id":"byName","options":"Value #A"},"properties":[{"id":"displayName","value":"Count"},{"id":"custom.align","value":null},{"id":"unit","value":"short"},{"id":"decimals","value":2},{"id":"custom.hidden","value":"true"}]},{"matcher":{"id":"byName","options":"Value #B"},"properties":[{"id":"displayName","value":"Uptime"},{"id":"custom.align","value":null},{"id":"unit","value":"s"}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":1},"id":2,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"count by (cluster, job, instance, version) (prometheus_build_info{cluster=~\"$cluster\", job=~\"$job\", instance=~\"$instance\"})","format":"table","instant":true,"legendFormat":""},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"max by (cluster, job, instance) (time() - process_start_time_seconds{cluster=~\"$cluster\", job=~\"$job\", instance=~\"$instance\"})","format":"table","instant":true,"legendFormat":""}],"title":"Prometheus Stats","type":"table"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":8},"id":3,"panels":[],"title":"Discovery","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never"},"min":0,"unit":"ms"}},"gridPos":{"h":7,"w":12,"x":0,"y":9},"id":4,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum(rate(prometheus_target_sync_length_seconds_sum{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[5m])) by (cluster, job, scrape_job, instance) * 1e3","format":"time_series","legendFormat":"{{cluster}}:{{job}}:{{instance}}:{{scrape_job}}"}],"title":"Target Sync","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"lineWidth":0,"showPoints":"never","stacking":{"mode":"normal"}},"min":0,"unit":"short"}},"gridPos":{"h":7,"w":12,"x":12,"y":9},"id":5,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum by (cluster, job, instance) (prometheus_sd_discovered_targets{cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"})","format":"time_series","legendFormat":"{{cluster}}:{{job}}:{{instance}}"}],"title":"Targets","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":16},"id":6,"panels":[],"title":"Retrieval","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never"},"min":0,"unit":"ms"}},"gridPos":{"h":7,"w":8,"x":0,"y":17},"id":7,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(prometheus_target_interval_length_seconds_sum{cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"}[5m]) / rate(prometheus_target_interval_length_seconds_count{cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"}[5m]) * 1e3","format":"time_series","legendFormat":"{{cluster}}:{{job}}:{{instance}} {{interval}} configured"}],"title":"Average Scrape Interval Duration","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"lineWidth":0,"showPoints":"never","stacking":{"mode":"normal"}},"min":0,"unit":"short"}},"gridPos":{"h":7,"w":8,"x":8,"y":17},"id":8,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_exceeded_body_size_limit_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"exceeded body size limit: {{cluster}} {{job}} {{instance}}"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_exceeded_sample_limit_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"exceeded sample limit: {{cluster}} {{job}} {{instance}}"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"duplicate timestamp: {{cluster}} {{job}} {{instance}}"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_sample_out_of_bounds_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"out of bounds: {{cluster}} {{job}} {{instance}}"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_sample_out_of_order_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"out of order: {{cluster}} {{job}} {{instance}}"}],"title":"Scrape failures","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"lineWidth":0,"showPoints":"never","stacking":{"mode":"normal"}},"min":0,"unit":"short"}},"gridPos":{"h":7,"w":8,"x":16,"y":17},"id":9,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(prometheus_tsdb_head_samples_appended_total{cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"}[5m])","format":"time_series","legendFormat":"{{cluster}} {{job}} {{instance}}"}],"title":"Appended Samples","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":24},"id":10,"panels":[],"title":"Storage","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"lineWidth":0,"showPoints":"never","stacking":{"mode":"normal"}},"min":0,"unit":"short"}},"gridPos":{"h":7,"w":12,"x":0,"y":25},"id":11,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"prometheus_tsdb_head_series{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}","format":"time_series","legendFormat":"{{cluster}} {{job}} {{instance}} head series"}],"title":"Head Series","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"lineWidth":0,"showPoints":"never","stacking":{"mode":"normal"}},"min":0,"unit":"short"}},"gridPos":{"h":7,"w":12,"x":12,"y":25},"id":12,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"prometheus_tsdb_head_chunks{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}","format":"time_series","legendFormat":"{{cluster}} {{job}} {{instance}} head chunks"}],"title":"Head Chunks","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":32},"id":13,"panels":[],"title":"Query","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"lineWidth":0,"showPoints":"never","stacking":{"mode":"normal"}},"min":0,"unit":"short"}},"gridPos":{"h":7,"w":12,"x":0,"y":33},"id":14,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(prometheus_engine_query_duration_seconds_count{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\",slice=\"inner_eval\"}[5m])","format":"time_series","legendFormat":"{{cluster}} {{job}} {{instance}}"}],"title":"Query Rate","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"lineWidth":0,"showPoints":"never","stacking":{"mode":"normal"}},"min":0,"unit":"ms"}},"gridPos":{"h":7,"w":12,"x":12,"y":33},"id":15,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"max by (slice) (prometheus_engine_query_duration_seconds{quantile=\"0.9\",cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"}) * 1e3","format":"time_series","legendFormat":"{{slice}}"}],"title":"Stage Duration","type":"timeseries"}],"schemaVersion":39,"tags":["prometheus-mixin"],"templating":{"list":[{"current":{"selected":false,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","type":"datasource"},{"allValue":".*","current":{"selected":false,"text":["$__all"],"value":["$__all"]},"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":true,"label":"cluster","multi":true,"name":"cluster","query":"label_values(prometheus_build_info{}, cluster)","refresh":2,"sort":2,"type":"query"},{"allValue":".+","datasource":{"type":"prometheus","uid":"${datasource}"},"includeAll":true,"label":"job","multi":true,"name":"job","query":"label_values(prometheus_build_info{cluster=~\"$cluster\"}, job)","refresh":2,"sort":2,"type":"query"},{"allValue":".+","datasource":{"type":"prometheus","uid":"${datasource}"},"includeAll":true,"label":"instance","multi":true,"name":"instance","query":"label_values(prometheus_build_info{cluster=~\"$cluster\", job=~\"$job\"}, instance)","refresh":2,"sort":2,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["60s"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Prometheus / Overview","uid":"9fa0d141-d019-4ad7-8bc5-42196ee308bd"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus" | trunc 63 | trimSuffix "-" }} + key: prometheus.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/proxy.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/proxy.yaml new file mode 100644 index 0000000..0b444e2 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/proxy.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'proxy' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeProxy.enabled }} +{{- $kubeProxyJob := include "kube-prometheus-stack-kube-proxy.name" . }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "proxy" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + proxy.json: |- + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"none"}},"gridPos":{"h":7,"w":4,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(up{cluster=\"$cluster\", job=\"`}}{{ $kubeProxyJob }}{{`\"})","instant":true}],"title":"Up","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"ops"}},"gridPos":{"h":7,"w":10,"x":4,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(kubeproxy_sync_proxy_rules_duration_seconds_count{cluster=\"$cluster\", job=\"`}}{{ $kubeProxyJob }}{{`\", instance=~\"$instance\"}[$__rate_interval]))","legendFormat":"rate"}],"title":"Rules Sync Rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"s"}},"gridPos":{"h":7,"w":10,"x":14,"y":0},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99,rate(kubeproxy_sync_proxy_rules_duration_seconds_bucket{cluster=\"$cluster\", job=\"`}}{{ $kubeProxyJob }}{{`\", instance=~\"$instance\"}[$__rate_interval]))","legendFormat":"{{instance}}"}],"title":"Rules Sync Latency 99th Quantile","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"ops"}},"gridPos":{"h":7,"w":12,"x":0,"y":7},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(kubeproxy_network_programming_duration_seconds_count{cluster=\"$cluster\", job=\"`}}{{ $kubeProxyJob }}{{`\", instance=~\"$instance\"}[$__rate_interval]))","legendFormat":"rate"}],"title":"Network Programming Rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"s"}},"gridPos":{"h":7,"w":12,"x":12,"y":7},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(kubeproxy_network_programming_duration_seconds_bucket{cluster=\"$cluster\", job=\"`}}{{ $kubeProxyJob }}{{`\", instance=~\"$instance\"}[$__rate_interval])) by (instance, le))","legendFormat":"{{instance}}"}],"title":"Network Programming Latency 99th Quantile","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"ops"}},"gridPos":{"h":7,"w":8,"x":0,"y":14},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"`}}{{ $kubeProxyJob }}{{`\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))","legendFormat":"2xx"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"`}}{{ $kubeProxyJob }}{{`\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))","legendFormat":"3xx"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"`}}{{ $kubeProxyJob }}{{`\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))","legendFormat":"4xx"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"`}}{{ $kubeProxyJob }}{{`\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))","legendFormat":"5xx"}],"title":"Kube API Request Rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"ops"}},"gridPos":{"h":7,"w":16,"x":8,"y":14},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"`}}{{ $kubeProxyJob }}{{`\",instance=~\"$instance\",verb=\"POST\"}[$__rate_interval])) by (verb, le))","legendFormat":"{{verb}}"}],"title":"Post Request Latency 99th Quantile","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"s"}},"gridPos":{"h":7,"w":24,"x":0,"y":21},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"`}}{{ $kubeProxyJob }}{{`\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, le))","legendFormat":"{{verb}}"}],"title":"Get Request Latency 99th Quantile","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"}},"gridPos":{"h":7,"w":8,"x":0,"y":28},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"process_resident_memory_bytes{cluster=\"$cluster\", job=\"`}}{{ $kubeProxyJob }}{{`\",instance=~\"$instance\"}","legendFormat":"{{instance}}"}],"title":"Memory","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"short"}},"gridPos":{"h":7,"w":8,"x":8,"y":28},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"`}}{{ $kubeProxyJob }}{{`\",instance=~\"$instance\"}[$__rate_interval])","legendFormat":"{{instance}}"}],"title":"CPU usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"short"}},"gridPos":{"h":7,"w":8,"x":16,"y":28},"id":11,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"go_goroutines{cluster=\"$cluster\", job=\"`}}{{ $kubeProxyJob }}{{`\",instance=~\"$instance\"}","legendFormat":"{{instance}}"}],"title":"Goroutines","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"`}}{{ $kubeProxyJob }}{{`\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"allValue":".+","datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"label":"instance","name":"instance","query":"label_values(up{job=\"`}}{{ $kubeProxyJob }}{{`\", cluster=\"$cluster\", job=\"`}}{{ $kubeProxyJob }}{{`\"}, instance)","refresh":2,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Proxy","uid":"632e265de029684c40b21cb76bca4f94"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeProxy.enabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "proxy" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "proxy" | trunc 63 | trimSuffix "-" }} + key: proxy.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/scheduler.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/scheduler.yaml new file mode 100644 index 0000000..eb66a06 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/scheduler.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'scheduler' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeScheduler.enabled }} +{{- $kubeSchedulerJob := include "kube-prometheus-stack-kube-scheduler.name" . }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "scheduler" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + scheduler.json: |- + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"none"}},"gridPos":{"h":7,"w":4,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(up{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\"})","instant":true}],"title":"Up","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"ops"}},"gridPos":{"h":7,"w":10,"x":4,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(scheduler_scheduling_attempt_duration_seconds_count{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)","legendFormat":"{{cluster}} {{instance}} e2e"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(scheduler_pod_scheduling_sli_duration_seconds_count{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)","legendFormat":"{{cluster}} {{instance}} binding"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)","legendFormat":"{{cluster}} {{instance}} scheduling algorithm"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(scheduler_volume_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)","legendFormat":"{{cluster}} {{instance}} volume"}],"title":"Scheduling Rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"s"}},"gridPos":{"h":7,"w":10,"x":14,"y":0},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(scheduler_scheduling_attempt_duration_seconds_bucket{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))","legendFormat":"{{cluster}} {{instance}} e2e"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(scheduler_pod_scheduling_sli_duration_seconds_bucket{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))","legendFormat":"{{cluster}} {{instance}} binding"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))","legendFormat":"{{cluster}} {{instance}} scheduling algorithm"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))","legendFormat":"{{cluster}} {{instance}} volume"}],"title":"Scheduling latency 99th Quantile","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"ops"}},"gridPos":{"h":7,"w":8,"x":0,"y":7},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))","legendFormat":"2xx"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))","legendFormat":"3xx"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))","legendFormat":"4xx"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))","legendFormat":"5xx"}],"title":"Kube API Request Rate","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"ops"}},"gridPos":{"h":7,"w":16,"x":8,"y":7},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\", instance=~\"$instance\", verb=\"POST\"}[$__rate_interval])) by (verb, le))","legendFormat":"{{verb}}"}],"title":"Post Request Latency 99th Quantile","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"s"}},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, le))","legendFormat":"{{verb}}"}],"title":"Get Request Latency 99th Quantile","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"}},"gridPos":{"h":7,"w":8,"x":0,"y":21},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"process_resident_memory_bytes{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\", instance=~\"$instance\"}","legendFormat":"{{instance}}"}],"title":"Memory","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"short"}},"gridPos":{"h":7,"w":8,"x":8,"y":21},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\", instance=~\"$instance\"}[$__rate_interval])","legendFormat":"{{instance}}"}],"title":"CPU usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"short"}},"gridPos":{"h":7,"w":8,"x":16,"y":21},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"go_goroutines{cluster=\"$cluster\", job=\"`}}{{ $kubeSchedulerJob }}{{`\",instance=~\"$instance\"}","legendFormat":"{{instance}}"}],"title":"Goroutines","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"`}}{{ $kubeSchedulerJob }}{{`\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"allValue":".+","datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"label":"instance","name":"instance","query":"label_values(up{job=\"`}}{{ $kubeSchedulerJob }}{{`\", cluster=\"$cluster\"}, instance)","refresh":2,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Scheduler","uid":"2e6b6a3b4bddf1427b3a55aa1311c656"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeScheduler.enabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "scheduler" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "scheduler" | trunc 63 | trimSuffix "-" }} + key: scheduler.json +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/workload-total.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/workload-total.yaml new file mode 100644 index 0000000..65c2039 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/workload-total.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'workload-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "workload-total" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +data: + workload-total.json: |- + {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"color":{"fixedColor":"green","mode":"fixed"},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"displayMode":"basic","showUnfilled":false},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum((8 * rate(container_network_receive_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Current Rate of Bits Received","type":"bargauge"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"color":{"fixedColor":"green","mode":"fixed"},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":12,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"displayMode":"basic","showUnfilled":false},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum((8 * rate(container_network_transmit_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Current Rate of Bits Transmitted","type":"bargauge"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"color":{"fixedColor":"green","mode":"fixed"},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":0,"y":9},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"displayMode":"basic","showUnfilled":false},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(avg((8 * rate(container_network_receive_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Average Rate of Bits Received","type":"bargauge"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"color":{"fixedColor":"green","mode":"fixed"},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":12,"y":9},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"displayMode":"basic","showUnfilled":false},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(avg((8 * rate(container_network_transmit_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Average Rate of Bits Transmitted","type":"bargauge"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":0,"y":18},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum((8 * rate(container_network_receive_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bps"}},"gridPos":{"h":9,"w":12,"x":12,"y":18},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum((8 * rate(container_network_transmit_bytes_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval]))\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":0,"y":27},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_receive_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":12,"y":27},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_transmit_packets_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":0,"y":36},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_receive_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":12,"y":36},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_transmit_packets_dropped_total{job=\"`}}{{ $kubeletJob }}{{`\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n* on (cluster, namespace, pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(kube_pod_info{job=\"kube-state-metrics\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"allValue":".+","current":{"selected":false,"text":"kube-system","value":"kube-system"},"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"label":"namespace","name":"namespace","query":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"workload","name":"workload","query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\"}, workload)","refresh":2,"sort":1,"type":"query"},{"allValue":".+","datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"label":"workload_type","name":"type","query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Workload","uid":"728bf77cc1166d2f3133bf25846876cc"}`}} +{{- end }} +--- +{{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "workload-total" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} + {{ with .Values.grafana.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ tpl $.Values.grafana.sidecar.dashboards.label $ }}: {{ ((tpl $.Values.grafana.sidecar.dashboards.labelValue $) | default 1) | quote }} + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} +spec: + allowCrossNamespaceImport: true + resyncPeriod: {{ .Values.grafana.operator.resyncPeriod | quote | default "10m" }} + {{- include "kube-prometheus-stack.grafana.operator.folder" . | nindent 2 }} + instanceSelector: + matchLabels: + {{- if .Values.grafana.operator.matchLabels }} + {{- toYaml .Values.grafana.operator.matchLabels | nindent 6 }} + {{- else }} + {{- fail "grafana.operator.matchLabels must be specified when grafana.operator.dashboardsConfigMapRefEnabled is true" }} + {{- end }} + configMapRef: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "workload-total" | trunc 63 | trimSuffix "-" }} + key: workload-total.json +{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/_prometheus-operator.tpl b/charts/kube-prometheus-stack/templates/prometheus-operator/_prometheus-operator.tpl similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/_prometheus-operator.tpl rename to charts/kube-prometheus-stack/templates/prometheus-operator/_prometheus-operator.tpl diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/_prometheus-operator-webhook.tpl b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/_prometheus-operator-webhook.tpl similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/_prometheus-operator-webhook.tpl rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/_prometheus-operator-webhook.tpl diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/deployment/deployment.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/deployment.yaml similarity index 98% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/deployment/deployment.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/deployment.yaml index 054eac4..f2183c8 100644 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/deployment/deployment.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/deployment.yaml @@ -71,6 +71,8 @@ spec: - containerPort: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.internalPort }} name: https {{- else }} + - "--web.enable-tls=false" + - "--web.listen-address=:8080" ports: - containerPort: 8080 name: http @@ -122,7 +124,7 @@ spec: securityContext: {{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.securityContext | indent 8 }} {{- end }} - serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}-webhook + serviceAccountName: {{ template "kube-prometheus-stack.operator.admissionWebhooks.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.prometheusOperator.admissionWebhooks.deployment.automountServiceAccountToken }} {{- if .Values.prometheusOperator.admissionWebhooks.deployment.hostNetwork }} hostNetwork: true diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/deployment/pdb.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/pdb.yaml similarity index 59% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/deployment/pdb.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/pdb.yaml index 04458b9..0559a8e 100644 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/deployment/pdb.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/pdb.yaml @@ -1,5 +1,5 @@ -{{- if .Values.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget -}} -apiVersion: {{ include "kube-prometheus-stack.pdb.apiVersion" . }} +{{- if and .Values.prometheusOperator.admissionWebhooks.deployment.enabled .Values.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget.enabled -}} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "kube-prometheus-stack.operator.fullname" . }}-webhook @@ -11,5 +11,5 @@ spec: matchLabels: app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook release: {{ $.Release.Name | quote }} -{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget | indent 2 }} +{{ toYaml (omit .Values.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget "enabled") | indent 2 }} {{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/deployment/service.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/service.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/deployment/service.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/service.yaml diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/deployment/serviceaccount.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/serviceaccount.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/deployment/serviceaccount.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/serviceaccount.yaml diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-createSecret.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-createSecret.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-createSecret.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-createSecret.yaml diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-patchWebhook.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-patchWebhook.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-patchWebhook.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-patchWebhook.yaml diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml similarity index 64% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml index 1695490..a0c1048 100644 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml @@ -18,16 +18,5 @@ rules: verbs: - get - update -{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.global.rbac.pspEnabled }} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} - - apiGroups: ['policy'] -{{- else }} - - apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-prometheus-stack.fullname" . }}-admission -{{- end }} + - patch {{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml similarity index 84% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml index baed83d..9865786 100644 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml @@ -14,10 +14,7 @@ metadata: app: {{ template "kube-prometheus-stack.name" $ }}-admission-create {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }} spec: - {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} - # Alpha feature since k8s 1.12 - ttlSecondsAfterFinished: 0 - {{- end }} + ttlSecondsAfterFinished: {{ .Values.prometheusOperator.admissionWebhooks.patch.ttlSecondsAfterFinished }} template: metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create @@ -32,9 +29,13 @@ spec: {{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- include "kube-prometheus-stack.imagePullSecrets" . | indent 8 }} + {{- end }} containers: - name: create - {{- $registry := include "monitoring_registry" . | default .Values.prometheusOperator.admissionWebhooks.patch.image.registry -}} + {{- $registry := .Values.global.imageRegistry | default .Values.prometheusOperator.admissionWebhooks.patch.image.registry -}} {{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} image: {{ $registry }}/{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} {{- else }} @@ -54,16 +55,16 @@ spec: {{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }} restartPolicy: OnFailure serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }} + {{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }} + nodeSelector: {{ toYaml . | indent 8 }} -{{- end }} + {{- end }} {{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }} + {{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }} + tolerations: {{ toYaml . | indent 8 }} {{- end }} {{- if .Values.prometheusOperator.admissionWebhooks.patch.securityContext }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml similarity index 77% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml index 5639cc9..9a2bbbe 100644 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -1,4 +1,12 @@ {{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +{{- $failurePolicy := .Values.prometheusOperator.admissionWebhooks.failurePolicy }} +{{- if eq $failurePolicy "IgnoreOnInstallOnly" }} + {{- if .Release.IsInstall }} + {{- $failurePolicy = "Ignore" }} + {{- else }} + {{- $failurePolicy = "Fail" }} + {{- end }} +{{- end }} apiVersion: batch/v1 kind: Job metadata: @@ -14,10 +22,7 @@ metadata: app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }} spec: - {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} - # Alpha feature since k8s 1.12 - ttlSecondsAfterFinished: 0 - {{- end }} + ttlSecondsAfterFinished: {{ .Values.prometheusOperator.admissionWebhooks.patch.ttlSecondsAfterFinished }} template: metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch @@ -32,9 +37,13 @@ spec: {{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- include "kube-prometheus-stack.imagePullSecrets" . | indent 8 }} + {{- end }} containers: - name: patch - {{- $registry := include "monitoring_registry" . | default .Values.prometheusOperator.admissionWebhooks.patch.image.registry -}} + {{- $registry := .Values.global.imageRegistry | default .Values.prometheusOperator.admissionWebhooks.patch.image.registry -}} {{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} image: {{ $registry }}/{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} {{- else }} @@ -46,7 +55,7 @@ spec: - --webhook-name={{ template "kube-prometheus-stack.fullname" . }}-admission - --namespace={{ template "kube-prometheus-stack.namespace" . }} - --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission - - --patch-failure-policy={{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }} + - --patch-failure-policy={{ $failurePolicy }} {{- with .Values.prometheusOperator.admissionWebhooks.patchWebhookJob }} securityContext: {{ toYaml .securityContext | nindent 12 }} @@ -55,16 +64,16 @@ spec: {{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }} restartPolicy: OnFailure serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }} + {{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }} + nodeSelector: {{ toYaml . | indent 8 }} -{{- end }} + {{- end }} {{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }} + {{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }} + tolerations: {{ toYaml . | indent 8 }} {{- end }} {{- if .Values.prometheusOperator.admissionWebhooks.patch.securityContext }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-createSecret.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-createSecret.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-createSecret.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-createSecret.yaml diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-patchWebhook.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-patchWebhook.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-patchWebhook.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-patchWebhook.yaml diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml similarity index 96% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml index 244b25e..1661c9a 100644 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml @@ -78,4 +78,8 @@ webhooks: objectSelector: {{- toYaml . | nindent 6 }} {{- end }} + {{- with .Values.prometheusOperator.admissionWebhooks.matchConditions }} + matchConditions: + {{- toYaml . | nindent 6 }} + {{- end }} {{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml similarity index 51% rename from charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml index 93f7740..62207a8 100644 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml @@ -12,7 +12,7 @@ metadata: app: {{ template "kube-prometheus-stack.name" $ }}-admission {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }} webhooks: - - name: prometheusrulemutate.monitoring.coreos.com + - name: prometheusrulevalidate.monitoring.coreos.com {{- if eq .Values.prometheusOperator.admissionWebhooks.failurePolicy "IgnoreOnInstallOnly" }} failurePolicy: {{ .Release.IsInstall | ternary "Ignore" "Fail" }} {{- else if .Values.prometheusOperator.admissionWebhooks.failurePolicy }} @@ -78,4 +78,78 @@ webhooks: objectSelector: {{- toYaml . | nindent 6 }} {{- end }} + {{- with .Values.prometheusOperator.admissionWebhooks.matchConditions }} + matchConditions: + {{- toYaml . | nindent 6 }} + {{- end }} + - name: alertmanagerconfigsvalidate.monitoring.coreos.com + {{- if eq .Values.prometheusOperator.admissionWebhooks.failurePolicy "IgnoreOnInstallOnly" }} + failurePolicy: {{ .Release.IsInstall | ternary "Ignore" "Fail" }} + {{- else if .Values.prometheusOperator.admissionWebhooks.failurePolicy }} + failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }} + {{- else if .Values.prometheusOperator.admissionWebhooks.patch.enabled }} + failurePolicy: Ignore + {{- else }} + failurePolicy: Fail + {{- end }} + rules: + - apiGroups: + - monitoring.coreos.com + apiVersions: + - v1alpha1 + resources: + - alertmanagerconfigs + operations: + - CREATE + - UPDATE + clientConfig: + service: + namespace: {{ template "kube-prometheus-stack.namespace" . }} + name: {{ template "kube-prometheus-stack.operator.fullname" $ }}{{ if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}-webhook{{ end }} + path: /admission-alertmanagerconfigs/validate + {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} + caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }} + {{- end }} + timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }} + admissionReviewVersions: ["v1", "v1beta1"] + sideEffects: None + {{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector }} + namespaceSelector: + {{- with (omit .Values.prometheusOperator.admissionWebhooks.namespaceSelector "matchExpressions") }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions }} + matchExpressions: + {{- with (.Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions) }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.prometheusOperator.denyNamespaces }} + - key: kubernetes.io/metadata.name + operator: NotIn + values: + {{- range $namespace := mustUniq .Values.prometheusOperator.denyNamespaces }} + - {{ $namespace }} + {{- end }} + {{- else if and .Values.prometheusOperator.namespaces .Values.prometheusOperator.namespaces.additional }} + - key: kubernetes.io/metadata.name + operator: In + values: + {{- if and .Values.prometheusOperator.namespaces.releaseNamespace (default .Values.prometheusOperator.namespaces.releaseNamespace true) }} + {{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} + - {{ $namespace }} + {{- end }} + {{- range $namespace := mustUniq .Values.prometheusOperator.namespaces.additional }} + - {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.prometheusOperator.admissionWebhooks.objectSelector }} + objectSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.prometheusOperator.admissionWebhooks.matchConditions }} + matchConditions: + {{- toYaml . | nindent 6 }} + {{- end }} {{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/aggregate-clusterroles.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/aggregate-clusterroles.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/aggregate-clusterroles.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/aggregate-clusterroles.yaml diff --git a/charts/rancher-monitoring/templates/prometheus-operator/certmanager.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/certmanager.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/certmanager.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/certmanager.yaml diff --git a/charts/rancher-monitoring/templates/prometheus-operator/ciliumnetworkpolicy.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/ciliumnetworkpolicy.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/ciliumnetworkpolicy.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/ciliumnetworkpolicy.yaml diff --git a/charts/rancher-monitoring/templates/prometheus-operator/clusterrole.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml similarity index 86% rename from charts/rancher-monitoring/templates/prometheus-operator/clusterrole.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml index 571a872..c02aed6 100644 --- a/charts/rancher-monitoring/templates/prometheus-operator/clusterrole.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml @@ -1,3 +1,4 @@ +{{/* This file is based on https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/rbac.md */}} {{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -23,10 +24,15 @@ rules: - thanosrulers/finalizers - thanosrulers/status - scrapeconfigs + - scrapeconfigs/status - servicemonitors + - servicemonitors/status - podmonitors + - podmonitors/status - probes + - probes/status - prometheusrules + - prometheusrules/status verbs: - '*' - apiGroups: @@ -77,6 +83,7 @@ rules: - watch - apiGroups: - "" + - events.k8s.io resources: - events verbs: @@ -96,7 +103,6 @@ rules: - storageclasses verbs: - get -{{- if .Capabilities.APIVersions.Has "discovery.k8s.io/v1/EndpointSlice" }} - apiGroups: - discovery.k8s.io resources: @@ -109,4 +115,3 @@ rules: - update - delete {{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/clusterrolebinding.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrolebinding.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/clusterrolebinding.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/clusterrolebinding.yaml diff --git a/charts/rancher-monitoring/templates/prometheus-operator/deployment.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml similarity index 92% rename from charts/rancher-monitoring/templates/prometheus-operator/deployment.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml index 8da59f2..0125a88 100644 --- a/charts/rancher-monitoring/templates/prometheus-operator/deployment.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml @@ -47,10 +47,9 @@ spec: {{- end }} containers: - name: {{ template "kube-prometheus-stack.name" . }} - {{- $base_registry := (include "monitoring_registry" .) }} - {{- $configReloaderRegistry := .Values.prometheusOperator.prometheusConfigReloader.image.registry | default $base_registry -}} - {{- $operatorRegistry := .Values.prometheusOperator.image.registry | default $base_registry -}} - {{- $thanosRegistry := .Values.prometheusOperator.thanosImage.registry | default $base_registry -}} + {{- $configReloaderRegistry := .Values.global.imageRegistry | default .Values.prometheusOperator.prometheusConfigReloader.image.registry -}} + {{- $operatorRegistry := .Values.global.imageRegistry | default .Values.prometheusOperator.image.registry -}} + {{- $thanosRegistry := .Values.global.imageRegistry | default .Values.prometheusOperator.thanosImage.registry -}} {{- if .Values.prometheusOperator.image.sha }} image: "{{ $operatorRegistry }}/{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.prometheusOperator.image.sha }}" {{- else }} @@ -89,10 +88,10 @@ spec: {{- end }} - --localhost=127.0.0.1 {{- if .Values.prometheusOperator.prometheusDefaultBaseImage }} - - --prometheus-default-base-image={{ $base_registry | default .Values.prometheusOperator.prometheusDefaultBaseImageRegistry }}/{{ .Values.prometheusOperator.prometheusDefaultBaseImage }} + - --prometheus-default-base-image={{ .Values.global.imageRegistry | default .Values.prometheusOperator.prometheusDefaultBaseImageRegistry }}/{{ .Values.prometheusOperator.prometheusDefaultBaseImage }} {{- end }} {{- if .Values.prometheusOperator.alertmanagerDefaultBaseImage }} - - --alertmanager-default-base-image={{ $base_registry | default .Values.prometheusOperator.alertmanagerDefaultBaseImageRegistry }}/{{ .Values.prometheusOperator.alertmanagerDefaultBaseImage }} + - --alertmanager-default-base-image={{ .Values.global.imageRegistry | default .Values.prometheusOperator.alertmanagerDefaultBaseImageRegistry }}/{{ .Values.prometheusOperator.alertmanagerDefaultBaseImage }} {{- end }} {{- if .Values.prometheusOperator.prometheusConfigReloader.image.sha }} - --prometheus-config-reloader={{ $configReloaderRegistry }}/{{ .Values.prometheusOperator.prometheusConfigReloader.image.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloader.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.prometheusOperator.prometheusConfigReloader.image.sha }} @@ -144,6 +143,9 @@ spec: - --web.key-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.key{{ else }}key{{ end }} - --web.listen-address=:{{ .Values.prometheusOperator.tls.internalPort }} - --web.tls-min-version={{ .Values.prometheusOperator.tls.tlsMinVersion }} + {{- else }} + - --web.enable-tls=false + - --web.listen-address=:8080 {{- end }} {{- with .Values.prometheusOperator.extraArgs }} {{- tpl (toYaml .) $ | nindent 12 }} @@ -216,6 +218,9 @@ spec: dnsConfig: {{ toYaml . | indent 8 }} {{- end }} +{{- if kindIs "bool" .Values.prometheusOperator.hostUsers }} + hostUsers: {{ .Values.prometheusOperator.hostUsers }} +{{- end }} {{- if .Values.prometheusOperator.securityContext }} securityContext: {{ toYaml .Values.prometheusOperator.securityContext | indent 8 }} @@ -226,8 +231,8 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} {{- with .Values.prometheusOperator.nodeSelector }} + nodeSelector: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.prometheusOperator.affinity }} @@ -237,8 +242,8 @@ spec: {{- with .Values.prometheusOperator.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ . }} {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} {{- with .Values.prometheusOperator.tolerations }} + tolerations: {{ toYaml . | indent 8 }} {{- end }} {{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/networkpolicy.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/networkpolicy.yaml similarity index 91% rename from charts/rancher-monitoring/templates/prometheus-operator/networkpolicy.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/networkpolicy.yaml index cfd5b0b..cf16a51 100644 --- a/charts/rancher-monitoring/templates/prometheus-operator/networkpolicy.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/networkpolicy.yaml @@ -1,5 +1,5 @@ {{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "kubernetes") }} -apiVersion: {{ template "kube-prometheus-stack.prometheus.networkPolicy.apiVersion" . }} +apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ template "kube-prometheus-stack.operator.fullname" . }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/pdb.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/pdb.yaml new file mode 100644 index 0000000..4848ee5 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/pdb.yaml @@ -0,0 +1,15 @@ +{{- if .Values.prometheusOperator.podDisruptionBudget.enabled -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kube-prometheus-stack.operator.fullname" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-operator + release: {{ $.Release.Name | quote }} +{{- toYaml (omit .Values.prometheusOperator.podDisruptionBudget "enabled") | nindent 2 }} +{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/service.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/service.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/service.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/service.yaml diff --git a/charts/rancher-monitoring/templates/prometheus-operator/serviceaccount.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/serviceaccount.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml diff --git a/charts/rancher-monitoring/templates/prometheus-operator/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/servicemonitor.yaml similarity index 75% rename from charts/rancher-monitoring/templates/prometheus-operator/servicemonitor.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/servicemonitor.yaml index cbe79e1..d5ad94a 100644 --- a/charts/rancher-monitoring/templates/prometheus-operator/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/servicemonitor.yaml @@ -29,20 +29,10 @@ spec: {{- if .Values.prometheusOperator.serviceMonitor.interval }} interval: {{ .Values.prometheusOperator.serviceMonitor.interval }} {{- end }} +{{- if .Values.prometheusOperator.serviceMonitor.metricRelabelings }} metricRelabelings: - {{- if .Values.prometheusOperator.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.prometheusOperator.serviceMonitor.metricRelabelings | indent 6) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} +{{ tpl (toYaml .Values.prometheusOperator.serviceMonitor.metricRelabelings | indent 6) . }} +{{- end }} {{- if .Values.prometheusOperator.serviceMonitor.relabelings }} relabelings: {{ toYaml .Values.prometheusOperator.serviceMonitor.relabelings | indent 6 }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/verticalpodautoscaler.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/verticalpodautoscaler.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus-operator/verticalpodautoscaler.yaml rename to charts/kube-prometheus-stack/templates/prometheus-operator/verticalpodautoscaler.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/_rules.tpl b/charts/kube-prometheus-stack/templates/prometheus/_rules.tpl similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/_rules.tpl rename to charts/kube-prometheus-stack/templates/prometheus/_rules.tpl diff --git a/charts/rancher-monitoring/templates/prometheus/additionalAlertRelabelConfigs.yaml b/charts/kube-prometheus-stack/templates/prometheus/additionalAlertRelabelConfigs.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/additionalAlertRelabelConfigs.yaml rename to charts/kube-prometheus-stack/templates/prometheus/additionalAlertRelabelConfigs.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/additionalAlertmanagerConfigs.yaml b/charts/kube-prometheus-stack/templates/prometheus/additionalAlertmanagerConfigs.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/additionalAlertmanagerConfigs.yaml rename to charts/kube-prometheus-stack/templates/prometheus/additionalAlertmanagerConfigs.yaml diff --git a/charts/kube-prometheus-stack/templates/prometheus/additionalPrometheusRules.yaml b/charts/kube-prometheus-stack/templates/prometheus/additionalPrometheusRules.yaml new file mode 100644 index 0000000..72cbb7d --- /dev/null +++ b/charts/kube-prometheus-stack/templates/prometheus/additionalPrometheusRules.yaml @@ -0,0 +1,37 @@ +{{- if .Values.additionalPrometheusRulesMap }} +{{- range $prometheusRuleName, $prometheusRule := .Values.additionalPrometheusRulesMap }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) $prometheusRuleName | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }} + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} + {{- if $prometheusRule.additionalLabels }} + {{- toYaml $prometheusRule.additionalLabels | nindent 4 }} + {{- end }} +spec: + groups: + {{- toYaml $prometheusRule.groups | nindent 4 }} +{{- end }} +{{- else if .Values.additionalPrometheusRules }} +{{- range .Values.additionalPrometheusRules }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) .name | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }} + {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} + {{- if .additionalLabels }} + {{- toYaml .additionalLabels | nindent 4 }} + {{- end }} +spec: + groups: + {{- toYaml .groups | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/additionalScrapeConfigs.yaml b/charts/kube-prometheus-stack/templates/prometheus/additionalScrapeConfigs.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/additionalScrapeConfigs.yaml rename to charts/kube-prometheus-stack/templates/prometheus/additionalScrapeConfigs.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/ciliumnetworkpolicy.yaml b/charts/kube-prometheus-stack/templates/prometheus/ciliumnetworkpolicy.yaml similarity index 65% rename from charts/rancher-monitoring/templates/prometheus/ciliumnetworkpolicy.yaml rename to charts/kube-prometheus-stack/templates/prometheus/ciliumnetworkpolicy.yaml index 74d61d7..58f02d1 100644 --- a/charts/rancher-monitoring/templates/prometheus/ciliumnetworkpolicy.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/ciliumnetworkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.prometheus.networkPolicy.enabled (eq .Values.prometheus.networkPolicy.flavor "cilium") }} +{{- if and .Values.prometheus.networkPolicy.enabled (eq .Values.prometheus.networkPolicy.flavor "cilium") .Values.prometheus.networkPolicy.cilium }} apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: @@ -13,14 +13,13 @@ spec: {{- toYaml .Values.prometheus.networkPolicy.cilium.endpointSelector | nindent 4 }} {{- else }} matchExpressions: - - {key: app.kubernetes.io/name, operator: In, values: [prometheus]} - - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.prometheus.crname" . }}]} +{{- include "kube-prometheus-stack.prometheus.pod-anti-affinity.matchExpressions" . | indent 6 }} {{- end }} - {{- if and .Values.prometheus.networkPolicy.cilium .Values.prometheus.networkPolicy.cilium.egress }} + {{- if .Values.prometheus.networkPolicy.cilium.egress }} egress: {{ toYaml .Values.prometheus.networkPolicy.cilium.egress | nindent 4 }} {{- end }} - {{- if and .Values.prometheus.networkPolicy.cilium .Values.prometheus.networkPolicy.cilium.ingress }} + {{- if .Values.prometheus.networkPolicy.cilium.ingress }} ingress: {{ toYaml .Values.prometheus.networkPolicy.cilium.ingress | nindent 4 }} {{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/clusterrole.yaml b/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml similarity index 85% rename from charts/rancher-monitoring/templates/prometheus/clusterrole.yaml rename to charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml index cee3159..1bb1802 100644 --- a/charts/rancher-monitoring/templates/prometheus/clusterrole.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml @@ -7,8 +7,9 @@ metadata: app: {{ template "kube-prometheus-stack.name" . }}-prometheus {{ include "kube-prometheus-stack.labels" . | indent 4 }} rules: -# This permission are not in the kube-prometheus repo -# they're grabbed from https://github.com/prometheus/prometheus/blob/master/documentation/examples/rbac-setup.yml +# These permissions (to examine all namespaces) are not in the kube-prometheus repo. +# They're grabbed from https://github.com/prometheus/prometheus/blob/master/documentation/examples/rbac-setup.yml +# kube-prometheus deliberately defaults to a more restrictive setup that is not appropriate for our general audience. - apiGroups: [""] resources: - nodes diff --git a/charts/rancher-monitoring/templates/prometheus/clusterrolebinding.yaml b/charts/kube-prometheus-stack/templates/prometheus/clusterrolebinding.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/clusterrolebinding.yaml rename to charts/kube-prometheus-stack/templates/prometheus/clusterrolebinding.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/csi-secret.yaml b/charts/kube-prometheus-stack/templates/prometheus/csi-secret.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/csi-secret.yaml rename to charts/kube-prometheus-stack/templates/prometheus/csi-secret.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/extrasecret.yaml b/charts/kube-prometheus-stack/templates/prometheus/extrasecret.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/extrasecret.yaml rename to charts/kube-prometheus-stack/templates/prometheus/extrasecret.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/ingress.yaml b/charts/kube-prometheus-stack/templates/prometheus/ingress.yaml similarity index 72% rename from charts/rancher-monitoring/templates/prometheus/ingress.yaml rename to charts/kube-prometheus-stack/templates/prometheus/ingress.yaml index c00dff6..5d21e5a 100644 --- a/charts/rancher-monitoring/templates/prometheus/ingress.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/ingress.yaml @@ -4,9 +4,8 @@ {{- $servicePort := .Values.prometheus.ingress.servicePort | default .Values.prometheus.service.port -}} {{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix -}} {{- $paths := .Values.prometheus.ingress.paths | default $routePrefix -}} - {{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} - {{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} -apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }} + {{- $extraPaths := .Values.prometheus.ingress.extraPaths | default list -}} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: {{- if .Values.prometheus.ingress.annotations }} @@ -22,11 +21,9 @@ metadata: {{ toYaml .Values.prometheus.ingress.labels | indent 4 }} {{- end }} spec: - {{- if $apiIsStable }} {{- if .Values.prometheus.ingress.ingressClassName }} ingressClassName: {{ .Values.prometheus.ingress.ingressClassName }} {{- end }} - {{- end }} rules: {{- if .Values.prometheus.ingress.hosts }} {{- range $host := .Values.prometheus.ingress.hosts }} @@ -34,40 +31,32 @@ spec: http: paths: {{- range $p := $paths }} + {{- with $extraPaths }} + {{- toYaml . | nindent 10 }} + {{- end }} - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} pathType: {{ $pathType }} - {{- end }} backend: - {{- if $apiIsStable }} service: name: {{ $serviceName }} port: number: {{ $servicePort }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} {{- end -}} {{- end -}} {{- else }} - http: paths: {{- range $p := $paths }} + {{- with $extraPaths }} + {{- toYaml . | nindent 10 }} + {{- end }} - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} pathType: {{ $pathType }} - {{- end }} backend: - {{- if $apiIsStable }} service: name: {{ $serviceName }} port: number: {{ $servicePort }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} {{- end -}} {{- end -}} {{- if .Values.prometheus.ingress.tls }} diff --git a/charts/rancher-monitoring/templates/prometheus/ingressThanosSidecar.yaml b/charts/kube-prometheus-stack/templates/prometheus/ingressThanosSidecar.yaml similarity index 72% rename from charts/rancher-monitoring/templates/prometheus/ingressThanosSidecar.yaml rename to charts/kube-prometheus-stack/templates/prometheus/ingressThanosSidecar.yaml index 3f507cf..c3a7e99 100644 --- a/charts/rancher-monitoring/templates/prometheus/ingressThanosSidecar.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/ingressThanosSidecar.yaml @@ -4,9 +4,7 @@ {{- $thanosPort := .Values.prometheus.thanosIngress.servicePort -}} {{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix }} {{- $paths := .Values.prometheus.thanosIngress.paths | default $routePrefix -}} -{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} -{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} -apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: {{- if .Values.prometheus.thanosIngress.annotations }} @@ -22,11 +20,9 @@ metadata: {{ toYaml .Values.prometheus.thanosIngress.labels | indent 4 }} {{- end }} spec: - {{- if $apiIsStable }} {{- if .Values.prometheus.thanosIngress.ingressClassName }} ingressClassName: {{ .Values.prometheus.thanosIngress.ingressClassName }} {{- end }} - {{- end }} rules: {{- if .Values.prometheus.thanosIngress.hosts }} {{- range $host := .Values.prometheus.thanosIngress.hosts }} @@ -35,19 +31,12 @@ spec: paths: {{- range $p := $paths }} - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} pathType: {{ $pathType }} - {{- end }} backend: - {{- if $apiIsStable }} service: name: {{ $serviceName }} port: number: {{ $thanosPort }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $thanosPort }} - {{- end }} {{- end -}} {{- end -}} {{- else }} @@ -55,19 +44,12 @@ spec: paths: {{- range $p := $paths }} - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} pathType: {{ $pathType }} - {{- end }} backend: - {{- if $apiIsStable }} service: name: {{ $serviceName }} port: number: {{ $thanosPort }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $thanosPort }} - {{- end }} {{- end -}} {{- end -}} {{- if .Values.prometheus.thanosIngress.tls }} diff --git a/charts/rancher-monitoring/templates/prometheus/ingressperreplica.yaml b/charts/kube-prometheus-stack/templates/prometheus/ingressperreplica.yaml similarity index 78% rename from charts/rancher-monitoring/templates/prometheus/ingressperreplica.yaml rename to charts/kube-prometheus-stack/templates/prometheus/ingressperreplica.yaml index 1d76d13..dc59b45 100644 --- a/charts/rancher-monitoring/templates/prometheus/ingressperreplica.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/ingressperreplica.yaml @@ -3,8 +3,6 @@ {{- $count := .Values.prometheus.prometheusSpec.replicas | int -}} {{- $servicePort := .Values.prometheus.servicePerReplica.port -}} {{- $ingressValues := .Values.prometheus.ingressPerReplica -}} -{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} -{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} apiVersion: v1 kind: List metadata: @@ -13,7 +11,7 @@ metadata: items: {{ range $i, $e := until $count }} - kind: Ingress - apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" $ }} + apiVersion: networking.k8s.io/v1 metadata: name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} namespace: {{ template "kube-prometheus-stack.namespace" $ }} @@ -28,30 +26,21 @@ items: {{- tpl (toYaml $ingressValues.annotations) $ | nindent 8 }} {{- end }} spec: - {{- if $apiIsStable }} {{- if $ingressValues.ingressClassName }} ingressClassName: {{ $ingressValues.ingressClassName }} {{- end }} - {{- end }} rules: - host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} http: paths: {{- range $p := $ingressValues.paths }} - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} pathType: {{ $pathType }} - {{- end }} backend: - {{- if $apiIsStable }} service: name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} port: number: {{ $servicePort }} - {{- else }} - serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} - servicePort: {{ $servicePort }} - {{- end }} {{- end -}} {{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }} tls: diff --git a/charts/rancher-monitoring/templates/prometheus/networkpolicy.yaml b/charts/kube-prometheus-stack/templates/prometheus/networkpolicy.yaml similarity index 88% rename from charts/rancher-monitoring/templates/prometheus/networkpolicy.yaml rename to charts/kube-prometheus-stack/templates/prometheus/networkpolicy.yaml index 1296a79..f6c0248 100644 --- a/charts/rancher-monitoring/templates/prometheus/networkpolicy.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/networkpolicy.yaml @@ -1,12 +1,12 @@ {{- if and .Values.prometheus.networkPolicy.enabled (eq .Values.prometheus.networkPolicy.flavor "kubernetes") }} -apiVersion: {{ template "kube-prometheus-stack.prometheus.networkPolicy.apiVersion" . }} +apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: app: {{ template "kube-prometheus-stack.name" . }}-prometheus {{- include "kube-prometheus-stack.labels" . | nindent 4 }} name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus - namespace: {{ template "kube-prometheus-stack.namespace" . }} + namespace: {{ .Values.prometheus.networkPolicy.namespace | default (include "kube-prometheus-stack.namespace" .) }} spec: {{- if .Values.prometheus.networkPolicy.egress }} egress: diff --git a/charts/rancher-monitoring/templates/prometheus/podDisruptionBudget.yaml b/charts/kube-prometheus-stack/templates/prometheus/podDisruptionBudget.yaml similarity index 64% rename from charts/rancher-monitoring/templates/prometheus/podDisruptionBudget.yaml rename to charts/kube-prometheus-stack/templates/prometheus/podDisruptionBudget.yaml index 48f3f1f..45e02e0 100644 --- a/charts/rancher-monitoring/templates/prometheus/podDisruptionBudget.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/podDisruptionBudget.yaml @@ -1,5 +1,5 @@ {{- if and .Values.prometheus.enabled .Values.prometheus.podDisruptionBudget.enabled }} -apiVersion: {{ include "kube-prometheus-stack.pdb.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus @@ -8,12 +8,7 @@ metadata: app: {{ template "kube-prometheus-stack.name" . }}-prometheus {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: - {{- if .Values.prometheus.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.prometheus.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.prometheus.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.prometheus.podDisruptionBudget.maxUnavailable }} - {{- end }} +{{- toYaml (omit .Values.prometheus.podDisruptionBudget "enabled") | nindent 2 }} selector: matchLabels: {{- if .Values.prometheus.agentMode }} diff --git a/charts/rancher-monitoring/templates/prometheus/podmonitors.yaml b/charts/kube-prometheus-stack/templates/prometheus/podmonitors.yaml similarity index 92% rename from charts/rancher-monitoring/templates/prometheus/podmonitors.yaml rename to charts/kube-prometheus-stack/templates/prometheus/podmonitors.yaml index b9609d8..f98a63a 100644 --- a/charts/rancher-monitoring/templates/prometheus/podmonitors.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/podmonitors.yaml @@ -37,5 +37,9 @@ items: {{- if .fallbackScrapeProtocol }} fallbackScrapeProtocol: {{ .fallbackScrapeProtocol }} {{- end }} + {{- with .attachMetadata }} + attachMetadata: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/prometheus.yaml b/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml similarity index 87% rename from charts/rancher-monitoring/templates/prometheus/prometheus.yaml rename to charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml index 68b1cbb..9318d80 100644 --- a/charts/rancher-monitoring/templates/prometheus/prometheus.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml @@ -11,16 +11,19 @@ metadata: namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-prometheus -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.prometheus.annotations }} + {{- include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- with .Values.prometheus.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.prometheus.annotations }} annotations: -{{ toYaml .Values.prometheus.annotations | indent 4 }} -{{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if not (kindIs "invalid" .Values.prometheus.prometheusSpec.automountServiceAccountToken) }} automountServiceAccountToken: {{ .Values.prometheus.prometheusSpec.automountServiceAccountToken }} {{- end }} -{{- if and (not .Values.prometheus.agentMode) (or .Values.prometheus.prometheusSpec.alertingEndpoints .Values.alertmanager.enabled) }} +{{- if and (not .Values.prometheus.agentMode) (not .Values.prometheus.prometheusSpec.disableAlerting) (or .Values.prometheus.prometheusSpec.alertingEndpoints .Values.alertmanager.enabled) }} alerting: alertmanagers: {{- if .Values.prometheus.prometheusSpec.alertingEndpoints }} @@ -47,7 +50,7 @@ spec: {{ toYaml .Values.prometheus.prometheusSpec.apiserverConfig | indent 4}} {{- end }} {{- if .Values.prometheus.prometheusSpec.image }} - {{- $registry := include "monitoring_registry" . | default .Values.prometheus.prometheusSpec.image.registry -}} + {{- $registry := .Values.global.imageRegistry | default .Values.prometheus.prometheusSpec.image.registry -}} {{- if and .Values.prometheus.prometheusSpec.image.tag .Values.prometheus.prometheusSpec.image.sha }} image: "{{ $registry }}/{{ .Values.prometheus.prometheusSpec.image.repository }}:{{ .Values.prometheus.prometheusSpec.image.tag }}@sha256:{{ .Values.prometheus.prometheusSpec.image.sha }}" {{- else if .Values.prometheus.prometheusSpec.image.sha }} @@ -57,6 +60,7 @@ spec: {{- else }} image: "{{ $registry }}/{{ .Values.prometheus.prometheusSpec.image.repository }}" {{- end }} + imagePullPolicy: "{{ .Values.prometheus.prometheusSpec.image.pullPolicy }}" version: {{ default .Values.prometheus.prometheusSpec.image.tag .Values.prometheus.prometheusSpec.version }} {{- end }} {{- if .Values.prometheus.prometheusSpec.additionalArgs }} @@ -84,21 +88,20 @@ spec: externalUrl: "{{ tpl .Values.prometheus.prometheusSpec.externalUrl . }}" {{- else if and .Values.prometheus.ingress.enabled .Values.prometheus.ingress.hosts }} externalUrl: "http://{{ tpl (index .Values.prometheus.ingress.hosts 0) . }}{{ .Values.prometheus.prometheusSpec.routePrefix }}" -{{- else if not (or (kindIs "invalid" .Values.global.cattle.url) (kindIs "invalid" .Values.global.cattle.clusterId)) }} - externalUrl: "{{ .Values.global.cattle.url }}/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ template "kube-prometheus-stack.namespace" . }}/services/http:{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}/proxy" {{- else }} externalUrl: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.prometheus.service.port }} {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 4 }} {{- if .Values.prometheus.prometheusSpec.nodeSelector }} + nodeSelector: {{ toYaml .Values.prometheus.prometheusSpec.nodeSelector | indent 4 }} {{- end }} paused: {{ .Values.prometheus.prometheusSpec.paused }} replicas: {{ .Values.prometheus.prometheusSpec.replicas }} shards: {{ .Values.prometheus.prometheusSpec.shards }} - logLevel: {{ .Values.prometheus.prometheusSpec.logLevel }} + logLevel: {{ .Values.prometheus.prometheusSpec.logLevel | quote }} logFormat: {{ .Values.prometheus.prometheusSpec.logFormat }} listenLocal: {{ .Values.prometheus.prometheusSpec.listenLocal }} + enableOTLPReceiver: {{ .Values.prometheus.prometheusSpec.enableOTLPReceiver }} {{- if not .Values.prometheus.agentMode }} enableAdminAPI: {{ .Values.prometheus.prometheusSpec.enableAdminAPI }} {{- end }} @@ -116,19 +119,40 @@ spec: - {{ tpl $enableFeatures $ }} {{- end }} {{- end }} +{{- if .Values.prometheus.prometheusSpec.otlp }} + otlp: +{{ toYaml .Values.prometheus.prometheusSpec.otlp | indent 4 }} +{{- end }} {{- with .Values.prometheus.prometheusSpec.scrapeClasses }} scrapeClasses: {{- tpl (toYaml . | nindent 4) $ }} {{- end }} +{{- with .Values.prometheus.prometheusSpec.podTargetLabels }} + podTargetLabels: + {{- tpl (toYaml . | nindent 4) $ }} +{{- end }} {{- if .Values.prometheus.prometheusSpec.scrapeFailureLogFile }} scrapeFailureLogFile: {{ .Values.prometheus.prometheusSpec.scrapeFailureLogFile }} {{- end }} {{- if .Values.prometheus.prometheusSpec.scrapeInterval }} scrapeInterval: {{ .Values.prometheus.prometheusSpec.scrapeInterval }} {{- end }} +{{- with .Values.prometheus.prometheusSpec.scrapeProtocols }} + scrapeProtocols: + {{- toYaml . | nindent 4 }} +{{- end }} {{- if .Values.prometheus.prometheusSpec.scrapeTimeout }} scrapeTimeout: {{ .Values.prometheus.prometheusSpec.scrapeTimeout }} {{- end }} +{{- if .Values.prometheus.prometheusSpec.convertClassicHistogramsToNHCB }} + convertClassicHistogramsToNHCB: {{ .Values.prometheus.prometheusSpec.convertClassicHistogramsToNHCB }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.scrapeClassicHistograms }} + scrapeClassicHistograms: {{ .Values.prometheus.prometheusSpec.scrapeClassicHistograms }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.scrapeNativeHistograms }} + scrapeNativeHistograms: {{ .Values.prometheus.prometheusSpec.scrapeNativeHistograms }} +{{- end }} {{- if and (not .Values.prometheus.agentMode) .Values.prometheus.prometheusSpec.evaluationInterval }} evaluationInterval: {{ .Values.prometheus.prometheusSpec.evaluationInterval }} {{- end }} @@ -163,6 +187,9 @@ spec: {{- if .Values.prometheus.prometheusSpec.configMaps }} configMaps: {{ tpl (toYaml .Values.prometheus.prometheusSpec.configMaps) . | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.serviceName }} + serviceName: {{ tpl .Values.prometheus.prometheusSpec.serviceName .}} {{- end }} serviceAccountName: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} {{- if .Values.prometheus.prometheusSpec.serviceMonitorSelector }} @@ -235,6 +262,13 @@ spec: securityContext: {{ toYaml .Values.prometheus.prometheusSpec.securityContext | indent 4 }} {{- end }} +{{- if .Values.prometheus.prometheusSpec.dnsConfig }} + dnsConfig: +{{ toYaml .Values.prometheus.prometheusSpec.dnsConfig | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.dnsPolicy }} + dnsPolicy: {{ .Values.prometheus.prometheusSpec.dnsPolicy }} +{{- end }} {{- if not .Values.prometheus.agentMode }} {{- if .Values.prometheus.prometheusSpec.ruleNamespaceSelector }} ruleNamespaceSelector: @@ -249,7 +283,7 @@ spec: ruleSelector: matchLabels: release: {{ $.Release.Name | quote }} -{{ else }} +{{ else if not (kindIs "invalid" .Values.prometheus.prometheusSpec.ruleSelector) }} ruleSelector: {} {{- end }} {{- end }} @@ -296,8 +330,7 @@ spec: - topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }} labelSelector: matchExpressions: - - {key: app.kubernetes.io/name, operator: In, values: [prometheus]} - - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.prometheus.crname" . }}]} +{{- include "kube-prometheus-stack.prometheus.pod-anti-affinity.matchExpressions" . | indent 12 }} {{- else if eq .Values.prometheus.prometheusSpec.podAntiAffinity "soft" }} podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -306,12 +339,11 @@ spec: topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }} labelSelector: matchExpressions: - - {key: app.kubernetes.io/name, operator: In, values: [prometheus]} - - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.prometheus.crname" . }}]} +{{- include "kube-prometheus-stack.prometheus.pod-anti-affinity.matchExpressions" . | indent 12 }} {{- end }} {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 4 }} {{- if .Values.prometheus.prometheusSpec.tolerations }} + tolerations: {{ toYaml .Values.prometheus.prometheusSpec.tolerations | indent 4 }} {{- end }} {{- if .Values.prometheus.prometheusSpec.topologySpreadConstraints }} @@ -360,7 +392,7 @@ spec: {{- end }} {{- if .Values.prometheus.prometheusSpec.containers }} containers: -{{ tpl .Values.prometheus.prometheusSpec.containers $ | indent 4 }} +{{ toYaml .Values.prometheus.prometheusSpec.containers | indent 4 }} {{- end }} {{- if .Values.prometheus.prometheusSpec.initContainers }} initContainers: @@ -432,7 +464,11 @@ spec: name: "{{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) . | trunc 63 | trimSuffix "-" }}" {{- end }} {{- if .Values.prometheus.prometheusSpec.excludedFromEnforcement }} + {{- if kindIs "string" .Values.prometheus.prometheusSpec.excludedFromEnforcement }} +{{ tpl .Values.prometheus.prometheusSpec.excludedFromEnforcement . | indent 4 }} + {{- else }} {{ tpl (toYaml .Values.prometheus.prometheusSpec.excludedFromEnforcement | indent 4) . }} + {{- end }} {{- end }} {{- end }} {{- if and (not .Values.prometheus.agentMode) .Values.prometheus.prometheusSpec.queryLogFile }} @@ -468,10 +504,23 @@ spec: {{- if .Values.prometheus.prometheusSpec.minReadySeconds }} minReadySeconds: {{ .Values.prometheus.prometheusSpec.minReadySeconds }} {{- end }} +{{- if .Values.prometheus.prometheusSpec.podManagementPolicy }} + podManagementPolicy: {{ .Values.prometheus.prometheusSpec.podManagementPolicy }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.updateStrategy }} + updateStrategy: +{{ toYaml .Values.prometheus.prometheusSpec.updateStrategy | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.prometheus.prometheusSpec.terminationGracePeriodSeconds }} +{{- end }} {{- if .Values.prometheus.prometheusSpec.maximumStartupDurationSeconds }} maximumStartupDurationSeconds: {{ .Values.prometheus.prometheusSpec.maximumStartupDurationSeconds }} {{- end }} hostNetwork: {{ .Values.prometheus.prometheusSpec.hostNetwork }} +{{- if kindIs "bool" .Values.prometheus.prometheusSpec.hostUsers }} + hostUsers: {{ .Values.prometheus.prometheusSpec.hostUsers }} +{{- end }} {{- if .Values.prometheus.prometheusSpec.hostAliases }} hostAliases: {{ toYaml .Values.prometheus.prometheusSpec.hostAliases | indent 4 }} diff --git a/charts/rancher-monitoring/templates/prometheus/route.yaml b/charts/kube-prometheus-stack/templates/prometheus/route.yaml similarity index 94% rename from charts/rancher-monitoring/templates/prometheus/route.yaml rename to charts/kube-prometheus-stack/templates/prometheus/route.yaml index 6a22d3d..49a1fee 100644 --- a/charts/rancher-monitoring/templates/prometheus/route.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/route.yaml @@ -40,7 +40,10 @@ spec: statusCode: 301 {{- else }} - backendRefs: - - name: {{ $serviceName }} + - group: "" + kind: Service + weight: 1 + name: {{ $serviceName }} port: {{ $servicePort }} {{- with $route.filters }} filters: diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/alertmanager.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/alertmanager.rules.yaml similarity index 92% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/alertmanager.rules.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/alertmanager.rules.yaml index 2d432c8..4636fa6 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/alertmanager.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/alertmanager.rules.yaml @@ -7,7 +7,6 @@ https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-promet {{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.alertmanager }} {{- $alertmanagerJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }} {{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} -{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.selfMonitor }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -42,7 +41,7 @@ spec: expr: |- # Without max_over_time, failed scrapes could create false negatives, see # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - max_over_time(alertmanager_config_last_reload_successful{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m]) == 0 + max_over_time(alertmanager_config_last_reload_successful{job="{{ $alertmanagerJob }}",container="alertmanager",namespace="{{ $namespace }}"}[5m]) == 0 for: {{ dig "AlertmanagerFailedReload" "for" "10m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -73,9 +72,9 @@ spec: expr: |- # Without max_over_time, failed scrapes could create false negatives, see # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - max_over_time(alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m]) + max_over_time(alertmanager_cluster_members{job="{{ $alertmanagerJob }}",container="alertmanager",namespace="{{ $namespace }}"}[5m]) < on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace,service,cluster) group_left - count by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace,service,cluster) (max_over_time(alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m])) + count by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace,service,cluster) (max_over_time(alertmanager_cluster_members{job="{{ $alertmanagerJob }}",container="alertmanager",namespace="{{ $namespace }}"}[5m])) for: {{ dig "AlertmanagerMembersInconsistent" "for" "15m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -105,9 +104,9 @@ spec: summary: An Alertmanager instance failed to send notifications. expr: |- ( - rate(alertmanager_notifications_failed_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m]) + rate(alertmanager_notifications_failed_total{job="{{ $alertmanagerJob }}",container="alertmanager",namespace="{{ $namespace }}"}[15m]) / - ignoring (reason) group_left rate(alertmanager_notifications_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m]) + ignoring (reason) group_left rate(alertmanager_notifications_total{job="{{ $alertmanagerJob }}",container="alertmanager",namespace="{{ $namespace }}"}[15m]) ) > 0.01 for: {{ dig "AlertmanagerFailedToSendAlerts" "for" "5m" .Values.customRules }} @@ -139,9 +138,9 @@ spec: summary: All Alertmanager instances in a cluster failed to send notifications to a critical integration. expr: |- min by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace,service, integration) ( - rate(alertmanager_notifications_failed_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}", integration=~`.*`}[5m]) + rate(alertmanager_notifications_failed_total{job="{{ $alertmanagerJob }}",container="alertmanager",namespace="{{ $namespace }}", integration=~`.*`}[15m]) / - ignoring (reason) group_left rate(alertmanager_notifications_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}", integration=~`.*`}[5m]) + ignoring (reason) group_left rate(alertmanager_notifications_total{job="{{ $alertmanagerJob }}",container="alertmanager",namespace="{{ $namespace }}", integration=~`.*`}[15m]) > 0 ) > 0.01 for: {{ dig "AlertmanagerClusterFailedToSendAlerts" "for" "5m" .Values.customRules }} @@ -173,9 +172,9 @@ spec: summary: All Alertmanager instances in a cluster failed to send notifications to a non-critical integration. expr: |- min by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace,service, integration) ( - rate(alertmanager_notifications_failed_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}", integration!~`.*`}[5m]) + rate(alertmanager_notifications_failed_total{job="{{ $alertmanagerJob }}",container="alertmanager",namespace="{{ $namespace }}", integration!~`.*`}[15m]) / - ignoring (reason) group_left rate(alertmanager_notifications_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}", integration!~`.*`}[5m]) + ignoring (reason) group_left rate(alertmanager_notifications_total{job="{{ $alertmanagerJob }}",container="alertmanager",namespace="{{ $namespace }}", integration!~`.*`}[15m]) > 0 ) > 0.01 for: {{ dig "AlertmanagerClusterFailedToSendAlerts" "for" "5m" .Values.customRules }} @@ -207,7 +206,7 @@ spec: summary: Alertmanager instances within the same cluster have different configurations. expr: |- count by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace,service,cluster) ( - count_values by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace,service,cluster) ("config_hash", alertmanager_config_hash{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}) + count_values by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace,service,cluster) ("config_hash", alertmanager_config_hash{job="{{ $alertmanagerJob }}",container="alertmanager",namespace="{{ $namespace }}"}) ) != 1 for: {{ dig "AlertmanagerConfigInconsistent" "for" "20m" .Values.customRules }} @@ -240,11 +239,11 @@ spec: expr: |- ( count by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace,service,cluster) ( - avg_over_time(up{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m]) < 0.5 + avg_over_time(up{job="{{ $alertmanagerJob }}",container="alertmanager",namespace="{{ $namespace }}"}[5m]) < 0.5 ) / count by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace,service,cluster) ( - up{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} + up{job="{{ $alertmanagerJob }}",container="alertmanager",namespace="{{ $namespace }}"} ) ) >= 0.5 @@ -278,11 +277,11 @@ spec: expr: |- ( count by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace,service,cluster) ( - changes(process_start_time_seconds{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[10m]) > 4 + changes(process_start_time_seconds{job="{{ $alertmanagerJob }}",container="alertmanager",namespace="{{ $namespace }}"}[10m]) > 4 ) / count by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace,service,cluster) ( - up{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} + up{job="{{ $alertmanagerJob }}",container="alertmanager",namespace="{{ $namespace }}"} ) ) >= 0.5 @@ -301,5 +300,4 @@ spec: {{- end }} {{- end }} {{- end }} -{{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/config-reloaders.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/config-reloaders.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/config-reloaders.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/config-reloaders.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/etcd.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/etcd.yaml similarity index 99% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/etcd.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/etcd.yaml index 79ae93f..852b5e2 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/etcd.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/etcd.yaml @@ -4,8 +4,7 @@ Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.etcd }} -{{- if (include "exporter.kubeEtcd.enabled" .)}} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeEtcd.enabled .Values.defaultRules.rules.etcd }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -457,5 +456,4 @@ spec: {{- end }} {{- end }} {{- end }} -{{- end }} {{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/general.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/general.rules.yaml similarity index 88% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/general.rules.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/general.rules.yaml index 6324228..e6d6870 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/general.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/general.rules.yaml @@ -36,7 +36,7 @@ spec: description: '{{`{{`}} printf "%.4g" $value {{`}}`}}% of the {{`{{`}} $labels.job {{`}}`}}/{{`{{`}} $labels.service {{`}}`}} targets in {{`{{`}} $labels.namespace {{`}}`}} namespace are down.' runbook_url: {{ .Values.defaultRules.runbookUrl }}/general/targetdown summary: One or more targets are unreachable. - expr: 100 * (count(up == 0) BY (cluster, job, namespace, service) / count(up) BY (cluster, job, namespace, service)) > 10 + expr: 100 * (count(up == 0) BY ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, job, namespace, service) / count(up) BY ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, job, namespace, service)) > 10 for: {{ dig "TargetDown" "for" "10m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -110,7 +110,7 @@ spec: ' runbook_url: {{ .Values.defaultRules.runbookUrl }}/general/infoinhibitor summary: Info-level alert inhibition. - expr: ALERTS{severity = "info"} == 1 unless on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace) ALERTS{alertname != "InfoInhibitor", severity =~ "warning|critical", alertstate="firing"} == 1 + expr: group by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace) (ALERTS{severity = "info"} == 1) unless on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace) group by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace) (ALERTS{alertname != "InfoInhibitor", alertstate = "firing", severity =~ "warning|critical"} == 1) labels: severity: {{ dig "InfoInhibitor" "severity" "none" .Values.customRules }} {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.general }} diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_cpu_limits.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_cpu_limits.yaml similarity index 97% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_cpu_limits.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_cpu_limits.yaml index 9db33ba..228ecde 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_cpu_limits.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_cpu_limits.yaml @@ -28,8 +28,8 @@ spec: - expr: |- kube_pod_container_resource_limits{resource="cpu",job="{{ $kubeStateMetricsJob }}"} * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace, pod, cluster) group_left() max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace, pod, cluster) ( - (kube_pod_status_phase{phase=~"Pending|Running"} == 1) - ) + (kube_pod_status_phase{phase=~"Pending|Running"} == 1) + ) record: cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.k8sContainerCpuLimits }} labels: diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_cpu_requests.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_cpu_requests.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_cpu_requests.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_cpu_requests.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_cpu_usage_seconds_total.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_cpu_usage_seconds_total.yaml similarity index 63% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_cpu_usage_seconds_total.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_cpu_usage_seconds_total.yaml index 19aa6b4..209315e 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_cpu_usage_seconds_total.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_cpu_usage_seconds_total.yaml @@ -5,6 +5,7 @@ https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-promet */ -}} {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} {{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.k8sContainerCpuUsageSecondsTotal }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -26,7 +27,23 @@ spec: rules: - expr: |- sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod, container) ( - irate(container_cpu_usage_seconds_total{job="kubelet", metrics_path="/metrics/cadvisor", image!=""}[5m]) + rate(container_cpu_usage_seconds_total{job="{{ $kubeletJob }}", metrics_path="/metrics/cadvisor", image!=""}[5m]) + ) * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod) group_left(node) topk by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod) ( + 1, max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod, node) (kube_pod_info{node!=""}) + ) + record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate5m + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.k8sContainerCpuUsageSecondsTotal }} + labels: + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.k8sContainerCpuUsageSecondsTotal }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + - expr: |- + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod, container) ( + irate(container_cpu_usage_seconds_total{job="{{ $kubeletJob }}", metrics_path="/metrics/cadvisor", image!=""}[5m]) ) * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod) group_left(node) topk by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod) ( 1, max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod, node) (kube_pod_info{node!=""}) ) diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_memory_cache.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_cache.yaml similarity index 92% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_memory_cache.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_cache.yaml index 2a08f43..0924b0c 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_memory_cache.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_cache.yaml @@ -5,6 +5,7 @@ https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-promet */ -}} {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} {{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.k8sContainerMemoryCache }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -25,7 +26,7 @@ spec: - name: k8s.rules.container_memory_cache rules: - expr: |- - container_memory_cache{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} + container_memory_cache{job="{{ $kubeletJob }}", metrics_path="/metrics/cadvisor", image!=""} * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod) group_left(node) topk by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod) (1, max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod, node) (kube_pod_info{node!=""}) ) diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_memory_limits.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_limits.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_memory_limits.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_limits.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_memory_requests.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_requests.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_memory_requests.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_requests.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_memory_rss.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_rss.yaml similarity index 92% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_memory_rss.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_rss.yaml index 85b23fa..099218f 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_memory_rss.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_rss.yaml @@ -5,6 +5,7 @@ https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-promet */ -}} {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} {{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.k8sContainerMemoryRss }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -25,7 +26,7 @@ spec: - name: k8s.rules.container_memory_rss rules: - expr: |- - container_memory_rss{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} + container_memory_rss{job="{{ $kubeletJob }}", metrics_path="/metrics/cadvisor", image!=""} * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod) group_left(node) topk by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod) (1, max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod, node) (kube_pod_info{node!=""}) ) diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_memory_swap.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_swap.yaml similarity index 92% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_memory_swap.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_swap.yaml index aae2680..99a719f 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_memory_swap.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_swap.yaml @@ -5,6 +5,7 @@ https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-promet */ -}} {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} {{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.k8sContainerMemorySwap }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -25,7 +26,7 @@ spec: - name: k8s.rules.container_memory_swap rules: - expr: |- - container_memory_swap{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} + container_memory_swap{job="{{ $kubeletJob }}", metrics_path="/metrics/cadvisor", image!=""} * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod) group_left(node) topk by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod) (1, max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod, node) (kube_pod_info{node!=""}) ) diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_memory_working_set_bytes.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_working_set_bytes.yaml similarity index 92% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_memory_working_set_bytes.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_working_set_bytes.yaml index cc7fbbd..9010d20 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_memory_working_set_bytes.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_memory_working_set_bytes.yaml @@ -5,6 +5,7 @@ https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-promet */ -}} {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} {{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.k8sContainerMemoryWorkingSetBytes }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -25,7 +26,7 @@ spec: - name: k8s.rules.container_memory_working_set_bytes rules: - expr: |- - container_memory_working_set_bytes{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} + container_memory_working_set_bytes{job="{{ $kubeletJob }}", metrics_path="/metrics/cadvisor", image!=""} * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod) group_left(node) topk by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod) (1, max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod, node) (kube_pod_info{node!=""}) ) diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_resource.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_resource.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.container_resource.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.container_resource.yaml diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.pod_owner.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.pod_owner.yaml new file mode 100644 index 0000000..568b67f --- /dev/null +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.pod_owner.yaml @@ -0,0 +1,220 @@ +{{- /* +Generated from 'k8s.rules.pod-owner' group from https://github.com/prometheus-operator/kube-prometheus.git +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.k8sPodOwner }} +{{- $kubeStateMetricsJob := include "kube-prometheus-stack-kube-state-metrics.name" . }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "k8s.rules.pod-owner" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: k8s.rules.pod_owner + rules: + - expr: |- + max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, workload, pod) ( + label_replace( + label_replace( + kube_pod_owner{job="{{ $kubeStateMetricsJob }}", owner_kind="ReplicaSet"}, + "replicaset", "$1", "owner_name", "(.*)" + ) * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, replicaset, namespace) group_left(owner_name) topk by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, replicaset, namespace) ( + 1, max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, replicaset, namespace, owner_name) ( + kube_replicaset_owner{job="{{ $kubeStateMetricsJob }}", owner_kind=""} + ) + ), + "workload", "$1", "replicaset", "(.*)" + ) + ) + labels: + workload_type: replicaset + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + record: namespace_workload_pod:kube_pod_owner:relabel + - expr: |- + max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, workload, pod) ( + label_replace( + label_replace( + kube_pod_owner{job="{{ $kubeStateMetricsJob }}", owner_kind="ReplicaSet"}, + "replicaset", "$1", "owner_name", "(.*)" + ) * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}replicaset, namespace, cluster) group_left(owner_name) topk by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, replicaset, namespace) ( + 1, max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, replicaset, namespace, owner_name) ( + kube_replicaset_owner{job="{{ $kubeStateMetricsJob }}", owner_kind="Deployment"} + ) + ), + "workload", "$1", "owner_name", "(.*)" + ) + ) + labels: + workload_type: deployment + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + record: namespace_workload_pod:kube_pod_owner:relabel + - expr: |- + max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, workload, pod) ( + label_replace( + kube_pod_owner{job="{{ $kubeStateMetricsJob }}", owner_kind="DaemonSet"}, + "workload", "$1", "owner_name", "(.*)" + ) + ) + labels: + workload_type: daemonset + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + record: namespace_workload_pod:kube_pod_owner:relabel + - expr: |- + max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, workload, pod) ( + label_replace( + kube_pod_owner{job="{{ $kubeStateMetricsJob }}", owner_kind="StatefulSet"}, + "workload", "$1", "owner_name", "(.*)") + ) + labels: + workload_type: statefulset + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + record: namespace_workload_pod:kube_pod_owner:relabel + - expr: |- + group by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, workload, pod) ( + label_join( + group by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, job_name, pod, owner_name) ( + label_join( + kube_pod_owner{job="{{ $kubeStateMetricsJob }}", owner_kind="Job"} + , "job_name", "", "owner_name") + ) + * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, job_name) group_left() + group by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, job_name) ( + kube_job_owner{job="{{ $kubeStateMetricsJob }}", owner_kind=~"Pod|"} + ) + , "workload", "", "owner_name") + ) + labels: + workload_type: job + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + record: namespace_workload_pod:kube_pod_owner:relabel + - expr: |- + max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, workload, pod) ( + label_replace( + kube_pod_owner{job="{{ $kubeStateMetricsJob }}", owner_kind="", owner_name=""}, + "workload", "$1", "pod", "(.+)") + ) + labels: + workload_type: barepod + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + record: namespace_workload_pod:kube_pod_owner:relabel + - expr: |- + max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, workload, pod) ( + label_replace( + kube_pod_owner{job="{{ $kubeStateMetricsJob }}", owner_kind="Node"}, + "workload", "$1", "pod", "(.+)") + ) + labels: + workload_type: staticpod + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + record: namespace_workload_pod:kube_pod_owner:relabel + - expr: |- + group by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, workload, workload_type, pod) ( + label_join( + label_join( + group by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, job_name, pod) ( + label_join( + kube_pod_owner{job="{{ $kubeStateMetricsJob }}", owner_kind="Job"} + , "job_name", "", "owner_name") + ) + * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, job_name) group_left(owner_kind, owner_name) + group by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, job_name, owner_kind, owner_name) ( + kube_job_owner{job="{{ $kubeStateMetricsJob }}", owner_kind!="Pod", owner_kind!=""} + ) + , "workload", "", "owner_name") + , "workload_type", "", "owner_kind") + + OR + + label_replace( + label_replace( + label_replace( + kube_pod_owner{job="{{ $kubeStateMetricsJob }}", owner_kind="ReplicaSet"} + , "replicaset", "$1", "owner_name", "(.+)" + ) + * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, replicaset) group_left(owner_kind, owner_name) + group by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, replicaset, owner_kind, owner_name) ( + kube_replicaset_owner{job="{{ $kubeStateMetricsJob }}", owner_kind!="Deployment", owner_kind!=""} + ) + , "workload", "$1", "owner_name", "(.+)") + OR + label_replace( + group by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod, owner_name, owner_kind) ( + kube_pod_owner{job="{{ $kubeStateMetricsJob }}", owner_kind!="ReplicaSet", owner_kind!="DaemonSet", owner_kind!="StatefulSet", owner_kind!="Job", owner_kind!="Node", owner_kind!=""} + ) + , "workload", "$1", "owner_name", "(.+)" + ) + , "workload_type", "$1", "owner_kind", "(.+)") + ) + record: namespace_workload_pod:kube_pod_owner:relabel + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} + labels: + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml similarity index 95% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml index a7b1896..8af24e3 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml @@ -110,22 +110,18 @@ spec: # write too slow sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope:apiserver_request_sli_duration_seconds_count:increase30d{verb=~"POST|PUT|PATCH|DELETE"}) - - sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope_le:apiserver_request_sli_duration_seconds_bucket:increase30d{verb=~"POST|PUT|PATCH|DELETE",le=~"1(\\.0)?"}) + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope_le:apiserver_request_sli_duration_seconds_bucket:increase30d{verb=~"POST|PUT|PATCH|DELETE",le=~"1(\\.0)?"} or vector(0)) ) + ( # read too slow sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope:apiserver_request_sli_duration_seconds_count:increase30d{verb=~"LIST|GET"}) - ( - ( - sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope_le:apiserver_request_sli_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope=~"resource|",le=~"1(\\.0)?"}) - or - vector(0) - ) + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope_le:apiserver_request_sli_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope=~"resource|",le=~"1(\\.0)?"} or vector(0)) + - sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope_le:apiserver_request_sli_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="namespace",le=~"5(\\.0)?"}) + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope_le:apiserver_request_sli_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="namespace",le=~"5(\\.0)?"} or vector(0)) + - sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope_le:apiserver_request_sli_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="cluster",le=~"30(\\.0)?"}) + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope_le:apiserver_request_sli_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="cluster",le=~"30(\\.0)?"} or vector(0)) ) ) + # errors @@ -150,15 +146,11 @@ spec: - ( # too slow - ( - sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope_le:apiserver_request_sli_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope=~"resource|",le=~"1(\\.0)?"}) - or - vector(0) - ) + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope_le:apiserver_request_sli_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope=~"resource|",le=~"1(\\.0)?"} or vector(0)) + - sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope_le:apiserver_request_sli_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="namespace",le=~"5(\\.0)?"}) + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope_le:apiserver_request_sli_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="namespace",le=~"5(\\.0)?"} or vector(0)) + - sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope_le:apiserver_request_sli_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="cluster",le=~"30(\\.0)?"}) + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope_le:apiserver_request_sli_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="cluster",le=~"30(\\.0)?"} or vector(0)) ) + # errors @@ -183,7 +175,7 @@ spec: # too slow sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope:apiserver_request_sli_duration_seconds_count:increase30d{verb=~"POST|PUT|PATCH|DELETE"}) - - sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope_le:apiserver_request_sli_duration_seconds_bucket:increase30d{verb=~"POST|PUT|PATCH|DELETE",le=~"1(\\.0)?"}) + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (cluster_verb_scope_le:apiserver_request_sli_duration_seconds_bucket:increase30d{verb=~"POST|PUT|PATCH|DELETE",le=~"1(\\.0)?"} or vector(0)) ) + # errors diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml similarity index 75% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml index 9f8bf60..b349f0d 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml @@ -5,6 +5,7 @@ https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-promet */ -}} {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} {{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeScheduler.enabled .Values.defaultRules.rules.kubeSchedulerRecording }} +{{- $kubeSchedulerJob := include "kube-prometheus-stack-kube-scheduler.name" . }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -24,7 +25,7 @@ spec: groups: - name: kube-scheduler.rules rules: - - expr: histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + - expr: histogram_quantile(0.99, sum(rate(scheduler_scheduling_attempt_duration_seconds_bucket{job="{{ $kubeSchedulerJob }}"}[5m])) without(instance, pod)) labels: quantile: '0.99' {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubeSchedulerRecording }} @@ -35,8 +36,8 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + record: cluster_quantile:scheduler_scheduling_attempt_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="{{ $kubeSchedulerJob }}"}[5m])) without(instance, pod)) labels: quantile: '0.99' {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubeSchedulerRecording }} @@ -48,7 +49,7 @@ spec: {{- end }} {{- end }} record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod)) + - expr: histogram_quantile(0.99, sum(rate(scheduler_pod_scheduling_sli_duration_seconds_bucket{job="{{ $kubeSchedulerJob }}"}[5m])) without(instance, pod)) labels: quantile: '0.99' {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubeSchedulerRecording }} @@ -59,8 +60,8 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.9, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod)) + record: cluster_quantile:scheduler_pod_scheduling_sli_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(scheduler_scheduling_attempt_duration_seconds_bucket{job="{{ $kubeSchedulerJob }}"}[5m])) without(instance, pod)) labels: quantile: '0.9' {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubeSchedulerRecording }} @@ -71,8 +72,8 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.9, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod)) + record: cluster_quantile:scheduler_scheduling_attempt_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="{{ $kubeSchedulerJob }}"}[5m])) without(instance, pod)) labels: quantile: '0.9' {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubeSchedulerRecording }} @@ -84,7 +85,7 @@ spec: {{- end }} {{- end }} record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.9, sum(rate(scheduler_binding_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod)) + - expr: histogram_quantile(0.9, sum(rate(scheduler_pod_scheduling_sli_duration_seconds_bucket{job="{{ $kubeSchedulerJob }}"}[5m])) without(instance, pod)) labels: quantile: '0.9' {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubeSchedulerRecording }} @@ -95,8 +96,8 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.5, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod)) + record: cluster_quantile:scheduler_pod_scheduling_sli_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(scheduler_scheduling_attempt_duration_seconds_bucket{job="{{ $kubeSchedulerJob }}"}[5m])) without(instance, pod)) labels: quantile: '0.5' {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubeSchedulerRecording }} @@ -107,8 +108,8 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.5, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod)) + record: cluster_quantile:scheduler_scheduling_attempt_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="{{ $kubeSchedulerJob }}"}[5m])) without(instance, pod)) labels: quantile: '0.5' {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubeSchedulerRecording }} @@ -120,7 +121,7 @@ spec: {{- end }} {{- end }} record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.5, sum(rate(scheduler_binding_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod)) + - expr: histogram_quantile(0.5, sum(rate(scheduler_pod_scheduling_sli_duration_seconds_bucket{job="{{ $kubeSchedulerJob }}"}[5m])) without(instance, pod)) labels: quantile: '0.5' {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubeSchedulerRecording }} @@ -131,5 +132,5 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile + record: cluster_quantile:scheduler_pod_scheduling_sli_duration_seconds:histogram_quantile {{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-state-metrics.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-state-metrics.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-state-metrics.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-state-metrics.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubelet.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubelet.rules.yaml similarity index 57% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kubelet.rules.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubelet.rules.yaml index 8cd03ba..14e65c0 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubelet.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubelet.rules.yaml @@ -4,8 +4,8 @@ Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubelet }} -{{- if (include "exporter.kubelet.enabled" .)}} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubelet.enabled .Values.defaultRules.rules.kubelet }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -25,7 +25,13 @@ spec: groups: - name: kubelet.rules rules: - - expr: histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{job="kubelet", metrics_path="/metrics"}[5m])) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance, le) * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) + - expr: |- + histogram_quantile( + 0.99, + sum(rate(kubelet_pleg_relist_duration_seconds_bucket{job="{{ $kubeletJob }}", metrics_path="/metrics"}[5m])) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance, le) + * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance) group_left (node) + max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance, node) (kubelet_node_name{job="{{ $kubeletJob }}", metrics_path="/metrics"}) + ) labels: quantile: '0.99' {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubelet }} @@ -37,7 +43,13 @@ spec: {{- end }} {{- end }} record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.9, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{job="kubelet", metrics_path="/metrics"}[5m])) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance, le) * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) + - expr: |- + histogram_quantile( + 0.9, + sum(rate(kubelet_pleg_relist_duration_seconds_bucket{job="{{ $kubeletJob }}", metrics_path="/metrics"}[5m])) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance, le) + * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance) group_left (node) + max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance, node) (kubelet_node_name{job="{{ $kubeletJob }}", metrics_path="/metrics"}) + ) labels: quantile: '0.9' {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubelet }} @@ -49,7 +61,13 @@ spec: {{- end }} {{- end }} record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.5, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{job="kubelet", metrics_path="/metrics"}[5m])) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance, le) * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) + - expr: |- + histogram_quantile( + 0.5, + sum(rate(kubelet_pleg_relist_duration_seconds_bucket{job="{{ $kubeletJob }}", metrics_path="/metrics"}[5m])) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance, le) + * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance) group_left (node) + max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance, node) (kubelet_node_name{job="{{ $kubeletJob }}", metrics_path="/metrics"}) + ) labels: quantile: '0.5' {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubelet }} @@ -61,5 +79,4 @@ spec: {{- end }} {{- end }} record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile -{{- end }} {{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-apps.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-apps.yaml similarity index 81% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-apps.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-apps.yaml index 5d73223..0a988c9 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-apps.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-apps.yaml @@ -6,7 +6,7 @@ https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-promet {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} {{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesApps }} {{- $kubeStateMetricsJob := include "kube-prometheus-stack-kube-state-metrics.name" . }} -{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }} +{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }}{{- $namespaceOperator := .Values.defaultRules.appNamespacesOperator | default "=~" }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -38,7 +38,7 @@ spec: description: 'Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} ({{`{{`}} $labels.container {{`}}`}}) is in waiting state (reason: "CrashLoopBackOff") on cluster {{`{{`}} $labels.cluster {{`}}`}}.' runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepodcrashlooping summary: Pod is crash looping. - expr: max_over_time(kube_pod_container_status_waiting_reason{reason="CrashLoopBackOff", job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"}[5m]) >= 1 + expr: max_over_time(kube_pod_container_status_waiting_reason{reason="CrashLoopBackOff", job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"}[5m]) >= 1 for: {{ dig "KubePodCrashLooping" "for" "15m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -67,9 +67,9 @@ spec: runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepodnotready summary: Pod has been in a non-ready state for more than 15 minutes. expr: |- - sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace, pod, cluster) ( - max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace, pod, cluster) ( - kube_pod_status_phase{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}", phase=~"Pending|Unknown|Failed"} + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace, pod, job, cluster) ( + max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace, pod, job, cluster) ( + kube_pod_status_phase{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}", phase=~"Pending|Unknown"} ) * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace, pod, cluster) group_left(owner_kind) topk by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace, pod, cluster) ( 1, max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace, pod, owner_kind, cluster) (kube_pod_owner{owner_kind!="Job"}) ) @@ -102,9 +102,9 @@ spec: runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubedeploymentgenerationmismatch summary: Deployment generation mismatch due to possible roll-back expr: |- - kube_deployment_status_observed_generation{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + kube_deployment_status_observed_generation{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} != - kube_deployment_metadata_generation{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + kube_deployment_metadata_generation{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} for: {{ dig "KubeDeploymentGenerationMismatch" "for" "15m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -134,11 +134,11 @@ spec: summary: Deployment has not matched the expected number of replicas. expr: |- ( - kube_deployment_spec_replicas{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + kube_deployment_spec_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} > - kube_deployment_status_replicas_available{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + kube_deployment_status_replicas_available{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} ) and ( - changes(kube_deployment_status_replicas_updated{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"}[10m]) + changes(kube_deployment_status_replicas_updated{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"}[10m]) == 0 ) @@ -170,7 +170,7 @@ spec: runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubedeploymentrolloutstuck summary: Deployment rollout is not progressing. expr: |- - kube_deployment_status_condition{condition="Progressing", status="false",job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + kube_deployment_status_condition{condition="Progressing", status="false",job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} != 0 for: {{ dig "KubeDeploymentRolloutStuck" "for" "15m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} @@ -201,11 +201,11 @@ spec: summary: StatefulSet has not matched the expected number of replicas. expr: |- ( - kube_statefulset_status_replicas_ready{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + kube_statefulset_status_replicas_ready{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} != - kube_statefulset_replicas{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + kube_statefulset_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} ) and ( - changes(kube_statefulset_status_replicas_updated{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"}[10m]) + changes(kube_statefulset_status_replicas_updated{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"}[10m]) == 0 ) @@ -237,9 +237,9 @@ spec: runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubestatefulsetgenerationmismatch summary: StatefulSet generation mismatch due to possible roll-back expr: |- - kube_statefulset_status_observed_generation{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + kube_statefulset_status_observed_generation{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} != - kube_statefulset_metadata_generation{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + kube_statefulset_metadata_generation{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} for: {{ dig "KubeStatefulSetGenerationMismatch" "for" "15m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -270,18 +270,18 @@ spec: expr: |- ( max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace, statefulset, job, cluster) ( - kube_statefulset_status_current_revision{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + kube_statefulset_status_current_revision{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} unless - kube_statefulset_status_update_revision{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + kube_statefulset_status_update_revision{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} ) - * + * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace, statefulset, job, cluster) ( - kube_statefulset_replicas{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + kube_statefulset_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} != - kube_statefulset_status_replicas_updated{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + kube_statefulset_status_replicas_updated{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} ) - ) and ( - changes(kube_statefulset_status_replicas_updated{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"}[5m]) + ) and on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace, statefulset, job, cluster) ( + changes(kube_statefulset_status_replicas_updated{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"}[5m]) == 0 ) @@ -315,24 +315,24 @@ spec: expr: |- ( ( - kube_daemonset_status_current_number_scheduled{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} - != - kube_daemonset_status_desired_number_scheduled{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + kube_daemonset_status_current_number_scheduled{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} + != + kube_daemonset_status_desired_number_scheduled{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} ) or ( - kube_daemonset_status_number_misscheduled{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} - != + kube_daemonset_status_number_misscheduled{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} + != 0 ) or ( - kube_daemonset_status_updated_number_scheduled{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} - != - kube_daemonset_status_desired_number_scheduled{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + kube_daemonset_status_updated_number_scheduled{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} + != + kube_daemonset_status_desired_number_scheduled{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} ) or ( - kube_daemonset_status_number_available{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} - != - kube_daemonset_status_desired_number_scheduled{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + kube_daemonset_status_number_available{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} + != + kube_daemonset_status_desired_number_scheduled{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} ) ) and ( - changes(kube_daemonset_status_updated_number_scheduled{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"}[5m]) + changes(kube_daemonset_status_updated_number_scheduled{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"}[5m]) == 0 ) @@ -363,7 +363,7 @@ spec: description: 'pod/{{`{{`}} $labels.pod {{`}}`}} in namespace {{`{{`}} $labels.namespace {{`}}`}} on container {{`{{`}} $labels.container{{`}}`}} has been in waiting state for longer than 1 hour. (reason: "{{`{{`}} $labels.reason {{`}}`}}") on cluster {{`{{`}} $labels.cluster {{`}}`}}.' runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubecontainerwaiting summary: Pod container waiting longer than 1 hour - expr: kube_pod_container_status_waiting_reason{reason!="CrashLoopBackOff", job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} > 0 + expr: kube_pod_container_status_waiting_reason{reason!="CrashLoopBackOff", job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} > 0 for: {{ dig "KubeContainerWaiting" "for" "1h" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -392,9 +392,9 @@ spec: runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubedaemonsetnotscheduled summary: DaemonSet pods are not scheduled. expr: |- - kube_daemonset_status_desired_number_scheduled{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + kube_daemonset_status_desired_number_scheduled{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} - - kube_daemonset_status_current_number_scheduled{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} > 0 + kube_daemonset_status_current_number_scheduled{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} > 0 for: {{ dig "KubeDaemonSetNotScheduled" "for" "10m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -422,7 +422,7 @@ spec: description: '{{`{{`}} $value {{`}}`}} Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are running where they are not supposed to run on cluster {{`{{`}} $labels.cluster {{`}}`}}.' runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubedaemonsetmisscheduled summary: DaemonSet pods are misscheduled. - expr: kube_daemonset_status_number_misscheduled{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} > 0 + expr: kube_daemonset_status_number_misscheduled{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} > 0 for: {{ dig "KubeDaemonSetMisScheduled" "for" "15m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -451,9 +451,9 @@ spec: runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubejobnotcompleted summary: Job did not complete in time expr: |- - time() - max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace, job_name, cluster) (kube_job_status_start_time{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + time() - max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace, job_name, cluster) (kube_job_status_start_time{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} and - kube_job_status_active{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} > 0) > 43200 + kube_job_status_active{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} > 0) > 43200 labels: severity: {{ dig "KubeJobNotCompleted" "severity" "warning" .Values.customRules }} {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubernetesApps }} @@ -477,7 +477,7 @@ spec: description: Job {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.job_name {{`}}`}} failed to complete. Removing failed job after investigation should clear this alert on cluster {{`{{`}} $labels.cluster {{`}}`}}. runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubejobfailed summary: Job failed to complete. - expr: kube_job_failed{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} > 0 + expr: kube_job_failed{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} > 0 for: {{ dig "KubeJobFailed" "for" "15m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -506,19 +506,19 @@ spec: runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubehpareplicasmismatch summary: HPA has not matched desired number of replicas. expr: |- - (kube_horizontalpodautoscaler_status_desired_replicas{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + (kube_horizontalpodautoscaler_status_desired_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} != - kube_horizontalpodautoscaler_status_current_replicas{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"}) + kube_horizontalpodautoscaler_status_current_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"}) and - (kube_horizontalpodautoscaler_status_current_replicas{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + (kube_horizontalpodautoscaler_status_current_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} > - kube_horizontalpodautoscaler_spec_min_replicas{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"}) + kube_horizontalpodautoscaler_spec_min_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"}) and - (kube_horizontalpodautoscaler_status_current_replicas{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + (kube_horizontalpodautoscaler_status_current_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} < - kube_horizontalpodautoscaler_spec_max_replicas{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"}) + kube_horizontalpodautoscaler_spec_max_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"}) and - changes(kube_horizontalpodautoscaler_status_current_replicas{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"}[15m]) == 0 + changes(kube_horizontalpodautoscaler_status_current_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"}[15m]) == 0 for: {{ dig "KubeHpaReplicasMismatch" "for" "15m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -547,9 +547,16 @@ spec: runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubehpamaxedout summary: HPA is running at max replicas expr: |- - kube_horizontalpodautoscaler_status_current_replicas{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} - == - kube_horizontalpodautoscaler_spec_max_replicas{job="{{ $kubeStateMetricsJob }}", namespace=~"{{ $targetNamespace }}"} + ( + kube_horizontalpodautoscaler_status_current_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} + == + kube_horizontalpodautoscaler_spec_max_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} + ) + and on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace, horizontalpodautoscaler) ( + kube_horizontalpodautoscaler_spec_max_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} + != + kube_horizontalpodautoscaler_spec_min_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} + ) for: {{ dig "KubeHpaMaxedOut" "for" "15m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -565,4 +572,38 @@ spec: {{- end }} {{- end }} {{- end }} +{{- if not (.Values.defaultRules.disabled.KubePdbNotEnoughHealthyPods | default false) }} + - alert: KubePdbNotEnoughHealthyPods + annotations: +{{- if .Values.defaultRules.additionalRuleAnnotations }} +{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} +{{- end }} +{{- if .Values.defaultRules.additionalRuleGroupAnnotations.kubernetesApps }} +{{ toYaml .Values.defaultRules.additionalRuleGroupAnnotations.kubernetesApps | indent 8 }} +{{- end }} + description: PDB {{`{{`}} $labels.cluster {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.poddisruptionbudget {{`}}`}} expects {{`{{`}} $value {{`}}`}} more healthy pods. The desired number of healthy pods has not been met for at least 15m. + runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepdbnotenoughhealthypods + summary: PDB does not have enough healthy pods. + expr: |- + ( + kube_poddisruptionbudget_status_desired_healthy{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} + - + kube_poddisruptionbudget_status_current_healthy{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} + ) + > 0 + for: {{ dig "KubePdbNotEnoughHealthyPods" "for" "15m" .Values.customRules }} + {{- with .Values.defaultRules.keepFiringFor }} + keep_firing_for: "{{ . }}" + {{- end }} + labels: + severity: {{ dig "KubePdbNotEnoughHealthyPods" "severity" "warning" .Values.customRules }} + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubernetesApps }} + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.kubernetesApps }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-resources.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-resources.yaml similarity index 66% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-resources.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-resources.yaml index f038c97..ad65ccb 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-resources.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-resources.yaml @@ -6,6 +6,7 @@ https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-promet {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} {{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesResources }} {{- $kubeStateMetricsJob := include "kube-prometheus-stack-kube-state-metrics.name" . }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -34,13 +35,34 @@ spec: {{- if .Values.defaultRules.additionalRuleGroupAnnotations.kubernetesResources }} {{ toYaml .Values.defaultRules.additionalRuleGroupAnnotations.kubernetesResources | indent 8 }} {{- end }} - description: Cluster {{`{{`}} $labels.cluster {{`}}`}} has overcommitted CPU resource requests for Pods by {{`{{`}} $value {{`}}`}} CPU shares and cannot tolerate node failure. + description: Cluster {{`{{`}} $labels.cluster {{`}}`}} has overcommitted CPU resource requests for Pods by {{`{{`}} printf "%.2f" $value {{`}}`}} CPU shares and cannot tolerate node failure. runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubecpuovercommit summary: Cluster has overcommitted CPU resource requests. expr: |- - sum(namespace_cpu:kube_pod_container_resource_requests:sum{}) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) - (sum(kube_node_status_allocatable{job="{{ $kubeStateMetricsJob }}",resource="cpu"}) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) - max(kube_node_status_allocatable{job="{{ $kubeStateMetricsJob }}",resource="cpu"}) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster)) > 0 - and - (sum(kube_node_status_allocatable{job="{{ $kubeStateMetricsJob }}",resource="cpu"}) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) - max(kube_node_status_allocatable{job="{{ $kubeStateMetricsJob }}",resource="cpu"}) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster)) > 0 + # Non-HA clusters. + ( + ( + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (namespace_cpu:kube_pod_container_resource_requests:sum{}) + - + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (kube_node_status_allocatable{job="{{ $kubeStateMetricsJob }}",resource="cpu"}) > 0 + ) + and + count by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, node) (kube_node_role{job="{{ $kubeStateMetricsJob }}", role="control-plane"})) < 3 + ) + or + # HA clusters. + ( + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (namespace_cpu:kube_pod_container_resource_requests:sum{}) + - + ( + # Skip clusters with only one allocatable node. + ( + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (kube_node_status_allocatable{job="{{ $kubeStateMetricsJob }}",resource="cpu"}) + - + max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (kube_node_status_allocatable{job="{{ $kubeStateMetricsJob }}",resource="cpu"}) + ) > 0 + ) > 0 + ) for: {{ dig "KubeCPUOvercommit" "for" "10m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -69,9 +91,30 @@ spec: runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubememoryovercommit summary: Cluster has overcommitted memory resource requests. expr: |- - sum(namespace_memory:kube_pod_container_resource_requests:sum{}) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) - (sum(kube_node_status_allocatable{resource="memory", job="{{ $kubeStateMetricsJob }}"}) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) - max(kube_node_status_allocatable{resource="memory", job="{{ $kubeStateMetricsJob }}"}) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster)) > 0 - and - (sum(kube_node_status_allocatable{resource="memory", job="{{ $kubeStateMetricsJob }}"}) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) - max(kube_node_status_allocatable{resource="memory", job="{{ $kubeStateMetricsJob }}"}) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster)) > 0 + # Non-HA clusters. + ( + ( + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (namespace_memory:kube_pod_container_resource_requests:sum{}) + - + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (kube_node_status_allocatable{job="{{ $kubeStateMetricsJob }}",resource="memory"}) > 0 + ) + and + count by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, node) (kube_node_role{job="{{ $kubeStateMetricsJob }}", role="control-plane"})) < 3 + ) + or + # HA clusters. + ( + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (namespace_memory:kube_pod_container_resource_requests:sum{}) + - + ( + # Skip clusters with only one allocatable node. + ( + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (kube_node_status_allocatable{job="{{ $kubeStateMetricsJob }}",resource="memory"}) + - + max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (kube_node_status_allocatable{job="{{ $kubeStateMetricsJob }}",resource="memory"}) + ) > 0 + ) > 0 + ) for: {{ dig "KubeMemoryOvercommit" "for" "10m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -96,14 +139,17 @@ spec: {{- if .Values.defaultRules.additionalRuleGroupAnnotations.kubernetesResources }} {{ toYaml .Values.defaultRules.additionalRuleGroupAnnotations.kubernetesResources | indent 8 }} {{- end }} - description: Cluster {{`{{`}} $labels.cluster {{`}}`}} has overcommitted CPU resource requests for Namespaces. + description: Cluster {{`{{`}} $labels.cluster {{`}}`}} has overcommitted CPU resource requests for Namespaces. runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubecpuquotaovercommit summary: Cluster has overcommitted CPU resource requests. expr: |- - sum(min without(resource) (kube_resourcequota{job="{{ $kubeStateMetricsJob }}", type="hard", resource=~"(cpu|requests.cpu)"})) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) - / - sum(kube_node_status_allocatable{resource="cpu", job="{{ $kubeStateMetricsJob }}"}) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) - > 1.5 + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) ( + min without(resource) (kube_resourcequota{job="{{ $kubeStateMetricsJob }}", type="hard", resource=~"(cpu|requests.cpu)"}) + ) + / + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) ( + kube_node_status_allocatable{resource="cpu", job="{{ $kubeStateMetricsJob }}"} + ) > 1.5 for: {{ dig "KubeCPUQuotaOvercommit" "for" "5m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -128,14 +174,17 @@ spec: {{- if .Values.defaultRules.additionalRuleGroupAnnotations.kubernetesResources }} {{ toYaml .Values.defaultRules.additionalRuleGroupAnnotations.kubernetesResources | indent 8 }} {{- end }} - description: Cluster {{`{{`}} $labels.cluster {{`}}`}} has overcommitted memory resource requests for Namespaces. + description: Cluster {{`{{`}} $labels.cluster {{`}}`}} has overcommitted memory resource requests for Namespaces. runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubememoryquotaovercommit summary: Cluster has overcommitted memory resource requests. expr: |- - sum(min without(resource) (kube_resourcequota{job="{{ $kubeStateMetricsJob }}", type="hard", resource=~"(memory|requests.memory)"})) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) - / - sum(kube_node_status_allocatable{resource="memory", job="{{ $kubeStateMetricsJob }}"}) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) - > 1.5 + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) ( + min without(resource) (kube_resourcequota{job="{{ $kubeStateMetricsJob }}", type="hard", resource=~"(memory|requests.memory)"}) + ) + / + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) ( + kube_node_status_allocatable{resource="memory", job="{{ $kubeStateMetricsJob }}"} + ) > 1.5 for: {{ dig "KubeMemoryQuotaOvercommit" "for" "5m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -164,10 +213,16 @@ spec: runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubequotaalmostfull summary: Namespace quota is going to be full. expr: |- - kube_resourcequota{job="{{ $kubeStateMetricsJob }}", type="used"} - / ignoring(instance, job, type) - (kube_resourcequota{job="{{ $kubeStateMetricsJob }}", type="hard"} > 0) - > 0.9 < 1 + max without (instance, job, type) ( + kube_resourcequota{job="{{ $kubeStateMetricsJob }}", type="used"} + ) + / on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, resource, resourcequota) group_left() + ( + max without (instance, job, type) ( + kube_resourcequota{job="{{ $kubeStateMetricsJob }}", type="hard"} + ) > 0 + ) + > 0.9 < 1 for: {{ dig "KubeQuotaAlmostFull" "for" "15m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -196,10 +251,16 @@ spec: runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubequotafullyused summary: Namespace quota is fully used. expr: |- - kube_resourcequota{job="{{ $kubeStateMetricsJob }}", type="used"} - / ignoring(instance, job, type) - (kube_resourcequota{job="{{ $kubeStateMetricsJob }}", type="hard"} > 0) - == 1 + max without (instance, job, type) ( + kube_resourcequota{job="{{ $kubeStateMetricsJob }}", type="used"} + ) + / on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, resource, resourcequota) group_left() + ( + max without (instance, job, type) ( + kube_resourcequota{job="{{ $kubeStateMetricsJob }}", type="hard"} + ) > 0 + ) + == 1 for: {{ dig "KubeQuotaFullyUsed" "for" "15m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -228,10 +289,15 @@ spec: runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubequotaexceeded summary: Namespace quota has exceeded the limits. expr: |- - kube_resourcequota{job="{{ $kubeStateMetricsJob }}", type="used"} - / ignoring(instance, job, type) - (kube_resourcequota{job="{{ $kubeStateMetricsJob }}", type="hard"} > 0) - > 1 + max without (instance, job, type) ( + kube_resourcequota{job="{{ $kubeStateMetricsJob }}", type="used"} + ) + / on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, resource, resourcequota) group_left() + ( + max without (instance, job, type) ( + kube_resourcequota{job="{{ $kubeStateMetricsJob }}", type="hard"} + ) > 0 + ) > 1 for: {{ dig "KubeQuotaExceeded" "for" "15m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" @@ -260,10 +326,22 @@ spec: runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/cputhrottlinghigh summary: Processes experience elevated CPU throttling. expr: |- - sum(increase(container_cpu_cfs_throttled_periods_total{container!="", job="kubelet", metrics_path="/metrics/cadvisor", }[5m])) without (id, metrics_path, name, image, endpoint, job, node) - / - sum(increase(container_cpu_cfs_periods_total{job="kubelet", metrics_path="/metrics/cadvisor", }[5m])) without (id, metrics_path, name, image, endpoint, job, node) - > ( 25 / 100 ) + sum without (id, metrics_path, name, image, endpoint, job, node) ( + topk by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod, container, instance) (1, + increase( + container_cpu_cfs_throttled_periods_total{container!="", job="{{ $kubeletJob }}", metrics_path="/metrics/cadvisor", } + [5m]) + ) + ) + / on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod, container, instance) group_left + sum without (id, metrics_path, name, image, endpoint, job, node) ( + topk by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, pod, container, instance) (1, + increase( + container_cpu_cfs_periods_total{job="{{ $kubeletJob }}", metrics_path="/metrics/cadvisor", } + [5m]) + ) + ) + > ( 25 / 100 ) for: {{ dig "CPUThrottlingHigh" "for" "15m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-storage.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-storage.yaml similarity index 80% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-storage.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-storage.yaml index 809e544..217186d 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-storage.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-storage.yaml @@ -6,7 +6,9 @@ https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-promet {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} {{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesStorage }} {{- $kubeStateMetricsJob := include "kube-prometheus-stack-kube-state-metrics.name" . }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} {{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }} +{{- $namespaceOperator := .Values.defaultRules.appNamespacesOperator | default "=~" }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -39,13 +41,14 @@ spec: runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepersistentvolumefillingup summary: PersistentVolume is filling up. expr: |- - kubelet_volume_stats_available_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} - / - kubelet_volume_stats_capacity_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} - < 0.03 + ( + kubelet_volume_stats_available_bytes{job="{{ $kubeletJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}", metrics_path="/metrics"} + / + kubelet_volume_stats_capacity_bytes{job="{{ $kubeletJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}", metrics_path="/metrics"} + ) < 0.03 and - kubelet_volume_stats_used_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} > 0 - unless on(namespace, persistentvolumeclaim) + kubelet_volume_stats_used_bytes{job="{{ $kubeletJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}", metrics_path="/metrics"} > 0 + unless on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, persistentvolumeclaim) kube_persistentvolumeclaim_access_mode{ access_mode="ReadOnlyMany"} == 1 unless on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, persistentvolumeclaim) kube_persistentvolumeclaim_labels{label_excluded_from_alerts="true"} == 1 @@ -78,15 +81,15 @@ spec: summary: PersistentVolume is filling up. expr: |- ( - kubelet_volume_stats_available_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + kubelet_volume_stats_available_bytes{job="{{ $kubeletJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}", metrics_path="/metrics"} / - kubelet_volume_stats_capacity_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + kubelet_volume_stats_capacity_bytes{job="{{ $kubeletJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}", metrics_path="/metrics"} ) < 0.15 and - kubelet_volume_stats_used_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} > 0 + kubelet_volume_stats_used_bytes{job="{{ $kubeletJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}", metrics_path="/metrics"} > 0 and - predict_linear(kubelet_volume_stats_available_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}[6h], 4 * 24 * 3600) < 0 - unless on(namespace, persistentvolumeclaim) + predict_linear(kubelet_volume_stats_available_bytes{job="{{ $kubeletJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}", metrics_path="/metrics"}[6h], 4 * 24 * 3600) < 0 + unless on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, persistentvolumeclaim) kube_persistentvolumeclaim_access_mode{ access_mode="ReadOnlyMany"} == 1 unless on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, persistentvolumeclaim) kube_persistentvolumeclaim_labels{label_excluded_from_alerts="true"} == 1 @@ -119,13 +122,13 @@ spec: summary: PersistentVolumeInodes are filling up. expr: |- ( - kubelet_volume_stats_inodes_free{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + kubelet_volume_stats_inodes_free{job="{{ $kubeletJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}", metrics_path="/metrics"} / - kubelet_volume_stats_inodes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + kubelet_volume_stats_inodes{job="{{ $kubeletJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}", metrics_path="/metrics"} ) < 0.03 and - kubelet_volume_stats_inodes_used{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} > 0 - unless on(namespace, persistentvolumeclaim) + kubelet_volume_stats_inodes_used{job="{{ $kubeletJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}", metrics_path="/metrics"} > 0 + unless on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, persistentvolumeclaim) kube_persistentvolumeclaim_access_mode{ access_mode="ReadOnlyMany"} == 1 unless on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, persistentvolumeclaim) kube_persistentvolumeclaim_labels{label_excluded_from_alerts="true"} == 1 @@ -158,15 +161,15 @@ spec: summary: PersistentVolumeInodes are filling up. expr: |- ( - kubelet_volume_stats_inodes_free{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + kubelet_volume_stats_inodes_free{job="{{ $kubeletJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}", metrics_path="/metrics"} / - kubelet_volume_stats_inodes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + kubelet_volume_stats_inodes{job="{{ $kubeletJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}", metrics_path="/metrics"} ) < 0.15 and - kubelet_volume_stats_inodes_used{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} > 0 + kubelet_volume_stats_inodes_used{job="{{ $kubeletJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}", metrics_path="/metrics"} > 0 and - predict_linear(kubelet_volume_stats_inodes_free{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}[6h], 4 * 24 * 3600) < 0 - unless on(namespace, persistentvolumeclaim) + predict_linear(kubelet_volume_stats_inodes_free{job="{{ $kubeletJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}", metrics_path="/metrics"}[6h], 4 * 24 * 3600) < 0 + unless on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, persistentvolumeclaim) kube_persistentvolumeclaim_access_mode{ access_mode="ReadOnlyMany"} == 1 unless on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, persistentvolumeclaim) kube_persistentvolumeclaim_labels{label_excluded_from_alerts="true"} == 1 diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml similarity index 99% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml index 33c873b..99d7e79 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml @@ -155,7 +155,7 @@ spec: description: KubeAPI has disappeared from Prometheus target discovery. runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeapidown summary: Target disappeared from Prometheus target discovery. - expr: absent(up{job="apiserver"} == 1) + expr: absent(up{job="apiserver"}) for: {{ dig "KubeAPIDown" "for" "15m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml similarity index 85% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml index 43b3245..08f3f98 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml @@ -4,8 +4,8 @@ Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeControllerManager }} -{{- if (include "exporter.kubeControllerManager.enabled" .)}} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeControllerManager.enabled .Values.defaultRules.rules.kubeControllerManager }} +{{- $kubeControllerManagerJob := include "kube-prometheus-stack-kube-controller-manager.name" . }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -38,8 +38,11 @@ spec: description: KubeControllerManager has disappeared from Prometheus target discovery. runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubecontrollermanagerdown summary: Target disappeared from Prometheus target discovery. - expr: absent(up{job="{{ include "exporter.kubeControllerManager.jobName" . }}"} == 1) - for: 15m + expr: absent(up{job="{{ $kubeControllerManagerJob }}"}) + for: {{ dig "KubeControllerManagerDown" "for" "15m" .Values.customRules }} + {{- with .Values.defaultRules.keepFiringFor }} + keep_firing_for: "{{ . }}" + {{- end }} labels: severity: {{ dig "KubeControllerManagerDown" "severity" "critical" .Values.customRules }} {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubeControllerManager }} @@ -52,6 +55,4 @@ spec: {{- end }} {{- end }} {{- end }} -{{- end }} -{{- end }} - +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-kube-proxy.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kube-proxy.yaml similarity index 88% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-kube-proxy.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kube-proxy.yaml index 2000ace..fcf2fc7 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-kube-proxy.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kube-proxy.yaml @@ -5,6 +5,7 @@ https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-promet */ -}} {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} {{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeProxy.enabled .Values.defaultRules.rules.kubeProxy }} +{{- $kubeProxyJob := include "kube-prometheus-stack-kube-proxy.name" . }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -36,8 +37,11 @@ spec: description: KubeProxy has disappeared from Prometheus target discovery. runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeproxydown summary: Target disappeared from Prometheus target discovery. - expr: absent(up{job="{{ include "exporter.kubeProxy.jobName" . }}"} == 1) - for: 15m + expr: absent(up{job="{{ $kubeProxyJob }}"}) + for: {{ dig "KubeProxyDown" "for" "15m" .Values.customRules }} + {{- with .Values.defaultRules.keepFiringFor }} + keep_firing_for: "{{ . }}" + {{- end }} labels: severity: {{ dig "KubeProxyDown" "severity" "critical" .Values.customRules }} {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubeProxy }} @@ -49,4 +53,4 @@ spec: {{- end }} {{- end }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml similarity index 79% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml index 9529573..6c93b8d 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml @@ -6,6 +6,7 @@ https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-promet {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} {{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }} {{- $kubeStateMetricsJob := include "kube-prometheus-stack-kube-state-metrics.name" . }} +{{- $kubeletJob := include "kube-prometheus-stack-kubelet.name" . }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -56,6 +57,37 @@ spec: {{- end }} {{- end }} {{- end }} +{{- if not (.Values.defaultRules.disabled.KubeNodePressure | default false) }} + - alert: KubeNodePressure + annotations: +{{- if .Values.defaultRules.additionalRuleAnnotations }} +{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} +{{- end }} +{{- if .Values.defaultRules.additionalRuleGroupAnnotations.kubernetesSystem }} +{{ toYaml .Values.defaultRules.additionalRuleGroupAnnotations.kubernetesSystem | indent 8 }} +{{- end }} + description: '{{`{{`}} $labels.node {{`}}`}} on cluster {{`{{`}} $labels.cluster {{`}}`}} has active Condition {{`{{`}} $labels.condition {{`}}`}}. This is caused by resource usage exceeding eviction thresholds.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubenodepressure + summary: Node has as active Condition. + expr: |- + kube_node_status_condition{job="{{ $kubeStateMetricsJob }}",condition=~"(MemoryPressure|DiskPressure|PIDPressure)",status="true"} == 1 + and on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, node) + kube_node_spec_unschedulable{job="{{ $kubeStateMetricsJob }}"} == 0 + for: {{ dig "KubeNodePressure" "for" "10m" .Values.customRules }} + {{- with .Values.defaultRules.keepFiringFor }} + keep_firing_for: "{{ . }}" + {{- end }} + labels: + severity: {{ dig "KubeNodePressure" "severity" "info" .Values.customRules }} + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubernetesSystem }} + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.kubernetesSystem }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} {{- if not (.Values.defaultRules.disabled.KubeNodeUnreachable | default false) }} - alert: KubeNodeUnreachable annotations: @@ -99,11 +131,11 @@ spec: expr: |- ( max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance) ( - kubelet_running_pods{job="kubelet", metrics_path="/metrics"} > 1 + kubelet_running_pods{job="{{ $kubeletJob }}", metrics_path="/metrics"} > 1 ) * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance) group_left(node) max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance, node) ( - kubelet_node_name{job="kubelet", metrics_path="/metrics"} + kubelet_node_name{job="{{ $kubeletJob }}", metrics_path="/metrics"} ) ) / on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, node) group_left() @@ -156,6 +188,40 @@ spec: {{- end }} {{- end }} {{- end }} +{{- if not (.Values.defaultRules.disabled.KubeNodeEviction | default false) }} + - alert: KubeNodeEviction + annotations: +{{- if .Values.defaultRules.additionalRuleAnnotations }} +{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} +{{- end }} +{{- if .Values.defaultRules.additionalRuleGroupAnnotations.kubernetesSystem }} +{{ toYaml .Values.defaultRules.additionalRuleGroupAnnotations.kubernetesSystem | indent 8 }} +{{- end }} + description: Node {{`{{`}} $labels.node {{`}}`}} on {{`{{`}} $labels.cluster {{`}}`}} is evicting Pods due to {{`{{`}} $labels.eviction_signal {{`}}`}}. Eviction occurs when eviction thresholds are crossed, typically caused by Pods exceeding RAM/ephemeral-storage limits. + runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubenodeeviction + summary: Node is evicting pods. + expr: |- + sum(rate(kubelet_evictions{job="{{ $kubeletJob }}", metrics_path="/metrics"}[15m])) by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, eviction_signal, instance) + * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance) group_left(node) + max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance, node) ( + kubelet_node_name{job="{{ $kubeletJob }}", metrics_path="/metrics"} + ) + > 0 + for: {{ dig "KubeNodeEviction" "for" "0s" .Values.customRules }} + {{- with .Values.defaultRules.keepFiringFor }} + keep_firing_for: "{{ . }}" + {{- end }} + labels: + severity: {{ dig "KubeNodeEviction" "severity" "info" .Values.customRules }} + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubernetesSystem }} + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.kubernetesSystem }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} {{- if not (.Values.defaultRules.disabled.KubeletPlegDurationHigh | default false) }} - alert: KubeletPlegDurationHigh annotations: @@ -196,8 +262,23 @@ spec: description: Kubelet Pod startup 99th percentile latency is {{`{{`}} $value {{`}}`}} seconds on node {{`{{`}} $labels.node {{`}}`}} on cluster {{`{{`}} $labels.cluster {{`}}`}}. runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletpodstartuplatencyhigh summary: Kubelet Pod startup latency is too high. - expr: histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics"}[5m])) by (cluster, instance, le)) * on(cluster, instance) group_left(node) kubelet_node_name{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics"} > 60 - for: 15m + expr: |- + histogram_quantile(0.99, + sum by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance, le) ( + topk by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance, le, operation_type) (1, + rate(kubelet_pod_worker_duration_seconds_bucket{job="{{ $kubeletJob }}", metrics_path="/metrics"}[5m]) + ) + ) + ) + * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance) group_left(node) + topk by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance, node) (1, + kubelet_node_name{job="{{ $kubeletJob }}", metrics_path="/metrics"} + ) + > 60 + for: {{ dig "KubeletPodStartUpLatencyHigh" "for" "15m" .Values.customRules }} + {{- with .Values.defaultRules.keepFiringFor }} + keep_firing_for: "{{ . }}" + {{- end }} labels: severity: {{ dig "KubeletPodStartUpLatencyHigh" "severity" "warning" .Values.customRules }} {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubernetesSystem }} @@ -361,7 +442,7 @@ spec: {{- end }} {{- end }} {{- end }} -{{- if (include "exporter.kubelet.enabled" .)}} +{{- if .Values.prometheusOperator.kubeletService.enabled }} {{- if not (.Values.defaultRules.disabled.KubeletDown | default false) }} - alert: KubeletDown annotations: @@ -371,11 +452,17 @@ spec: {{- if .Values.defaultRules.additionalRuleGroupAnnotations.kubernetesSystem }} {{ toYaml .Values.defaultRules.additionalRuleGroupAnnotations.kubernetesSystem | indent 8 }} {{- end }} - description: Kubelet has disappeared from Prometheus target discovery. + description: Kubelet has disappeared from Prometheus target discovery on cluster {{`{{`}} $labels.cluster {{`}}`}}. runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletdown summary: Target disappeared from Prometheus target discovery. - expr: absent(up{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics"} == 1) - for: 15m + expr: |- + count by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (kube_node_info{job="{{ $kubeStateMetricsJob }}"}) + unless on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) + count by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (up{job="{{ $kubeletJob }}", metrics_path="/metrics"} == 1) + for: {{ dig "KubeletDown" "for" "15m" .Values.customRules }} + {{- with .Values.defaultRules.keepFiringFor }} + keep_firing_for: "{{ . }}" + {{- end }} labels: severity: {{ dig "KubeletDown" "severity" "critical" .Values.customRules }} {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubernetesSystem }} diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml similarity index 89% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml index d32f151..c2bf5a7 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml @@ -5,6 +5,7 @@ https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-promet */ -}} {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} {{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeScheduler.enabled .Values.defaultRules.rules.kubeSchedulerAlerting }} +{{- $kubeSchedulerJob := include "kube-prometheus-stack-kube-scheduler.name" . }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -37,8 +38,11 @@ spec: description: KubeScheduler has disappeared from Prometheus target discovery. runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeschedulerdown summary: Target disappeared from Prometheus target discovery. - expr: absent(up{job="{{ include "exporter.kubeScheduler.jobName" . }}"} == 1) - for: 15m + expr: absent(up{job="{{ $kubeSchedulerJob }}"}) + for: {{ dig "KubeSchedulerDown" "for" "15m" .Values.customRules }} + {{- with .Values.defaultRules.keepFiringFor }} + keep_firing_for: "{{ . }}" + {{- end }} labels: severity: {{ dig "KubeSchedulerDown" "severity" "critical" .Values.customRules }} {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.kubeSchedulerAlerting }} diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/node-exporter.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.rules.yaml similarity index 76% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/node-exporter.rules.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.rules.yaml index aeaa802..58cd220 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/node-exporter.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.rules.yaml @@ -185,4 +185,60 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} + - expr: |- + sum without (device) ( + rate(node_network_receive_bytes_total{job="node-exporter", device!~"lo|veth.+"}[5m]) + ) + record: instance:node_network_receive_bytes_physical:rate5m + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.nodeExporterRecording }} + labels: + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.nodeExporterRecording }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + - expr: |- + sum without (device) ( + rate(node_network_transmit_bytes_total{job="node-exporter", device!~"lo|veth.+"}[5m]) + ) + record: instance:node_network_transmit_bytes_physical:rate5m + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.nodeExporterRecording }} + labels: + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.nodeExporterRecording }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + - expr: |- + sum without (device) ( + rate(node_network_receive_drop_total{job="node-exporter", device!~"lo|veth.+"}[5m]) + ) + record: instance:node_network_receive_drop_physical:rate5m + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.nodeExporterRecording }} + labels: + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.nodeExporterRecording }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + - expr: |- + sum without (device) ( + rate(node_network_transmit_drop_total{job="node-exporter", device!~"lo|veth.+"}[5m]) + ) + record: instance:node_network_transmit_drop_physical:rate5m + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.nodeExporterRecording }} + labels: + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.nodeExporterRecording }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/node-exporter.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.yaml similarity index 99% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/node-exporter.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.yaml index b862c79..e1a2cec 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/node-exporter.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.yaml @@ -809,8 +809,8 @@ spec: {{- end }} description: Bonding interface {{`{{`}} $labels.master {{`}}`}} on {{`{{`}} $labels.instance {{`}}`}} is in degraded state due to one or more slave failures. runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodebondingdegraded - summary: Bonding interface is degraded - expr: (node_bonding_slaves - node_bonding_active) != 0 + summary: Bonding interface is degraded. + expr: (node_bonding_slaves{job="node-exporter"} - node_bonding_active{job="node-exporter"}) != 0 for: {{ dig "NodeBondingDegraded" "for" "5m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/node-network.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-network.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/node-network.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-network.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/node.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node.rules.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/node.rules.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node.rules.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/prometheus-operator.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus-operator.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/prometheus-operator.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus-operator.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/prometheus.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus.yaml similarity index 99% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/prometheus.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus.yaml index 3e87e7e..368eb64 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/prometheus.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus.yaml @@ -418,8 +418,8 @@ spec: # Without max_over_time, failed scrapes could create false negatives, see # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. ( - max_over_time(prometheus_remote_storage_highest_timestamp_in_seconds{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) - - ignoring(remote_name, url) group_right + max_over_time(prometheus_remote_storage_queue_highest_timestamp_seconds{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + - max_over_time(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) ) > 120 diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/windows.node.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/windows.node.rules.yaml similarity index 98% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/windows.node.rules.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/windows.node.rules.yaml index 7c25553..1572666 100644 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/windows.node.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/windows.node.rules.yaml @@ -26,7 +26,7 @@ spec: rules: - expr: |- count by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) ( - windows_system_system_up_time{job="windows-exporter"} + windows_system_boot_time_timestamp_seconds{job="windows-exporter"} ) record: node:windows_node:sum {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.windows }} @@ -206,7 +206,7 @@ spec: - expr: |- avg by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, instance) ( (irate(windows_logical_disk_read_seconds_total{job="windows-exporter"}[1m]) + - irate(windows_logical_disk_write_seconds_total{job="windows-exporter"}[1m])) + irate(windows_logical_disk_write_seconds_total{job="windows-exporter"}[1m])) ) record: node:windows_node_disk_utilisation:avg_irate {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.windows }} @@ -220,9 +220,10 @@ spec: {{- end }} - expr: |- max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster,instance,volume)( - (windows_logical_disk_size_bytes{job="windows-exporter"} - - windows_logical_disk_free_bytes{job="windows-exporter"}) - / windows_logical_disk_size_bytes{job="windows-exporter"} + (windows_logical_disk_size_bytes{job="windows-exporter"} - + windows_logical_disk_free_bytes{job="windows-exporter"}) + / + windows_logical_disk_size_bytes{job="windows-exporter"} ) record: 'node:windows_node_filesystem_usage:' {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.windows }} diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/windows.pod.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/windows.pod.rules.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/rules-1.14/windows.pod.rules.yaml rename to charts/kube-prometheus-stack/templates/prometheus/rules-1.14/windows.pod.rules.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/secret.yaml b/charts/kube-prometheus-stack/templates/prometheus/secret.yaml similarity index 83% rename from charts/rancher-monitoring/templates/prometheus/secret.yaml rename to charts/kube-prometheus-stack/templates/prometheus/secret.yaml index e4a1e73..809379f 100644 --- a/charts/rancher-monitoring/templates/prometheus/secret.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/secret.yaml @@ -10,6 +10,6 @@ metadata: app.kubernetes.io/component: prometheus {{ include "kube-prometheus-stack.labels" . | indent 4 }} data: - object-storage-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.thanos.objectStorageConfig.secret | b64enc | quote }} + object-storage-configs.yaml: {{ tpl (toYaml .Values.prometheus.prometheusSpec.thanos.objectStorageConfig.secret) $ | b64enc | quote }} {{- end }} {{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/service.yaml b/charts/kube-prometheus-stack/templates/prometheus/service.yaml similarity index 90% rename from charts/rancher-monitoring/templates/prometheus/service.yaml rename to charts/kube-prometheus-stack/templates/prometheus/service.yaml index bfabebe..60bb392 100644 --- a/charts/rancher-monitoring/templates/prometheus/service.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/service.yaml @@ -1,5 +1,5 @@ {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if .Values.prometheus.enabled }} +{{- if and .Values.prometheus.enabled .Values.prometheus.service.enabled }} apiVersion: v1 kind: Service metadata: @@ -47,12 +47,17 @@ spec: {{- end }} port: {{ .Values.prometheus.service.port }} targetPort: {{ .Values.prometheus.service.targetPort }} + {{- if .Values.prometheus.service.reloaderWebPort }} - name: reloader-web {{- if semverCompare "> 1.20.0-0" $kubeTargetVersion }} appProtocol: http {{- end }} + {{- if and (eq .Values.prometheus.service.type "NodePort") (not (empty .Values.prometheus.service.reloaderWebNodePort)) }} + nodePort: {{ .Values.prometheus.service.reloaderWebNodePort }} + {{- end }} port: {{ .Values.prometheus.service.reloaderWebPort }} targetPort: reloader-web + {{- end }} {{- if .Values.prometheus.thanosIngress.enabled }} - name: grpc {{- if eq .Values.prometheus.service.type "NodePort" }} diff --git a/charts/rancher-monitoring/templates/prometheus/serviceThanosSidecar.yaml b/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecar.yaml similarity index 96% rename from charts/rancher-monitoring/templates/prometheus/serviceThanosSidecar.yaml rename to charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecar.yaml index 87fae7b..7e1fda3 100644 --- a/charts/rancher-monitoring/templates/prometheus/serviceThanosSidecar.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecar.yaml @@ -16,7 +16,9 @@ metadata: {{- end }} spec: type: {{ .Values.prometheus.thanosService.type }} + {{- if .Values.prometheus.thanosService.clusterIP }} clusterIP: {{ .Values.prometheus.thanosService.clusterIP }} + {{- end }} {{- if .Values.prometheus.thanosService.ipDualStack.enabled }} ipFamilies: {{ toYaml .Values.prometheus.thanosService.ipDualStack.ipFamilies | nindent 4 }} ipFamilyPolicy: {{ .Values.prometheus.thanosService.ipDualStack.ipFamilyPolicy }} diff --git a/charts/rancher-monitoring/templates/prometheus/serviceThanosSidecarExternal.yaml b/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecarExternal.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/serviceThanosSidecarExternal.yaml rename to charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecarExternal.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/serviceaccount.yaml b/charts/kube-prometheus-stack/templates/prometheus/serviceaccount.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/serviceaccount.yaml rename to charts/kube-prometheus-stack/templates/prometheus/serviceaccount.yaml diff --git a/charts/rancher-monitoring/templates/prometheus/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/prometheus/servicemonitor.yaml similarity index 89% rename from charts/rancher-monitoring/templates/prometheus/servicemonitor.yaml rename to charts/kube-prometheus-stack/templates/prometheus/servicemonitor.yaml index a36f3e3..31cbc90 100644 --- a/charts/rancher-monitoring/templates/prometheus/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/servicemonitor.yaml @@ -35,19 +35,8 @@ spec: bearerTokenFile: {{ .Values.prometheus.serviceMonitor.bearerTokenFile }} {{- end }} path: "{{ trimSuffix "/" .Values.prometheus.prometheusSpec.routePrefix }}/metrics" - metricRelabelings: {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} - {{- tpl (toYaml .Values.prometheus.serviceMonitor.metricRelabelings | nindent 6) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} + metricRelabelings: {{- tpl (toYaml .Values.prometheus.serviceMonitor.metricRelabelings | nindent 6) . }} {{- end }} {{- if .Values.prometheus.serviceMonitor.relabelings }} relabelings: {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 6 }} diff --git a/charts/rancher-monitoring/templates/prometheus/servicemonitorThanosSidecar.yaml b/charts/kube-prometheus-stack/templates/prometheus/servicemonitorThanosSidecar.yaml similarity index 76% rename from charts/rancher-monitoring/templates/prometheus/servicemonitorThanosSidecar.yaml rename to charts/kube-prometheus-stack/templates/prometheus/servicemonitorThanosSidecar.yaml index 0f70aab..5643099 100644 --- a/charts/rancher-monitoring/templates/prometheus/servicemonitorThanosSidecar.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/servicemonitorThanosSidecar.yaml @@ -34,20 +34,10 @@ spec: bearerTokenFile: {{ .Values.prometheus.thanosServiceMonitor.bearerTokenFile }} {{- end }} path: "/metrics" +{{- if .Values.prometheus.thanosServiceMonitor.metricRelabelings }} metricRelabelings: - {{- if .Values.prometheus.thanosServiceMonitor.metricRelabelings}} - {{ tpl (toYaml .Values.prometheus.thanosServiceMonitor.metricRelabelings | indent 6) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} +{{ tpl (toYaml .Values.prometheus.thanosServiceMonitor.metricRelabelings | indent 6) . }} +{{- end }} {{- if .Values.prometheus.thanosServiceMonitor.relabelings }} relabelings: {{ toYaml .Values.prometheus.thanosServiceMonitor.relabelings | indent 6 }} diff --git a/charts/rancher-monitoring/templates/prometheus/servicemonitors.yaml b/charts/kube-prometheus-stack/templates/prometheus/servicemonitors.yaml similarity index 92% rename from charts/rancher-monitoring/templates/prometheus/servicemonitors.yaml rename to charts/kube-prometheus-stack/templates/prometheus/servicemonitors.yaml index 1bdb1db..4a0c7f1 100644 --- a/charts/rancher-monitoring/templates/prometheus/servicemonitors.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/servicemonitors.yaml @@ -38,5 +38,9 @@ items: {{- if .fallbackScrapeProtocol }} fallbackScrapeProtocol: {{ .fallbackScrapeProtocol }} {{- end }} + {{- with .attachMetadata }} + attachMetadata: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/serviceperreplica.yaml b/charts/kube-prometheus-stack/templates/prometheus/serviceperreplica.yaml similarity index 100% rename from charts/rancher-monitoring/templates/prometheus/serviceperreplica.yaml rename to charts/kube-prometheus-stack/templates/prometheus/serviceperreplica.yaml diff --git a/charts/kube-prometheus-stack/templates/prometheus/verticalpodautoscaler.yaml b/charts/kube-prometheus-stack/templates/prometheus/verticalpodautoscaler.yaml new file mode 100644 index 0000000..ec35eec --- /dev/null +++ b/charts/kube-prometheus-stack/templates/prometheus/verticalpodautoscaler.yaml @@ -0,0 +1,46 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.verticalPodAutoscaler.enabled }} +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus + {{- include "kube-prometheus-stack.labels" . | nindent 4 }} +spec: + {{- with .Values.prometheus.verticalPodAutoscaler.recommenders }} + recommenders: + {{- toYaml . | nindent 4 }} + {{- end }} + resourcePolicy: + containerPolicies: + - containerName: prometheus + {{- with .Values.prometheus.verticalPodAutoscaler.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.verticalPodAutoscaler.controlledValues }} + controlledValues: {{ .Values.prometheus.verticalPodAutoscaler.controlledValues }} + {{- end }} + {{- if .Values.prometheus.verticalPodAutoscaler.maxAllowed }} + maxAllowed: + {{- toYaml .Values.prometheus.verticalPodAutoscaler.maxAllowed | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.verticalPodAutoscaler.minAllowed }} + minAllowed: + {{- toYaml .Values.prometheus.verticalPodAutoscaler.minAllowed | nindent 8 }} + {{- end }} + targetRef: + {{- if .Values.prometheus.agentMode }} + apiVersion: monitoring.coreos.com/v1alpha1 + kind: PrometheusAgent + {{- else }} + apiVersion: monitoring.coreos.com/v1 + kind: Prometheus + {{- end }} + name: {{ template "kube-prometheus-stack.prometheus.crname" . }} + {{- with .Values.prometheus.verticalPodAutoscaler.updatePolicy }} + updatePolicy: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/templates/thanos-ruler/extrasecret.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/extrasecret.yaml similarity index 100% rename from charts/rancher-monitoring/templates/thanos-ruler/extrasecret.yaml rename to charts/kube-prometheus-stack/templates/thanos-ruler/extrasecret.yaml diff --git a/charts/rancher-monitoring/templates/thanos-ruler/ingress.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/ingress.yaml similarity index 71% rename from charts/rancher-monitoring/templates/thanos-ruler/ingress.yaml rename to charts/kube-prometheus-stack/templates/thanos-ruler/ingress.yaml index b645a39..483c2d1 100644 --- a/charts/rancher-monitoring/templates/thanos-ruler/ingress.yaml +++ b/charts/kube-prometheus-stack/templates/thanos-ruler/ingress.yaml @@ -4,9 +4,7 @@ {{- $servicePort := .Values.thanosRuler.service.port -}} {{- $routePrefix := list .Values.thanosRuler.thanosRulerSpec.routePrefix }} {{- $paths := .Values.thanosRuler.ingress.paths | default $routePrefix -}} -{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} -{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} -apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $serviceName }} @@ -22,11 +20,9 @@ metadata: {{- end }} {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: - {{- if $apiIsStable }} {{- if .Values.thanosRuler.ingress.ingressClassName }} ingressClassName: {{ .Values.thanosRuler.ingress.ingressClassName }} {{- end }} - {{- end }} rules: {{- if .Values.thanosRuler.ingress.hosts }} {{- range $host := .Values.thanosRuler.ingress.hosts }} @@ -35,19 +31,12 @@ spec: paths: {{- range $p := $paths }} - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} pathType: {{ $pathType }} - {{- end }} backend: - {{- if $apiIsStable }} service: name: {{ $serviceName }} port: number: {{ $servicePort }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} {{- end -}} {{- end -}} {{- else }} @@ -55,19 +44,12 @@ spec: paths: {{- range $p := $paths }} - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} pathType: {{ $pathType }} - {{- end }} backend: - {{- if $apiIsStable }} service: name: {{ $serviceName }} port: number: {{ $servicePort }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} {{- end -}} {{- end -}} {{- if .Values.thanosRuler.ingress.tls }} diff --git a/charts/rancher-monitoring/templates/thanos-ruler/podDisruptionBudget.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml similarity index 59% rename from charts/rancher-monitoring/templates/thanos-ruler/podDisruptionBudget.yaml rename to charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml index c28f914..0b42c2c 100644 --- a/charts/rancher-monitoring/templates/thanos-ruler/podDisruptionBudget.yaml +++ b/charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml @@ -1,5 +1,5 @@ {{- if and .Values.thanosRuler.enabled .Values.thanosRuler.podDisruptionBudget.enabled }} -apiVersion: {{ include "kube-prometheus-stack.pdb.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "kube-prometheus-stack.thanosRuler.name" . }} @@ -8,12 +8,7 @@ metadata: app: {{ template "kube-prometheus-stack.thanosRuler.name" . }} {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: - {{- if .Values.thanosRuler.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.thanosRuler.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.thanosRuler.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.thanosRuler.podDisruptionBudget.maxUnavailable }} - {{- end }} +{{- toYaml (omit .Values.thanosRuler.podDisruptionBudget "enabled") | nindent 2 }} selector: matchLabels: app.kubernetes.io/name: thanos-ruler diff --git a/charts/rancher-monitoring/templates/thanos-ruler/route.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/route.yaml similarity index 94% rename from charts/rancher-monitoring/templates/thanos-ruler/route.yaml rename to charts/kube-prometheus-stack/templates/thanos-ruler/route.yaml index d7999f4..3038df3 100644 --- a/charts/rancher-monitoring/templates/thanos-ruler/route.yaml +++ b/charts/kube-prometheus-stack/templates/thanos-ruler/route.yaml @@ -40,7 +40,10 @@ spec: statusCode: 301 {{- else }} - backendRefs: - - name: {{ $serviceName }} + - group: "" + kind: Service + weight: 1 + name: {{ $serviceName }} port: {{ $servicePort }} {{- with $route.filters }} filters: diff --git a/charts/rancher-monitoring/templates/thanos-ruler/ruler.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml similarity index 91% rename from charts/rancher-monitoring/templates/thanos-ruler/ruler.yaml rename to charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml index 686a563..8c7d9c8 100644 --- a/charts/rancher-monitoring/templates/thanos-ruler/ruler.yaml +++ b/charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml @@ -13,7 +13,7 @@ metadata: {{- end }} spec: {{- if .Values.thanosRuler.thanosRulerSpec.image }} - {{- $registry := include "monitoring_registry" . | default .Values.thanosRuler.thanosRulerSpec.image.registry -}} + {{- $registry := .Values.global.imageRegistry | default .Values.thanosRuler.thanosRulerSpec.image.registry -}} {{- if and .Values.thanosRuler.thanosRulerSpec.image.tag .Values.thanosRuler.thanosRulerSpec.image.sha }} image: "{{ $registry }}/{{ .Values.thanosRuler.thanosRulerSpec.image.repository }}:{{ .Values.thanosRuler.thanosRulerSpec.image.tag }}@sha256:{{ .Values.thanosRuler.thanosRulerSpec.image.sha }}" {{- else if .Values.thanosRuler.thanosRulerSpec.image.sha }} @@ -29,6 +29,9 @@ spec: {{- end }} replicas: {{ .Values.thanosRuler.thanosRulerSpec.replicas }} listenLocal: {{ .Values.thanosRuler.thanosRulerSpec.listenLocal }} + {{- if .Values.thanosRuler.thanosRulerSpec.serviceName }} + serviceName: {{ tpl .Values.thanosRuler.thanosRulerSpec.serviceName . }} + {{- end }} serviceAccountName: {{ template "kube-prometheus-stack.thanosRuler.serviceAccountName" . }} {{- if .Values.thanosRuler.thanosRulerSpec.externalPrefix }} externalPrefix: "{{ tpl .Values.thanosRuler.thanosRulerSpec.externalPrefix . }}" @@ -37,7 +40,6 @@ spec: {{- else if .Values.thanosRuler.thanosRulerSpec.externalPrefixNilUsesHelmValues }} externalPrefix: "http://{{ template "kube-prometheus-stack.thanosRuler.name" . }}.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.thanosRuler.service.port }}" {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 4 }} {{- if .Values.thanosRuler.thanosRulerSpec.additionalArgs }} additionalArgs: {{ tpl (toYaml .Values.thanosRuler.thanosRulerSpec.additionalArgs) $ | indent 4 }} @@ -105,6 +107,9 @@ spec: {{- if .Values.thanosRuler.thanosRulerSpec.routePrefix }} routePrefix: "{{ .Values.thanosRuler.thanosRulerSpec.routePrefix }}" {{- end }} +{{- if kindIs "bool" .Values.thanosRuler.thanosRulerSpec.hostUsers }} + hostUsers: {{ .Values.thanosRuler.thanosRulerSpec.hostUsers }} +{{- end }} {{- if .Values.thanosRuler.thanosRulerSpec.securityContext }} securityContext: {{ toYaml .Values.thanosRuler.thanosRulerSpec.securityContext | indent 4 }} @@ -155,8 +160,8 @@ spec: - {key: app.kubernetes.io/name, operator: In, values: [thanos-ruler]} - {key: thanos-ruler, operator: In, values: [{{ template "kube-prometheus-stack.thanosRuler.crname" . }}]} {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 4 }} {{- if .Values.thanosRuler.thanosRulerSpec.tolerations }} + tolerations: {{ toYaml .Values.thanosRuler.thanosRulerSpec.tolerations | indent 4 }} {{- end }} {{- if .Values.thanosRuler.thanosRulerSpec.topologySpreadConstraints }} @@ -191,6 +196,16 @@ spec: {{ toYaml .Values.thanosRuler.thanosRulerSpec.alertDropLabels | indent 4 }} {{- end }} portName: {{ .Values.thanosRuler.thanosRulerSpec.portName }} +{{- if .Values.thanosRuler.thanosRulerSpec.podManagementPolicy }} + podManagementPolicy: {{ .Values.thanosRuler.thanosRulerSpec.podManagementPolicy }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.updateStrategy }} + updateStrategy: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.updateStrategy | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.thanosRuler.thanosRulerSpec.terminationGracePeriodSeconds }} +{{- end }} {{- with .Values.thanosRuler.thanosRulerSpec.additionalConfig }} {{- tpl (toYaml .) $ | nindent 2 }} {{- end }} diff --git a/charts/rancher-monitoring/templates/thanos-ruler/secret.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/secret.yaml similarity index 100% rename from charts/rancher-monitoring/templates/thanos-ruler/secret.yaml rename to charts/kube-prometheus-stack/templates/thanos-ruler/secret.yaml diff --git a/charts/rancher-monitoring/templates/thanos-ruler/service.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/service.yaml similarity index 96% rename from charts/rancher-monitoring/templates/thanos-ruler/service.yaml rename to charts/kube-prometheus-stack/templates/thanos-ruler/service.yaml index e2cca29..7480f5a 100644 --- a/charts/rancher-monitoring/templates/thanos-ruler/service.yaml +++ b/charts/kube-prometheus-stack/templates/thanos-ruler/service.yaml @@ -1,4 +1,4 @@ -{{- if .Values.thanosRuler.enabled }} +{{- if and .Values.thanosRuler.enabled .Values.thanosRuler.service.enabled }} apiVersion: v1 kind: Service metadata: diff --git a/charts/rancher-monitoring/templates/thanos-ruler/serviceaccount.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/serviceaccount.yaml similarity index 100% rename from charts/rancher-monitoring/templates/thanos-ruler/serviceaccount.yaml rename to charts/kube-prometheus-stack/templates/thanos-ruler/serviceaccount.yaml diff --git a/charts/rancher-monitoring/templates/thanos-ruler/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/servicemonitor.yaml similarity index 90% rename from charts/rancher-monitoring/templates/thanos-ruler/servicemonitor.yaml rename to charts/kube-prometheus-stack/templates/thanos-ruler/servicemonitor.yaml index d26ddce..83bd8ba 100644 --- a/charts/rancher-monitoring/templates/thanos-ruler/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/thanos-ruler/servicemonitor.yaml @@ -41,16 +41,6 @@ spec: {{- if .Values.thanosRuler.serviceMonitor.metricRelabelings }} metricRelabelings: {{- tpl (toYaml .Values.thanosRuler.serviceMonitor.metricRelabelings | nindent 6) . }} {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} {{- if .Values.thanosRuler.serviceMonitor.relabelings }} relabelings: {{- toYaml .Values.thanosRuler.serviceMonitor.relabelings | nindent 6 }} {{- end }} diff --git a/charts/rancher-monitoring/values.yaml b/charts/kube-prometheus-stack/values.yaml similarity index 82% rename from charts/rancher-monitoring/values.yaml rename to charts/kube-prometheus-stack/values.yaml index 1c9d267..4ab82cf 100644 --- a/charts/rancher-monitoring/values.yaml +++ b/charts/kube-prometheus-stack/values.yaml @@ -2,637 +2,13 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# Rancher Monitoring Configuration - -## Configuration for prometheus-adapter -## ref: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-adapter -## -prometheus-adapter: - enabled: true - prometheus: - # Change this if you change the namespaceOverride or nameOverride of prometheus-operator - url: http://rancher-monitoring-prometheus.cattle-monitoring-system.svc - port: 9090 - -## RKE PushProx Monitoring -## ref: https://github.com/rancher/charts/tree/dev-v2.9/packages/rancher-monitoring/rancher-pushprox -## -rkeControllerManager: - enabled: false - metricsPort: 10257 # default to secure port as of k8s >= 1.22 - component: kube-controller-manager - clients: - https: - enabled: true - insecureSkipVerify: true - useServiceAccountCredentials: true - port: 10011 - useLocalhost: true - nodeSelector: - node-role.kubernetes.io/controlplane: "true" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - kubeVersionOverrides: - - constraint: "< 1.22" - values: - metricsPort: 10252 # default to insecure port in k8s < 1.22 - clients: - https: - enabled: false - insecureSkipVerify: false - useServiceAccountCredentials: false - -rkeScheduler: - enabled: false - metricsPort: 10259 - component: kube-scheduler - clients: - https: - enabled: true - insecureSkipVerify: true - useServiceAccountCredentials: true - port: 10012 - useLocalhost: true - nodeSelector: - node-role.kubernetes.io/controlplane: "true" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - kubeVersionOverrides: - - constraint: "< 1.23" - values: - metricsPort: 10251 # default to insecure port in k8s < 1.23 - clients: - https: - enabled: false - insecureSkipVerify: false - useServiceAccountCredentials: false - -rkeProxy: - enabled: false - metricsPort: 10249 - component: kube-proxy - clients: - port: 10013 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -rkeEtcd: - enabled: false - metricsPort: 2379 - component: kube-etcd - clients: - port: 10014 - https: - enabled: true - certDir: /etc/kubernetes/ssl - certFile: kube-etcd-*.pem - keyFile: kube-etcd-*-key.pem - caCertFile: kube-ca.pem - seLinuxOptions: - # Gives rkeEtcd permissions to read files in /etc/kubernetes/* - # Type is defined in https://github.com/rancher/rancher-selinux - type: rke_kubereader_t - nodeSelector: - node-role.kubernetes.io/etcd: "true" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -rkeIngressNginx: - enabled: false - metricsPort: 10254 - component: ingress-nginx - clients: - port: 10015 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - nodeSelector: - node-role.kubernetes.io/worker: "true" - -## k3s PushProx Monitoring -## ref: https://github.com/rancher/charts/tree/dev-v2.9/packages/rancher-monitoring/rancher-pushprox -## -k3sServer: - enabled: false - metricsPort: 10250 - component: k3s-server - clients: - port: 10013 - useLocalhost: true - https: - enabled: true - useServiceAccountCredentials: true - insecureSkipVerify: true - rbac: - additionalRules: - - nonResourceURLs: ["/metrics/cadvisor"] - verbs: ["get"] - - apiGroups: [""] - resources: ["nodes/metrics"] - verbs: ["get"] - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - serviceMonitor: - endpoints: - - port: metrics - honorLabels: true - relabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - - port: metrics - path: /metrics/cadvisor - honorLabels: true - relabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - - port: metrics - path: /metrics/probes - honorLabels: true - relabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - -hardened: - k3s: - networkPolicy: - enabled: true - -## KubeADM PushProx Monitoring -## ref: https://github.com/rancher/charts/tree/dev-v2.9/packages/rancher-monitoring/rancher-pushprox -## -kubeAdmControllerManager: - enabled: false - metricsPort: 10257 - component: kube-controller-manager - clients: - port: 10011 - useLocalhost: true - https: - enabled: true - useServiceAccountCredentials: true - insecureSkipVerify: true - nodeSelector: - node-role.kubernetes.io/master: "" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -kubeAdmScheduler: - enabled: false - metricsPort: 10259 - component: kube-scheduler - clients: - port: 10012 - useLocalhost: true - https: - enabled: true - useServiceAccountCredentials: true - insecureSkipVerify: true - nodeSelector: - node-role.kubernetes.io/master: "" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -kubeAdmProxy: - enabled: false - metricsPort: 10249 - component: kube-proxy - clients: - port: 10013 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -kubeAdmEtcd: - enabled: false - metricsPort: 2381 - component: kube-etcd - clients: - port: 10014 - useLocalhost: true - nodeSelector: - node-role.kubernetes.io/master: "" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -## rke2 PushProx Monitoring -## ref: https://github.com/rancher/charts/tree/dev-v2.9/packages/rancher-monitoring/rancher-pushprox -## -rke2ControllerManager: - enabled: false - metricsPort: 10257 # default to secure port as of k8s >= 1.22 - component: kube-controller-manager - clients: - https: - enabled: true - insecureSkipVerify: true - useServiceAccountCredentials: true - port: 10011 - useLocalhost: true - nodeSelector: - node-role.kubernetes.io/master: "true" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - kubeVersionOverrides: - - constraint: "< 1.22" - values: - metricsPort: 10252 # default to insecure port in k8s < 1.22 - clients: - https: - enabled: false - insecureSkipVerify: false - useServiceAccountCredentials: false - -rke2Scheduler: - enabled: false - metricsPort: 10259 # default to secure port as of k8s >= 1.22 - component: kube-scheduler - clients: - https: - enabled: true - insecureSkipVerify: true - useServiceAccountCredentials: true - port: 10012 - useLocalhost: true - nodeSelector: - node-role.kubernetes.io/master: "true" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - kubeVersionOverrides: - - constraint: "< 1.22" - values: - metricsPort: 10251 # default to insecure port in k8s < 1.22 - clients: - https: - enabled: false - insecureSkipVerify: false - useServiceAccountCredentials: false - -rke2Proxy: - enabled: false - metricsPort: 10249 - component: kube-proxy - clients: - port: 10013 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -rke2Etcd: - enabled: false - metricsPort: 2381 - component: kube-etcd - clients: - port: 10014 - useLocalhost: true - nodeSelector: - node-role.kubernetes.io/etcd: "true" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -rke2IngressNginx: - enabled: false - metricsPort: 10254 - component: ingress-nginx - networkPolicy: - enabled: false - # in the RKE2 cluster, the ingress-nginx-controller is deployed - # as a non-hostNetwork workload starting at the following versions - # - >= v1.22.12+rke2r1 < 1.23.0-0 - # - >= v1.23.9+rke2r1 < 1.24.0-0 - # - >= v1.24.3+rke2r1 < 1.25.0-0 - # - >= v1.25.0+rke2r1 - # As a result we do not need clients and proxies as we can directly create - # a service that targets the workload with the given app name - namespaceOverride: kube-system - clients: - enabled: false - proxy: - enabled: false - service: - selector: - app.kubernetes.io/name: rke2-ingress-nginx - kubeVersionOverrides: - - constraint: "< 1.21.0-0" - values: - namespaceOverride: "" - clients: - enabled: true - port: 10015 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: "app.kubernetes.io/component" - operator: "In" - values: - - "controller" - topologyKey: "kubernetes.io/hostname" - namespaces: - - "kube-system" - # in the RKE2 cluster, the ingress-nginx-controller is deployed as - # a DaemonSet with 1 pod when RKE2 version is < 1.21.0-0 - deployment: - enabled: false - proxy: - enabled: true - service: - selector: false - - constraint: ">= 1.21.0-0 < 1.22.12-0" - values: - namespaceOverride: "" - clients: - enabled: true - port: 10015 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: "app.kubernetes.io/component" - operator: "In" - values: - - "controller" - topologyKey: "kubernetes.io/hostname" - namespaces: - - "kube-system" - # in the RKE2 cluster, the ingress-nginx-controller is deployed as - # a hostNetwork Deployment with 1 pod when RKE2 version is >= 1.21.0-0 - deployment: - enabled: true - replicas: 1 - proxy: - enabled: true - service: - selector: false - - constraint: ">= 1.23.0-0 < v1.23.9-0" - values: - namespaceOverride: "" - clients: - enabled: true - port: 10015 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: "app.kubernetes.io/component" - operator: "In" - values: - - "controller" - topologyKey: "kubernetes.io/hostname" - namespaces: - - "kube-system" - # in the RKE2 cluster, the ingress-nginx-controller is deployed as - # a hostNetwork Deployment with 1 pod when RKE2 version is >= 1.20.0-0 - deployment: - enabled: true - replicas: 1 - proxy: - enabled: true - service: - selector: false - - constraint: ">= 1.24.0-0 < v1.24.3-0" - values: - namespaceOverride: "" - clients: - enabled: true - port: 10015 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: "app.kubernetes.io/component" - operator: "In" - values: - - "controller" - topologyKey: "kubernetes.io/hostname" - namespaces: - - "kube-system" - # in the RKE2 cluster, the ingress-nginx-controller is deployed as - # a hostNetwork Deployment with 1 pod when RKE2 version is >= 1.20.0-0 - deployment: - enabled: true - replicas: 1 - proxy: - enabled: true - service: - selector: false - - - -## Additional PushProx Monitoring -## ref: https://github.com/rancher/charts/tree/dev-v2.9/packages/rancher-monitoring/rancher-pushprox -## - -# hardenedKubelet can only be deployed if kubelet.enabled=true -# If enabled, it replaces the ServiceMonitor deployed by the default kubelet option with a -# PushProx-based exporter that does not require a host port to be open to scrape metrics. -hardenedKubelet: - enabled: false - metricsPort: 10250 - component: kubelet - clients: - port: 10015 - useLocalhost: true - https: - enabled: true - useServiceAccountCredentials: true - insecureSkipVerify: true - rbac: - additionalRules: - - nonResourceURLs: ["/metrics/cadvisor"] - verbs: ["get"] - - apiGroups: [""] - resources: ["nodes/metrics"] - verbs: ["get"] - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - serviceMonitor: - endpoints: - - port: metrics - honorLabels: true - relabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - - port: metrics - path: /metrics/cadvisor - honorLabels: true - relabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - - port: metrics - path: /metrics/probes - honorLabels: true - relabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - -# hardenedNodeExporter can only be deployed if nodeExporter.enabled=true -# If enabled, it replaces the ServiceMonitor deployed by the default nodeExporter with a -# PushProx-based exporter that does not require a host port to be open to scrape metrics. -hardenedNodeExporter: - enabled: false - metricsPort: 9796 - component: node-exporter - clients: - port: 10016 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -## Upgrades -upgrade: - ## Run upgrade scripts before an upgrade or rollback via a Job hook - enabled: true - ## Image to use to run the scripts - image: - repository: rancher/kuberlr-kubectl - tag: v4.0.1 - -## Rancher Monitoring -## - -rancherMonitoring: - enabled: true - - ## A namespaceSelector to identify the namespace to find the Rancher deployment - ## - namespaceSelector: - matchNames: - - cattle-system - - ## A selector to identify the Rancher deployment - ## If not set, the chart will try to search for the Rancher deployment in the cattle-system namespace and infer the selector values from it - ## If the Rancher deployment does not exist, no resources will be deployed. - ## - selector: {} - -## Component scraping nginx-ingress-controller -## -ingressNginx: - enabled: false - - ## The namespace to search for your nginx-ingress-controller - ## - namespace: ingress-nginx - - service: - port: 9913 - targetPort: 10254 - # selector: - # app: ingress-nginx - serviceMonitor: - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "30s" - - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" - - ## metric relabel configs to apply to samples before ingestion. - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - # relabel configs to apply to samples before ingestion. - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - -# Prometheus Operator Configuration - ## Provide a name in place of kube-prometheus-stack for `app:` labels -## NOTE: If you change this value, you must update the prometheus-adapter.prometheus.url ## -nameOverride: "rancher-monitoring" +nameOverride: "" ## Override the deployment namespace -## NOTE: If you change this value, you must update the prometheus-adapter.prometheus.url ## -namespaceOverride: "cattle-monitoring-system" +namespaceOverride: "" ## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.26.6 ## @@ -658,24 +34,28 @@ crds: enabled: true ## The CRD upgrade job mitigates the limitation of helm not being able to upgrade CRDs. ## The job will apply the CRDs to the cluster before the operator is deployed, using helm hooks. - ## It deploy a corresponding clusterrole, clusterrolebinding and serviceaccount to apply the CRDs. + ## It deploys a corresponding clusterrole, clusterrolebinding and serviceaccount to apply the CRDs. ## This feature is in preview, off by default and may change in the future. upgradeJob: enabled: false forceConflicts: false image: busybox: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 + registry: docker.io + repository: busybox + tag: "latest" + sha: "" pullPolicy: IfNotPresent kubectl: - repository: rancher/kuberlr-kubectl - tag: v4.0.2 + registry: registry.k8s.io + repository: kubectl + tag: "" # defaults to the Kubernetes version + sha: "" pullPolicy: IfNotPresent env: {} ## Define resources requests and limits for single Pods. - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ ## resources: {} @@ -688,12 +68,12 @@ crds: extraVolumeMounts: [] ## Define which Nodes the Pods are scheduled on. - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector ## nodeSelector: {} ## Assign custom affinity rules to the upgrade-crd job - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## affinity: {} # nodeAffinity: @@ -707,7 +87,7 @@ crds: # - e2e-az2 ## If specified, the pod's tolerations. - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ ## tolerations: [] # - key: "key" @@ -716,7 +96,7 @@ crds: # effect: "NoSchedule" ## If specified, the pod's topology spread constraints. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## topologySpreadConstraints: [] # - maxSkew: 1 @@ -752,6 +132,10 @@ crds: labels: {} automountServiceAccountToken: true + ## Automounting API credentials for upgrade crd job pod. + ## + automountServiceAccountToken: true + ## Container-specific security context configuration ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @@ -774,7 +158,7 @@ crds: seccompProfile: type: RuntimeDefault -## custom Rules to override "for" and "severity" in defaultRules +## Custom rules to override "for" and "severity" in defaultRules ## customRules: {} # AlertmanagerFailedReload: @@ -823,6 +207,11 @@ defaultRules: prometheusOperator: true windows: true + # Defines the operator for namespace selection in rules + # Use "=~" to include namespaces matching the pattern (default) + # Use "!~" to exclude namespaces matching the pattern + appNamespacesOperator: "=~" + ## Reduce app namespace alert scope appNamespacesTarget: ".*" @@ -875,7 +264,7 @@ defaultRules: prometheus: {} prometheusOperator: {} - ## Additional annotations for specific PrometheusRule alerts groups + ## Additional annotations for specific PrometheusRule alert groups additionalRuleGroupAnnotations: alertmanager: {} etcd: {} @@ -946,52 +335,16 @@ additionalPrometheusRulesMap: {} ## global: - cattle: - - systemDefaultRegistry: "" - ## Windows Monitoring - ## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-windows-exporter - ## - ## Deploys a DaemonSet of Prometheus exporters based on https://github.com/prometheus-community/windows_exporter. - ## Every Windows host must have a wins version of 0.1.0+ to use this chart (default as of Rancher 2.5.8). - ## To upgrade wins versions on Windows hosts, see https://github.com/rancher/wins/tree/master/charts/rancher-wins-upgrader. - ## - windows: - enabled: false - seLinux: - enabled: false - kubectl: - repository: rancher/kuberlr-kubectl - tag: v4.0.2 - pullPolicy: IfNotPresent rbac: - ## Create RBAC resources for ServiceAccounts and users - ## create: true - userRoles: - ## Create default user ClusterRoles to allow users to interact with Prometheus CRs, ConfigMaps, and Secrets - create: true - ## Aggregate default user ClusterRoles into default k8s ClusterRoles - aggregateToDefaultRoles: true - ## Create ClusterRoles that extend the existing view, edit and admin ClusterRoles to interact with prometheus-operator CRDs ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles createAggregateClusterRoles: false - pspAnnotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - ## Global image registry to use if it needs to be overriden for some specific use cases (e.g local registries, custom images, ...) + ## Global image registry to use if it needs to be overridden for some specific use cases (e.g. local registries, custom images, ...) ## - imageRegistry: "docker.io" + imageRegistry: "" ## Reference to one or more secrets to be used when pulling images ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ @@ -1005,13 +358,6 @@ windowsMonitoring: ## Deploys the windows-exporter and Windows-specific dashboards and rules (job name must be 'windows-exporter') enabled: false -loggingMonitors: - ## Deploys logging-specific dashboards, make sure to also set metrics.serviceMonitor to true in the logging chart for both fluentd and fluentbit - fluentd: - enabled: false - fluentbit: - enabled: false - ## Configuration for prometheus-windows-exporter ## ref: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-windows-exporter ## @@ -1045,11 +391,18 @@ alertmanager: ## enabled: true + # Optional: Override the namespace where Alertmanager will be deployed. + namespaceOverride: "" + ## Annotations for Alertmanager ## annotations: {} - ## Api that prometheus will use to communicate with alertmanager. Possible values are v1, v2 + ## Additional labels for Alertmanager + ## + additionalLabels: {} + + ## API that Prometheus will use to communicate with alertmanager. Possible values are v1, v2 ## apiVersion: v2 @@ -1149,7 +502,39 @@ alertmanager: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" + unhealthyPodEvictionPolicy: AlwaysAllow + + ## Enable vertical pod autoscaler support for Alertmanager + ## ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler + ## + verticalPodAutoscaler: + enabled: false + + # Recommender responsible for generating recommendation for the object. + # List should be empty (then the default recommender will generate the recommendation) + # or contain exactly one recommender. + # recommenders: + # - name: custom-recommender-performance + + # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + controlledResources: [] + # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits. + # controlledValues: RequestsAndLimits + + # Define the max allowed resources for the pod + maxAllowed: {} + # cpu: 200m + # memory: 100Mi + # Define the min allowed resources for the pod + minAllowed: {} + # cpu: 200m + # memory: 100Mi + + updatePolicy: + # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates + # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "InPlaceOrRecreate". + updateMode: Recreate ## Alertmanager configuration directives ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file @@ -1197,7 +582,7 @@ alertmanager: - '/etc/alertmanager/config/*.tmpl' ## Alertmanager configuration directives (as string type, preferred over the config hash map) - ## stringConfig will be used only, if tplConfig is true + ## stringConfig will be used only if tplConfig is true ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file ## https://prometheus.io/webtools/alerting/routing-tree-editor/ ## @@ -1221,83 +606,30 @@ alertmanager: ## ref: https://prometheus.io/docs/alerting/notifications/ ## https://prometheus.io/docs/alerting/notification_examples/ ## - templateFiles: - rancher_defaults.tmpl: |- - {{- define "slack.rancher.text" -}} - {{ template "rancher.text_multiple" . }} - {{- end -}} - - {{- define "rancher.text_multiple" -}} - *[GROUP - Details]* - One or more alarms in this group have triggered a notification. - - {{- if gt (len .GroupLabels.Values) 0 }} - *Group Labels:* - {{- range .GroupLabels.SortedPairs }} - • *{{ .Name }}:* `{{ .Value }}` - {{- end }} - {{- end }} - {{- if .ExternalURL }} - *Link to AlertManager:* {{ .ExternalURL }} - {{- end }} - - {{- range .Alerts }} - {{ template "rancher.text_single" . }} - {{- end }} - {{- end -}} - - {{- define "rancher.text_single" -}} - {{- if .Labels.alertname }} - *[ALERT - {{ .Labels.alertname }}]* - {{- else }} - *[ALERT]* - {{- end }} - {{- if .Labels.severity }} - *Severity:* `{{ .Labels.severity }}` - {{- end }} - {{- if .Labels.cluster }} - *Cluster:* {{ .Labels.cluster }} - {{- end }} - {{- if .Annotations.summary }} - *Summary:* {{ .Annotations.summary }} - {{- end }} - {{- if .Annotations.message }} - *Message:* {{ .Annotations.message }} - {{- end }} - {{- if .Annotations.description }} - *Description:* {{ .Annotations.description }} - {{- end }} - {{- if .Annotations.runbook_url }} - *Runbook URL:* <{{ .Annotations.runbook_url }}|:spiral_note_pad:> - {{- end }} - {{- with .Labels }} - {{- with .Remove (stringSlice "alertname" "severity" "cluster") }} - {{- if gt (len .) 0 }} - *Additional Labels:* - {{- range .SortedPairs }} - • *{{ .Name }}:* `{{ .Value }}` - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- with .Annotations }} - {{- with .Remove (stringSlice "summary" "message" "description" "runbook_url") }} - {{- if gt (len .) 0 }} - *Additional Annotations:* - {{- range .SortedPairs }} - • *{{ .Name }}:* `{{ .Value }}` - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end -}} + templateFiles: {} + # + ## An example template: + # template_1.tmpl: |- + # {{ define "cluster" }}{{ .ExternalURL | reReplaceAll ".*alertmanager\\.(.*)" "$1" }}{{ end }} + # + # {{ define "slack.myorg.text" }} + # {{- $root := . -}} + # {{ range .Alerts }} + # *Alert:* {{ .Annotations.summary }} - `{{ .Labels.severity }}` + # *Cluster:* {{ template "cluster" $root }} + # *Description:* {{ .Annotations.description }} + # *Graph:* <{{ .GeneratorURL }}|:chart_with_upwards_trend:> + # *Runbook:* <{{ .Annotations.runbook }}|:spiral_note_pad:> + # *Details:* + # {{ range .Labels.SortedPairs }} - *{{ .Name }}:* `{{ .Value }}` + # {{ end }} + # {{ end }} + # {{ end }} ingress: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} @@ -1336,7 +668,7 @@ alertmanager: # Be aware that this is an early beta of this feature, # kube-prometheus-stack does not guarantee this works and is subject to change. # Being BETA this can/will change in the future without notice, do not use unless you want to take that risk - # [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2) + # [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2) route: main: # -- Enables or disables the route @@ -1377,18 +709,13 @@ alertmanager: secret: annotations: {} - # by default the alertmanager secret is not overwritten if it already exists - recreateIfExists: false - ## Configuration for creating an Ingress that will map to each Alertmanager replica service ## alertmanager.servicePerReplica must be enabled ## ingressPerReplica: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} labels: {} @@ -1427,6 +754,7 @@ alertmanager: ## Configuration for Alertmanager service ## service: + enabled: true annotations: {} labels: {} clusterIP: "" @@ -1449,7 +777,7 @@ alertmanager: ## nodePort: 30903 ## List of IP addresses at which the Prometheus server service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips ## ## Additional ports to open for Alertmanager service @@ -1563,7 +891,7 @@ alertmanager: enableHttp2: true ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. - ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig + ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig tlsConfig: {} bearerTokenFile: @@ -1612,12 +940,17 @@ alertmanager: ## podMetadata: {} + ## + serviceName: + ## Image of Alertmanager ## image: - repository: rancher/mirrored-prometheus-alertmanager - tag: v0.28.1 + registry: quay.io + repository: prometheus/alertmanager + tag: v0.32.0 sha: "" + pullPolicy: IfNotPresent ## If true then the user will be responsible to provide a secret with alertmanager configuration ## So when true the config part will be ignored (including templateFiles) and the one in the secret will be used @@ -1697,6 +1030,9 @@ alertmanager: # alertmanagerConfigMatcherStrategy: # type: OnNamespace + ## Additional command line arguments to pass to Alertmanager (in addition to those generated by the chart) + additionalArgs: [] + ## Define Log Format # Use logfmt (default) or json logging logFormat: logfmt @@ -1725,7 +1061,7 @@ alertmanager: # resources: # requests: # storage: 50Gi - # selector: {} + # selector: {} ## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false @@ -1741,7 +1077,7 @@ alertmanager: scheme: "" ## tlsConfig: TLS configuration to use when connect to the endpoint. For example if using istio mTLS. - ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig + ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig tlsConfig: {} ## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions. @@ -1749,20 +1085,16 @@ alertmanager: paused: false ## Define which Nodes the Pods are scheduled on. - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector ## nodeSelector: {} ## Define resources requests and limits for single Pods. - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ ## - resources: - limits: - memory: 500Mi - cpu: 1000m - requests: - memory: 100Mi - cpu: 100m + resources: {} + # requests: + # memory: 400Mi ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. @@ -1777,7 +1109,7 @@ alertmanager: podAntiAffinityTopologyKey: kubernetes.io/hostname ## Assign custom affinity rules to the alertmanager instance - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## affinity: {} # nodeAffinity: @@ -1791,7 +1123,7 @@ alertmanager: # - e2e-az2 ## If specified, the pod's tolerations. - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ ## tolerations: [] # - key: "key" @@ -1800,7 +1132,7 @@ alertmanager: # effect: "NoSchedule" ## If specified, the pod's topology spread constraints. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## topologySpreadConstraints: [] # - maxSkew: 1 @@ -1822,6 +1154,21 @@ alertmanager: seccompProfile: type: RuntimeDefault + ## Use the host's user namespace for Alertmanager pods. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + hostUsers: ~ + + ## DNS configuration for Alertmanager. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.PodDNSConfig + dnsConfig: {} + + ## DNS policy for Alertmanager. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#dnspolicystring-alias + dnsPolicy: "" + + ## Enable hostNetwork for Alertmanager. + hostNetwork: false + ## ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. ## Note this is only for the Alertmanager UI, not the gossip communication. ## @@ -1832,7 +1179,7 @@ alertmanager: containers: [] # containers: # - name: oauth-proxy - # image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1 + # image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.2 # args: # - --upstream=http://127.0.0.1:9093 # - --http-address=0.0.0.0:8081 @@ -1874,15 +1221,15 @@ alertmanager: clusterAdvertiseAddress: false ## clusterGossipInterval determines interval between gossip attempts. - ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) clusterGossipInterval: "" ## clusterPeerTimeout determines timeout for cluster peering. - ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) clusterPeerTimeout: "" ## clusterPushpullInterval determines interval between pushpull attempts. - ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) clusterPushpullInterval: "" ## clusterLabel defines the identifier that uniquely identifies the Alertmanager cluster. @@ -1896,6 +1243,21 @@ alertmanager: ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready). minReadySeconds: 0 + ## Pod management policy. Kubernetes default is OrderedReady but prometheus-operator default is Parallel. + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + podManagementPolicy: "" + + ## Update strategy for the StatefulSet. + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + updateStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxUnavailable: 1 + + ## Duration in seconds the pod needs to terminate gracefully. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination + terminationGracePeriodSeconds: ~ + ## Additional configuration which is not covered by the properties above. (passed through tpl) additionalConfig: {} @@ -1915,36 +1277,12 @@ alertmanager: # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0 # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c. -## Using default values from https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml +## Using default values from https://github.com/grafana-community/helm-charts/blob/main/charts/grafana/values.yaml ## grafana: enabled: true namespaceOverride: "" - ## Grafana's primary configuration - ## NOTE: values in map will be converted to ini format - ## ref: http://docs.grafana.org/installation/configuration/ - ## - grafana.ini: - users: - auto_assign_org_role: Viewer - auth: - disable_login_form: false - auth.anonymous: - enabled: true - org_role: Viewer - auth.basic: - enabled: false - dashboards: - # Modify this value to change the default dashboard shown on the main Grafana page - default_home_dashboard_path: /tmp/dashboards/rancher-default-home.json - security: - # Required to embed dashboards in Rancher Cluster Overview Dashboard on Cluster Explorer - allow_embedding: true - - deploymentStrategy: - type: Recreate - ## ForceDeployDatasources Create datasource configmap even if grafana deployment has been disabled ## forceDeployDatasources: false @@ -1957,17 +1295,65 @@ grafana: ## defaultDashboardsEnabled: true - # Additional options for defaultDashboards - defaultDashboards: - # The default namespace to place defaultDashboards within - namespace: cattle-dashboards - # Whether to create the default namespace as a Helm managed namespace or use an existing namespace - # If false, the defaultDashboards.namespace will be created as a Helm managed namespace - useExistingNamespace: false - # Whether the Helm managed namespace created by this chart should be left behind on a Helm uninstall - # If you place other dashboards in this namespace, then they will be deleted on a helm uninstall - # Ignore if useExistingNamespace is true - cleanupOnUninstall: false + ## Deploy GrafanaDashboard CRDs that reference dashboards from ConfigMaps when grafana-operator is used + ## These settings control how dashboards are integrated with the Grafana Operator + ## Note: End user still need to create is own kind: GrafanaDataSource for Prometheus + ## eg: + ## apiVersion: grafana.integreatly.org/v1beta1 + ## kind: GrafanaDatasource + ## metadata: + ## name: prometheus + ## annotations: {} + ## spec: + ## allowCrossNamespaceImport: true + ## instanceSelector: + ## matchLabels: + ## app: grafana + ## datasource: + ## name: prometheus + ## type: prometheus + ## access: proxy + ## url: http://prometheus-operated.prometheus-stack.svc.cluster.local:9090 + ## isDefault: true + ## jsonData: + ## "tlsSkipVerify": true + ## "timeInterval": "5s" + ## + operator: + ## Enable references to ConfigMaps containing dashboards in GrafanaDashboard CRs + ## Set to true to allow dashboards to be loaded from ConfigMap references + dashboardsConfigMapRefEnabled: false + + ## Annotations for GrafanaDashboard Cr + ## + annotations: {} + ## Labels that should be matched kind: Grafana instance + ## Example: { app: grafana, category: dashboard } + ## + matchLabels: {} + + ## How frequently the operator should resync resources (in duration format) + ## Controls how often dashboards are reconciled by the operator + ## + resyncPeriod: 10m + + ## Which folder contains all dashboards in Grafana + ## This folder will be created on the Root level + ## Only one of 'folder', 'folderUID' or 'folderRef' can be set + ## + folder: General + + ## Which UID of the target folder contains all dashboards in Grafana + ## This allows you to use subfolder hierarchy + ## Only one of 'folder', 'folderUID' or 'folderRef' can be set + ## + folderUID: null + + ## Which GrafanaFolder reference contains all dashboards in Grafana + ## This allows you to use subfolder hierarchy. + ## Only one of 'folder', 'folderUID' or 'folderRef' can be set + ## + folderRef: null ## Timezone for the default dashboards ## Other options are: browser or a specific timezone, i.e. Europe/Luxembourg @@ -1982,8 +1368,16 @@ grafana: ## defaultDashboardsInterval: 1m + # Administrator credentials when not using an existing secret (see below) adminUser: admin - adminPassword: prom-operator + # adminPassword: strongpassword + + # Use an existing secret for the admin user. + admin: + ## Name of the secret. Can be templated. + existingSecret: "" + userKey: admin-user + passwordKey: admin-password rbac: ## If true, Grafana PSPs will be created @@ -2048,8 +1442,9 @@ grafana: dashboards: enabled: true label: grafana_dashboard - searchNamespace: cattle-dashboards labelValue: "1" + # Allow discovery in all namespaces for dashboards + searchNamespace: ALL # Support for new table panels, when enabled grafana auto migrates the old table panels to newer table panels enableNewTablePanelSyntax: false @@ -2072,6 +1467,10 @@ grafana: name: Prometheus uid: prometheus + ## Extra jsonData properties to add to the datasource + # extraJsonData: + # prometheusType: Prometheus + ## URL of prometheus datasource ## # url: http://prometheus-stack-prometheus:9090/ @@ -2079,6 +1478,10 @@ grafana: ## Prometheus request timeout in seconds # timeout: 30 + ## Query parameters to add, as a URL-encoded string, + ## to query Prometheus + # customQueryParameters: "" + # If not defined, will use prometheus.prometheusSpec.scrapeInterval or its default # defaultDatasourceScrapeInterval: 15s @@ -2090,10 +1493,12 @@ grafana: httpMethod: POST ## Create datasource for each Pod of Prometheus StatefulSet; - ## this uses headless service `prometheus-operated` which is - ## created by Prometheus Operator + ## this uses by default the headless service `prometheus-operated` which is + ## created by Prometheus Operator. In case you deployed your own Service for your + ## Prometheus instance, you can specify it with the field `prometheusServiceName` ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/0fee93e12dc7c2ea1218f19ae25ec6b893460590/pkg/prometheus/statefulset.go#L255-L286 createPrometheusReplicasDatasources: false + prometheusServiceName: prometheus-operated label: grafana_datasource labelValue: "1" @@ -2121,7 +1526,7 @@ grafana: # orgId: 1 ## Configure additional grafana datasources (passed through tpl) - ## ref: http://docs.grafana.org/administration/provisioning/#datasources + ## ref: https://grafana.com/docs/grafana/latest/administration/provisioning/#datasources additionalDataSources: [] # - name: prometheus-sample # access: proxy @@ -2137,77 +1542,25 @@ grafana: # url: https://{{ printf "%s-prometheus.svc" .Release.Name }}:9090 # version: 1 + ## Configure additional grafana datasources as a templated string (passed through tpl) + ## Useful when you need Helm flow control or templating inside the datasource definition + additionalDataSourcesString: "" + # Flag to mark provisioned data sources for deletion if they are no longer configured. # It takes no effect if data sources are already listed in the deleteDatasources section. - # ref: https://grafana.com/docs/grafana/latest/administration/provisioning/#example-data-source-config-file + # ref: https://grafana.com/docs/grafana/latest/administration/provisioning/#example-data-source-configuration-file prune: false ## Passed to grafana subchart and used by servicemonitor below ## service: - portName: nginx-http - ## Port for Grafana Service to listen on - ## - port: 80 - ## To be used with a proxy extraContainer port - ## - targetPort: 8080 - ## Port to expose on each node - ## Only used if service.type is 'NodePort' - ## - nodePort: 30950 - ## Service type - ## - type: ClusterIP - + portName: http-web ipFamilies: [] ipFamilyPolicy: "" - proxy: - image: - repository: rancher/mirrored-library-nginx - tag: 1.27.2-alpine - - ## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod - extraContainers: | - - name: grafana-proxy - args: - - nginx - - -g - - daemon off; - - -c - - /nginx/nginx.conf - image: "{{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - ports: - - containerPort: 8080 - name: nginx-http - protocol: TCP - volumeMounts: - - mountPath: /nginx - name: grafana-nginx - - mountPath: /var/cache/nginx - name: nginx-home - securityContext: - runAsUser: 101 - runAsGroup: 101 - - ## Volumes that can be used in containers - extraContainerVolumes: - - name: nginx-home - emptyDir: {} - - name: grafana-nginx - configMap: - name: grafana-nginx-proxy-config - items: - - key: nginx.conf - mode: 438 - path: nginx.conf - - ## If true, create a serviceMonitor for grafana - ## serviceMonitor: # If true, a ServiceMonitor CRD is created for a prometheus operator - # https://github.com/coreos/prometheus-operator + # https://github.com/prometheus-operator/prometheus-operator # enabled: true @@ -2238,17 +1591,6 @@ grafana: # replacement: $1 # action: replace - resources: - limits: - memory: 200Mi - cpu: 200m - requests: - memory: 100Mi - cpu: 100m - - testFramework: - enabled: false - ## Flag to disable all the kubernetes component scrapers ## kubernetesServiceMonitors: @@ -2339,6 +1681,10 @@ kubelet: enabled: true namespace: kube-system + # Overrides the job selector in Grafana dashboards and Prometheus rules + # For k3s clusters, change to k3s-server + jobNameOverride: "" + serviceMonitor: enabled: true ## Enable scraping /metrics from kubelet's service @@ -2577,7 +1923,11 @@ kubelet: ## Component scraping the kube controller manager ## kubeControllerManager: - enabled: false + enabled: true + + # Overrides the job selector in Grafana dashboards and Prometheus rules + # For k3s clusters, change to k3s-server + jobNameOverride: "" ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on ## @@ -2689,6 +2039,7 @@ coreDns: enabled: true port: 9153 targetPort: 9153 + ipDualStack: enabled: false ipFamilies: ["IPv6", "IPv4"] @@ -2762,6 +2113,11 @@ coreDns: ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor targetLabels: [] + ## File containing bearer token to be used when scraping targets + ## Empty value do not send any bearer token. + ## + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + ## Component scraping kubeDns. Use either this or coreDns ## kubeDns: @@ -2860,10 +2216,15 @@ kubeDns: ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor targetLabels: [] + ## File containing bearer token to be used when scraping targets + ## Empty value do not send any bearer token. + ## + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + ## Component scraping etcd ## kubeEtcd: - enabled: false + enabled: true ## If your etcd is not deployed as a pod, specify IPs it can be found on ## @@ -2969,10 +2330,19 @@ kubeEtcd: ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor targetLabels: [] + ## File containing bearer token to be used when scraping targets + ## Empty value do not send any bearer token. + ## + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + ## Component scraping kube scheduler ## kubeScheduler: - enabled: false + enabled: true + + # Overrides the job selector in Grafana dashboards and Prometheus rules + # For k3s clusters, change to k3s-server + jobNameOverride: "" ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on ## @@ -3078,7 +2448,11 @@ kubeScheduler: ## Component scraping kube proxy ## kubeProxy: - enabled: false + enabled: true + + # Overrides the job selector in Grafana dashboards and Prometheus rules + # For k3s clusters, change to k3s-server + jobNameOverride: "" ## If your kube proxy is not deployed as a pod, specify IPs it can be found on ## @@ -3167,6 +2541,11 @@ kubeProxy: ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor targetLabels: [] + ## File containing bearer token to be used when scraping targets + ## Empty value do not send any bearer token. + ## + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + ## Component scraping kube state metrics ## kubeStateMetrics: @@ -3175,9 +2554,7 @@ kubeStateMetrics: ## Configuration for kube-state-metrics subchart ## kube-state-metrics: - namespaceOverride: "" - rbac: - create: true + ## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box releaseLabel: true ## Enable scraping via kubernetes-service-endpoints @@ -3187,69 +2564,19 @@ kube-state-metrics: prometheus: monitor: - ## Enable scraping via service monitor ## Disable to prevent duplication if you enable prometheusScrape above - ## enabled: true - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" + ## kube-state-metrics endpoint + http: + ## Keep labels from scraped data, overriding server-side labels + honorLabels: true - ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. - ## - sampleLimit: 0 - - ## TargetLimit defines a limit on the number of scraped targets that will be accepted. - ## - targetLimit: 0 - - ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelLimit: 0 - - ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelNameLengthLimit: 0 - - ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelValueLengthLimit: 0 - - ## Scrape Timeout. If not set, the Prometheus default scrape timeout is used. - ## - scrapeTimeout: "" - - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" - - # Keep labels from scraped data, overriding server-side labels - ## - honorLabels: true - - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - selfMonitor: - enabled: false + ## selfMonitor endpoint + metrics: + ## Keep labels from scraped data, overriding server-side labels + honorLabels: true ## Deploy node exporter as a daemonset to all nodes ## @@ -3272,13 +2599,13 @@ nodeExporter: prometheus-node-exporter: namespaceOverride: "" podLabels: - ## Add the 'node-exporter' label to be used by serviceMonitor to match standard common usage in rules and grafana dashboards + ## Add the 'node-exporter' label to be used by serviceMonitor and podMonitor to match standard common usage in rules and grafana dashboards ## jobLabel: node-exporter releaseLabel: true extraArgs: - - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) - - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ + - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/containerd/.+|var/lib/docker/.+|var/lib/kubelet/.+)($|/) + - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs|erofs)$ service: portName: http-metrics ipDualStack: @@ -3352,6 +2679,11 @@ prometheus-node-exporter: # attachMetadata: # node: false + podMonitor: + enabled: false + + jobLabel: jobLabel + rbac: ## If true, create PSPs for node-exporter ## @@ -3377,7 +2709,7 @@ prometheusOperator: ## tls: enabled: true - # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants + # Value must match version names from https://pkg.go.dev/crypto/tls#pkg-constants tlsMinVersion: VersionTLS13 # The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules. internalPort: 10250 @@ -3423,6 +2755,7 @@ prometheusOperator: namespaceSelector: {} objectSelector: {} + matchConditions: {} mutatingWebhookConfiguration: annotations: {} @@ -3444,9 +2777,11 @@ prometheusOperator: strategy: {} # Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - podDisruptionBudget: {} - # maxUnavailable: 1 - # minAvailable: 1 + podDisruptionBudget: + enabled: false + minAvailable: 1 + # maxUnavailable: "" + unhealthyPodEvictionPolicy: AlwaysAllow ## Number of old replicasets to retain ## ## The default value is 10, 0 will garbage-collect old replicasets ## @@ -3456,7 +2791,7 @@ prometheusOperator: ## tls: enabled: true - # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants + # Value must match version names from https://pkg.go.dev/crypto/tls#pkg-constants tlsMinVersion: VersionTLS13 # The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules. internalPort: 10250 @@ -3509,7 +2844,7 @@ prometheusOperator: type: ClusterIP ## List of IP addresses at which the Prometheus server service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips ## externalIPs: [] @@ -3542,9 +2877,10 @@ prometheusOperator: ## Prometheus-operator webhook image ## image: - repository: rancher/mirrored-prometheus-operator-admission-webhook + registry: quay.io + repository: prometheus-operator/admission-webhook # if not set appVersion field from Chart.yaml is used - tag: v0.80.1 + tag: "" sha: "" pullPolicy: IfNotPresent @@ -3592,12 +2928,12 @@ prometheusOperator: hostNetwork: false ## Define which Nodes the Pods are scheduled on. - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector ## nodeSelector: {} ## Tolerations for use with node taints - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ ## tolerations: [] # - key: "key" @@ -3606,7 +2942,7 @@ prometheusOperator: # effect: "NoSchedule" ## Assign custom affinity rules to the prometheus operator - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## affinity: {} # nodeAffinity: @@ -3653,8 +2989,9 @@ prometheusOperator: patch: enabled: true image: - repository: rancher/mirrored-ingress-nginx-kube-webhook-certgen - tag: v1.5.1 + registry: ghcr.io + repository: jkroepke/kube-webhook-certgen + tag: 1.8.0 sha: "" pullPolicy: IfNotPresent resources: {} @@ -3820,7 +3157,7 @@ prometheusOperator: type: ClusterIP ## List of IP addresses at which the Prometheus server service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips ## externalIPs: [] @@ -3840,6 +3177,14 @@ prometheusOperator: ## podAnnotations: {} + ## Assign a podDisruptionBudget to the operator + ## + podDisruptionBudget: + enabled: false + minAvailable: 1 + # maxUnavailable: "" + unhealthyPodEvictionPolicy: AlwaysAllow + ## Assign a PriorityClassName to pods if set # priorityClassName: "" @@ -3866,7 +3211,7 @@ prometheusOperator: kubeletEndpointSliceEnabled: false ## Extra arguments to pass to prometheusOperator - # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/operator.md + # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/operator.md extraArgs: [] # - --labels="cluster=talos-cluster" @@ -3946,12 +3291,12 @@ prometheusOperator: hostNetwork: false ## Define which Nodes the Pods are scheduled on. - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector ## nodeSelector: {} ## Tolerations for use with node taints - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ ## tolerations: [] # - key: "key" @@ -3960,7 +3305,7 @@ prometheusOperator: # effect: "NoSchedule" ## Assign custom affinity rules to the prometheus operator - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## affinity: {} # nodeAffinity: @@ -3990,6 +3335,10 @@ prometheusOperator: seccompProfile: type: RuntimeDefault + ## Setup hostUsers for prometheus-operator + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/ + hostUsers: ~ + ## Container-specific security context configuration ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @@ -4028,14 +3377,16 @@ prometheusOperator: # Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction # minReplicas: 1 # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates - # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto". - updateMode: Auto + # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "InPlaceOrRecreate". + updateMode: Recreate ## Prometheus-operator image ## image: - repository: rancher/mirrored-prometheus-operator-prometheus-operator - tag: v0.80.1 + registry: quay.io + repository: prometheus-operator/prometheus-operator + # if not set appVersion field from Chart.yaml is used + tag: "" sha: "" pullPolicy: IfNotPresent @@ -4059,8 +3410,10 @@ prometheusOperator: ## prometheusConfigReloader: image: - repository: rancher/mirrored-prometheus-operator-prometheus-config-reloader - tag: v0.80.1 + registry: quay.io + repository: prometheus-operator/prometheus-config-reloader + # if not set appVersion field from Chart.yaml is used + tag: "" sha: "" # add prometheus config reloader liveness and readiness probe. Default: false @@ -4078,8 +3431,10 @@ prometheusOperator: ## Thanos side-car image when configured ## thanosImage: - repository: rancher/mirrored-thanos-thanos - tag: v0.37.2 + registry: quay.io + repository: thanos/thanos + tag: v0.41.0 + sha: "" ## Set a Label Selector to filter watched prometheus and prometheusAgent ## @@ -4115,7 +3470,7 @@ prometheus: ## Toggle prometheus into agent mode ## Note many of features described below (e.g. rules, query, alerting, remote read, thanos) will not work in agent mode. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/designs/prometheus-agent.md + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/prometheus-agent.md ## agentMode: false @@ -4123,6 +3478,10 @@ prometheus: ## annotations: {} + ## Additional labels for Prometheus + ## + additionalLabels: {} + ## Configure network policy for the prometheus networkPolicy: enabled: false @@ -4133,6 +3492,8 @@ prometheus: # * cilium for cilium.io/v2/CiliumNetworkPolicy flavor: kubernetes + namespace: + # cilium: # endpointSelector: # egress: @@ -4213,7 +3574,7 @@ prometheus: scheme: "" ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. - ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig + ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig tlsConfig: {} bearerTokenFile: @@ -4259,6 +3620,7 @@ prometheus: ## Configuration for Prometheus service ## service: + enabled: true annotations: {} labels: {} clusterIP: "" @@ -4272,14 +3634,19 @@ prometheus: port: 9090 ## To be used with a proxy extraContainer port - targetPort: 8081 + targetPort: 9090 ## Port for Prometheus Reloader to listen on ## reloaderWebPort: 8080 + ## Port to expose for Prometheus Reloader + ## Only used if service.type is 'NodePort' + ## + reloaderWebNodePort: null + ## List of IP addresses at which the Prometheus server service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips ## externalIPs: [] @@ -4371,15 +3738,45 @@ prometheus: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" + unhealthyPodEvictionPolicy: AlwaysAllow + + ## Enable vertical pod autoscaler support for Prometheus + ## ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler + ## + verticalPodAutoscaler: + enabled: false + + # Recommender responsible for generating recommendation for the object. + # List should be empty (then the default recommender will generate the recommendation) + # or contain exactly one recommender. + # recommenders: + # - name: custom-recommender-performance + + # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + controlledResources: [] + # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits. + # controlledValues: RequestsAndLimits + + # Define the max allowed resources for the pod + maxAllowed: {} + # cpu: 200m + # memory: 100Mi + # Define the min allowed resources for the pod + minAllowed: {} + # cpu: 200m + # memory: 100Mi + + updatePolicy: + # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates + # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "InPlaceOrRecreate". + updateMode: Recreate # Ingress exposes thanos sidecar outside the cluster thanosIngress: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} labels: {} @@ -4427,9 +3824,7 @@ prometheus: ingress: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} labels: {} @@ -4466,7 +3861,7 @@ prometheus: # Be aware that this is an early beta of this feature, # kube-prometheus-stack does not guarantee this works and is subject to change. # Being BETA this can/will change in the future without notice, do not use unless you want to take that risk - # [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2) + # [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2) route: main: # -- Enables or disables the route @@ -4508,9 +3903,7 @@ prometheus: ingressPerReplica: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} labels: {} @@ -4546,13 +3939,6 @@ prometheus: ## prefix: "prometheus" - ## Configure additional options for default pod security policy for Prometheus - ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - podSecurityPolicy: - allowedCapabilities: [] - allowedHostPaths: [] - volumes: [] - serviceMonitor: ## If true, create a serviceMonitor for prometheus ## @@ -4637,9 +4023,9 @@ prometheus: disableCompaction: false ## AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod, - ## If the field isn’t set, the operator mounts the service account token by default. + ## If the field isn't set, the operator mounts the service account token by default. ## Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery, - ## It is possible to use strategic merge patch to project the service account token into the ‘prometheus’ container. + ## It is possible to use strategic merge patch to project the service account token into the 'prometheus' container. automountServiceAccountToken: true ## APIServerConfig @@ -4651,6 +4037,21 @@ prometheus: ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.Prometheus additionalArgs: [] + ## Convert all classic histograms to native histograms with custom buckets. + ## This corresponds to the 'convert_classic_histograms_to_nhcb' field in Prometheus configuration. + ## + convertClassicHistogramsToNHCB: false + + ## Enable scraping of classic histograms that are also exposed as native histograms. + ## This corresponds to the 'always_scrape_classic_histograms' field in Prometheus configuration. + ## + scrapeClassicHistograms: false + + ## Enable scraping of native histograms. + ## This corresponds to the 'scrape_native_histograms' field in Prometheus configuration. + ## + scrapeNativeHistograms: false + ## File to which scrape failures are logged. ## Reloading the configuration will reopen the file. ## Defaults to empty (disabled) @@ -4662,11 +4063,11 @@ prometheus: ## Defaults to 30s. ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/release-0.44/pkg/prometheus/promcfg.go#L180-L183 ## - scrapeInterval: "30s" + scrapeInterval: "" ## Number of seconds to wait for target to respond before erroring ## - # scrapeTimeout: "" + scrapeTimeout: "" ## List of scrape classes to expose to scraping objects such as ## PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. @@ -4678,14 +4079,22 @@ prometheus: # caFile: /etc/prometheus/secrets/istio.default/root-cert.pem # certFile: /etc/prometheus/secrets/istio.default/cert-chain.pem + ## PodTargetLabels are appended to the `spec.podTargetLabels` field of all PodMonitor and ServiceMonitor objects. + ## + podTargetLabels: [] + # - customlabel + ## Interval between consecutive evaluations. ## - evaluationInterval: "30s" + evaluationInterval: "" ## ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. ## listenLocal: false + ## enableOTLPReceiver enables the OTLP receiver for Prometheus. + enableOTLPReceiver: false + ## EnableAdminAPI enables Prometheus the administrative HTTP API which includes functionality such as deleting time series. ## This is disabled by default. ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis @@ -4709,18 +4118,32 @@ prometheus: # maxSize: 100000 # EnableFeatures API enables access to Prometheus disabled features. - # ref: https://prometheus.io/docs/prometheus/latest/disabled_features/ + # ref: https://prometheus.io/docs/prometheus/latest/feature_flags/ enableFeatures: [] # - exemplar-storage + ## https://prometheus.io/docs/guides/opentelemetry + ## + otlp: {} + # promoteResourceAttributes: [] + # keepIdentifyingResourceAttributes: false + # translationStrategy: NoUTF8EscapingWithSuffixes + # convertHistogramsToNHCB: false + + ## + serviceName: + ## Image of Prometheus. ## image: - repository: rancher/prom-prometheus - tag: v3.2.1 + registry: quay.io + repository: prometheus/prometheus + tag: v3.11.2 + sha: "" + pullPolicy: IfNotPresent ## Tolerations for use with node taints - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ ## tolerations: [] # - key: "key" @@ -4729,7 +4152,7 @@ prometheus: # effect: "NoSchedule" ## If specified, the pod's topology spread constraints. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## topologySpreadConstraints: [] # - maxSkew: 1 @@ -4739,6 +4162,10 @@ prometheus: # matchLabels: # app: prometheus + ## Disable alerting + ## + disableAlerting: false + ## Alertmanagers to which alerts will be sent ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#alertmanagerendpoints ## @@ -4783,7 +4210,7 @@ prometheus: externalUrl: "" ## Define which Nodes the Pods are scheduled on. - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector ## nodeSelector: {} @@ -4815,7 +4242,7 @@ prometheus: ## prometheus resource to be created with selectors based on values in the helm deployment, ## which will also match the PrometheusRule resources created ## - ruleSelectorNilUsesHelmValues: false + ruleSelectorNilUsesHelmValues: true ## PrometheusRules to be selected for target discovery. ## If {}, select all PrometheusRules @@ -4840,7 +4267,7 @@ prometheus: ## prometheus resource to be created with selectors based on values in the helm deployment, ## which will also match the servicemonitors created ## - serviceMonitorSelectorNilUsesHelmValues: false + serviceMonitorSelectorNilUsesHelmValues: true ## ServiceMonitors to be selected for target discovery. ## If {}, select all ServiceMonitors @@ -4863,7 +4290,7 @@ prometheus: ## prometheus resource to be created with selectors based on values in the helm deployment, ## which will also match the podmonitors created ## - podMonitorSelectorNilUsesHelmValues: false + podMonitorSelectorNilUsesHelmValues: true ## PodMonitors to be selected for target discovery. ## If {}, select all PodMonitors @@ -4934,7 +4361,7 @@ prometheus: retention: 10d ## Maximum size of metrics - ## + ## Unit format should be in the form of "50GiB" retentionSize: "" ## Allow out-of-order/out-of-bounds samples ingested into Prometheus for a specified duration @@ -4997,7 +4424,7 @@ prometheus: podAntiAffinityTopologyKey: kubernetes.io/hostname ## Assign custom affinity rules to the prometheus instance - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## affinity: {} # nodeAffinity: @@ -5029,13 +4456,9 @@ prometheus: ## Resource limits & requests ## - resources: - limits: - memory: 3000Mi - cpu: 1000m - requests: - memory: 750Mi - cpu: 750m + resources: {} + # requests: + # memory: 400Mi ## Prometheus StorageSpec for persistent data ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/storage.md @@ -5050,7 +4473,7 @@ prometheus: # resources: # requests: # storage: 50Gi - # selector: {} + # selector: {} ## Using tmpfs volume ## @@ -5058,13 +4481,7 @@ prometheus: # medium: Memory # Additional volumes on the output StatefulSet definition. - volumes: - - name: nginx-home - emptyDir: {} - - name: prometheus-nginx - configMap: - name: prometheus-nginx-proxy-config - defaultMode: 438 + volumes: [] # Additional VolumeMounts on the output StatefulSet definition. volumeMounts: [] @@ -5095,7 +4512,7 @@ prometheus: # regex: __meta_kubernetes_node_label_(.+) # - source_labels: [__address__] # action: replace - # targetLabel: __address__ + # target_label: __address__ # regex: ([^:;]+):(\d+) # replacement: ${1}:2379 # - source_labels: [__meta_kubernetes_node_name] @@ -5103,7 +4520,7 @@ prometheus: # regex: .*mst.* # - source_labels: [__meta_kubernetes_node_name] # action: replace - # targetLabel: node + # target_label: node # regex: (.*) # replacement: ${1} # metric_relabel_configs: @@ -5137,7 +4554,7 @@ prometheus: additionalPrometheusSecretsAnnotations: {} ## AdditionalAlertManagerConfigs allows for manual configuration of alertmanager jobs in the form as specified - ## in the official Prometheus documentation https://prometheus.io/docs/prometheus/latest/configuration/configuration/#. + ## in the official Prometheus documentation https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. ## AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. ## As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this ## feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release @@ -5194,6 +4611,14 @@ prometheus: seccompProfile: type: RuntimeDefault + ## DNS configuration for Prometheus. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.PodDNSConfig + dnsConfig: {} + + ## DNS policy for Prometheus. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#dnspolicystring-alias + dnsPolicy: "" + ## Priority class assigned to the Pods ## priorityClassName: "" @@ -5228,34 +4653,25 @@ prometheus: # # access_key: "" # # secret_key: "" - proxy: - image: - repository: rancher/mirrored-library-nginx - tag: 1.27.2-alpine - ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod. ## if using proxy extraContainer update targetPort with proxy container port - containers: | - - name: prometheus-proxy - args: - - nginx - - -g - - daemon off; - - -c - - /nginx/nginx.conf - image: "{{ template "system_default_registry" . }}{{ .Values.prometheus.prometheusSpec.proxy.image.repository }}:{{ .Values.prometheus.prometheusSpec.proxy.image.tag }}" - ports: - - containerPort: 8081 - name: nginx-http - protocol: TCP - volumeMounts: - - mountPath: /nginx - name: prometheus-nginx - - mountPath: /var/cache/nginx - name: nginx-home - securityContext: - runAsUser: 101 - runAsGroup: 101 + containers: [] + # containers: + # - name: oauth-proxy + # image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.2 + # args: + # - --upstream=http://127.0.0.1:9090 + # - --http-address=0.0.0.0:8081 + # - --metrics-address=0.0.0.0:8082 + # - ... + # ports: + # - containerPort: 8081 + # name: oauth-proxy + # protocol: TCP + # - containerPort: 8082 + # name: oauth-metrics + # protocol: TCP + # resources: {} ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes ## (permissions, dir tree) on mounted volumes before starting prometheus @@ -5352,14 +4768,22 @@ prometheus: ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready). minReadySeconds: 0 + ## Duration in seconds the pod needs to terminate gracefully. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination + terminationGracePeriodSeconds: ~ + # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working # Use the host's network namespace if true. Make sure to understand the security implications if you want to enable it. # When hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet automatically. hostNetwork: false + ## Use the host's user namespace for Prometheus pods. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + hostUsers: ~ + # HostAlias holds the mapping between IP and hostnames that will be injected - # as an entry in the pod’s hosts file. + # as an entry in the pod's hosts file. hostAliases: [] # - ip: 10.10.0.100 # hostnames: @@ -5371,9 +4795,20 @@ prometheus: tracingConfig: {} ## Defines the service discovery role used to discover targets from ServiceMonitor objects and Alertmanager endpoints. - ## If set, the value should be either “Endpoints” or “EndpointSlice”. If unset, the operator assumes the “Endpoints” role. + ## If set, the value should be either "Endpoints" or "EndpointSlice". If unset, the operator assumes the "Endpoints" role. serviceDiscoveryRole: "" + ## Pod management policy. Kubernetes default is OrderedReady but prometheus-operator default is Parallel. + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + podManagementPolicy: "" + + ## Update strategy for the StatefulSet. + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + updateStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxUnavailable: 1 + ## Additional configuration which is not covered by the properties above. (passed through tpl) additionalConfig: {} @@ -5389,6 +4824,10 @@ prometheus: ## minutes). maximumStartupDurationSeconds: 0 + ## Set default scrapeProtocols for Prometheus instances + ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#scrapeprotocolstring-alias + scrapeProtocols: [] + additionalRulesForClusterRole: [] # - apiGroups: [ "" ] # resources: @@ -5520,6 +4959,12 @@ prometheus: ## # fallbackScrapeProtocol: "" + ## Attaches node metadata to the discovered targets + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.AttachMetadata + ## + # attachMetadata: + # node: true + additionalPodMonitors: [] ## Name of the PodMonitor to create ## @@ -5580,6 +5025,12 @@ prometheus: ## # fallbackScrapeProtocol: "" + ## Attaches node metadata to the discovered targets + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.AttachMetadata + ## + # attachMetadata: + # node: true + ## Configuration for thanosRuler ## ref: https://thanos.io/tip/components/rule.md/ ## @@ -5607,14 +5058,13 @@ thanosRuler: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" + unhealthyPodEvictionPolicy: AlwaysAllow ingress: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} @@ -5647,7 +5097,7 @@ thanosRuler: # Be aware that this is an early beta of this feature, # kube-prometheus-stack does not guarantee this works and is subject to change. # Being BETA this can/will change in the future without notice, do not use unless you want to take that risk - # [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2) + # [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2) route: main: # -- Enables or disables the route @@ -5686,6 +5136,7 @@ thanosRuler: ## Configuration for ThanosRuler service ## service: + enabled: true annotations: {} labels: {} clusterIP: "" @@ -5705,7 +5156,7 @@ thanosRuler: ## nodePort: 30905 ## List of IP addresses at which the Prometheus server service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips ## ## Additional ports to open for ThanosRuler service @@ -5766,7 +5217,7 @@ thanosRuler: scheme: "" ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. - ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig + ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig tlsConfig: {} bearerTokenFile: @@ -5805,11 +5256,16 @@ thanosRuler: ## podMetadata: {} + ## + serviceName: + ## Image of ThanosRuler ## image: - repository: rancher/mirrored-thanos-thanos - tag: v0.37.2 + registry: quay.io + repository: thanos/thanos + tag: v0.41.0 + sha: "" ## Namespaces to be selected for PrometheusRules discovery. ## If nil, select own namespace. Namespaces to be selected for ServiceMonitor discovery. @@ -5874,7 +5330,7 @@ thanosRuler: # resources: # requests: # storage: 50Gi - # selector: {} + # selector: {} ## AlertmanagerConfig define configuration for connecting to alertmanager. ## Only available with Thanos v0.10.0 and higher. Maps to the alertmanagers.config Thanos Ruler arg. @@ -5905,6 +5361,10 @@ thanosRuler: ## externalPrefix: + ## If true, http://{{ template "kube-prometheus-stack.thanosRuler.name" . }}.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.thanosRuler.service.port }} + ## will be used as value for externalPrefix + externalPrefixNilUsesHelmValues: true + ## The route prefix ThanosRuler registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, ## but the server serves requests under a different route prefix. For example for use with kubectl proxy. ## @@ -5975,12 +5435,12 @@ thanosRuler: # "url": "http://thanos-receiver-0.thanos-receiver:8081/api/v1/receive" ## Define which Nodes the Pods are scheduled on. - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector ## nodeSelector: {} ## Define resources requests and limits for single Pods. - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ ## resources: {} # requests: @@ -5999,7 +5459,7 @@ thanosRuler: podAntiAffinityTopologyKey: kubernetes.io/hostname ## Assign custom affinity rules to the thanosRuler instance - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## affinity: {} # nodeAffinity: @@ -6013,7 +5473,7 @@ thanosRuler: # - e2e-az2 ## If specified, the pod's tolerations. - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ ## tolerations: [] # - key: "key" @@ -6022,7 +5482,7 @@ thanosRuler: # effect: "NoSchedule" ## If specified, the pod's topology spread constraints. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## topologySpreadConstraints: [] # - maxSkew: 1 @@ -6044,6 +5504,10 @@ thanosRuler: seccompProfile: type: RuntimeDefault + ## Use the host's user namespace for ThanosRuler pods. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + hostUsers: ~ + ## ListenLocal makes the ThanosRuler server listen on loopback, so that it does not bind against the Pod IP. ## Note this is only for the ThanosRuler UI, not the gossip communication. ## @@ -6071,10 +5535,25 @@ thanosRuler: ## portName: "web" + ## Duration in seconds the pod needs to terminate gracefully. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination + terminationGracePeriodSeconds: ~ + ## WebTLSConfig defines the TLS parameters for HTTPS ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosrulerwebspec web: {} + ## Pod management policy. Kubernetes default is OrderedReady but prometheus-operator default is Parallel. + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + podManagementPolicy: "" + + ## Update strategy for the StatefulSet. + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + updateStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxUnavailable: 1 + ## Additional configuration which is not covered by the properties above. (passed through tpl) additionalConfig: {} @@ -6097,8 +5576,10 @@ thanosRuler: ## cleanPrometheusOperatorObjectNames: false -## Extra manifests to deploy as an array -extraManifests: [] +## Extra manifests to deploy. Can be of type dict or list. +## If dict, keys are ignored and only values are used. +## Items contained within extraObjects can be defined as dict or string and are passed through tpl. +extraManifests: null # - apiVersion: v1 # kind: ConfigMap # metadata: @@ -6106,3 +5587,18 @@ extraManifests: [] # name: prometheus-extra # data: # extra-data: "value" + # + # can also be defined as a string, useful for templating field names + # - | + # apiVersion: v1 + # kind: Secret + # type: Opaque + # metadata: + # name: super-secret + # labels: + # {{- range $key, $value := .Values.commonLabels }} + # {{ $key }}: {{ $value }} + # {{- end }} + # data: + # plaintext: Zm9vYmFy + # templated: '{{ print "foobar" | upper | b64enc }}' diff --git a/charts/rancher-monitoring/CHANGELOG.md b/charts/rancher-monitoring/CHANGELOG.md deleted file mode 100644 index 8178169..0000000 --- a/charts/rancher-monitoring/CHANGELOG.md +++ /dev/null @@ -1,47 +0,0 @@ -# Changelog -All notable changes from the upstream Prometheus Operator chart will be added to this file. - -## [Package Version 00] - 2020-07-19 -### Added -- Added [Prometheus Adapter](https://github.com/helm/charts/tree/master/stable/prometheus-adapter) as a dependency to the upstream Prometheus Operator chart to allow users to expose custom metrics from the default Prometheus instance deployed by this chart -- Remove `prometheus-operator/cleanup-crds.yaml` and `prometheus-operator/crds.yaml` from the Prometheus Operator upstream chart in favor of just using the CRD directory to install the CRDs. -- Added support for `rkeControllerManager`, `rkeScheduler`, `rkeProxy`, and `rkeEtcd` PushProx exporters for monitoring k8s components within RKE clusters -- Added support for a `k3sServer` PushProx exporter that monitors k3s server components (`kubeControllerManager`, `kubeScheduler`, and `kubeProxy`) within k3s clusters -- Added support for `kubeAdmControllerManager`, `kubeAdmScheduler`, `kubeAdmProxy`, and `kubeAdmEtcd` PushProx exporters for monitoring k8s components within kubeAdm clusters -- Added support for `rke2ControllerManager`, `rke2Scheduler`, `rke2Proxy`, and `rke2Etcd` PushProx exporters for monitoring k8s components within rke2 clusters -- Exposed `prometheus.prometheusSpec.ignoreNamespaceSelectors` on values.yaml and set it to `false` by default. This value instructs the default Prometheus server deployed with this chart to ignore the `namespaceSelector` field within any created ServiceMonitor or PodMonitor CRs that it selects. This prevents ServiceMonitors and PodMonitors from configuring the Prometheus scrape configuration to monitor resources outside the namespace that they are deployed in; if a user needs to have one ServiceMonitor / PodMonitor monitor resources within several namespaces (such as the resources that are used to monitor Istio in a default installation), they should not enable this option since it would require them to create one ServiceMonitor / PodMonitor CR per namespace that they would like to monitor. Relevant fields were also updated in the default README.md. -- Added `grafana.sidecar.dashboards.searchNamespace` to `values.yaml` with a default value of `cattle-dashboards`. The namespace provided should contain all ConfigMaps with the label `grafana_dashboard` and will be searched by the Grafana Dashboards sidecar for updates. The namespace specified is also created along with this deployment. All default dashboard ConfigMaps have been relocated from the deployment namespace to the namespace specified -- Added `monitoring-admin`, `monitoring-edit`, and `monitoring-view` default `ClusterRoles` to allow admins to assign roles to users to interact with Prometheus Operator CRs. These can be enabled by setting `.Values.global.rbac.userRoles.create` (default: `true`). In a typical RBAC setup, you might want to use a `ClusterRoleBinding` to bind these roles to a Subject to allow them to set up or view `ServiceMonitors` / `PodMonitors` / `PrometheusRules` and view `Prometheus` or `Alertmanager` CRs across the cluster. If `.Values.global.rbac.userRoles.aggregateRolesForRBAC` is enabled, these ClusterRoles will aggregate into the respective default ClusterRoles provided by Kubernetes -- Added `monitoring-config-admin`, `monitoring-config-edit` and `monitoring-config-view` default `Roles` to allow admins to assign roles to users to be able to edit / view `Secrets` and `ConfigMaps` within the `cattle-monitoring-system` namespace. These can be enabled by setting `.Values.global.rbac.userRoles.create` (default: `true`). In a typical RBAC setup, you might want to use a `RoleBinding` to bind these roles to a Subject within the `cattle-monitoring-system` namespace to allow them to modify Secrets / ConfigMaps tied to the deployment, such as your Alertmanager Config Secret. -- Added `monitoring-dashboard-admin`, `monitoring-dashboard-edit` and `monitoring-dashboard-view` default `Roles` to allow admins to assign roles to users to be able to edit / view `ConfigMaps` within the `cattle-dashboards` namespace. These can be enabled by setting `.Values.global.rbac.userRoles.create` (default: `true`) and deploying Grafana as part of this chart. In a typical RBAC setup, you might want to use a `RoleBinding` to bind these roles to a Subject within the `cattle-dashboards` namespace to allow them to create / modify ConfigMaps that contain the JSON used to persist Grafana Dashboards on the cluster. -- Added default resource limits for `Prometheus Operator`, `Prometheus`, `AlertManager`, `Grafana`, `kube-state-metrics`, `node-exporter` -- Added a default template `rancher_defaults.tmpl` to AlertManager that Rancher will offer to users in order to help configure the way alerts are rendered on a notifier. Also updated the default template deployed with this chart to reference that template and added an example of a Slack config using this template as a comment in the `values.yaml`. -- Added support for private registries via introducing a new field for `global.cattle.systemDefaultRegistry` that, if supplied, will automatically be prepended onto every image used by the chart. -- Added a default `nginx` proxy container deployed with Grafana whose config is set in the `ConfigMap` located in `charts/grafana/templates/nginx-config.yaml`. The purpose of this container is to make it possible to view Grafana's UI through a proxy that has a subpath (e.g. Rancher's proxy). This proxy container is set to listen on port `8080` (with a `portName` of `nginx-http` instead of the default `service`), which is also where the Grafana service will now point to, and will forward all requests to the Grafana container listening on the default port `3000`. -- Added a default `nginx` proxy container deployed with Prometheus whose config is set in the `ConfigMap` located in `templates/prometheus/nginx-config.yaml`. The purpose of this container is to make it possible to view Prometheus's UI through a proxy that has a subpath (e.g. Rancher's proxy). This proxy container is set to listen on port `8081` (with a `portName` of `nginx-http` instead of the default `web`), which is also where the Prometheus service will now point to, and will forward all requests to the Prometheus container listening on the default port `9090`. -- Added support for passing CIS Scans in a hardened cluster by introducing a Job that patches the default service account within the `cattle-monitoring-system` and `cattle-dashboards` namespaces on install or upgrade and adding a default allow all `NetworkPolicy` to the `cattle-monitoring-system` and `cattle-dashboards` namespaces. -### Modified -- Updated the chart name from `prometheus-operator` to `rancher-monitoring` and added the `io.rancher.certified: rancher` annotation to `Chart.yaml` -- Modified the default `node-exporter` port from `9100` to `9796` -- Modified the default `nameOverride` to `rancher-monitoring`. This change is necessary as the Prometheus Adapter's default URL (`http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc`) is based off of the value used here; if modified, the default Adapter URL must also be modified -- Modified the default `namespaceOverride` to `cattle-monitoring-system`. This change is necessary as the Prometheus Adapter's default URL (`http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc`) is based off of the value used here; if modified, the default Adapter URL must also be modified -- Configured some default values for `grafana.service` values and exposed them in the default README.md -- The default namespaces the following ServiceMonitors were changed from the deployment namespace to allow them to continue to monitor metrics when `prometheus.prometheusSpec.ignoreNamespaceSelectors` is enabled: - - `core-dns`: `kube-system` - - `api-server`: `default` - - `kube-controller-manager`: `kube-system` - - `kubelet`: `{{ .Values.kubelet.namespace }}` -- Disabled the following deployments by default (can be enabled if required): - - `AlertManager` - - `kube-controller-manager` metrics exporter - - `kube-etcd` metrics exporter - - `kube-scheduler` metrics exporter - - `kube-proxy` metrics exporter -- Updated default Grafana `deploymentStrategy` to `Recreate` to prevent deployments from being stuck on upgrade if a PV is attached to Grafana -- Modified the default `SelectorNilUsesHelmValues` to default to `false`. As a result, we look for all CRs with any labels in all namespaces by default rather than just the ones tagged with the label `release: rancher-monitoring`. -- Modified the default images used by the `rancher-monitoring` chart to point to Rancher mirrors of the original images from upstream. -- Modified the behavior of the chart to create the Alertmanager Config Secret via a pre-install hook instead of using the normal Helm lifecycle to manage the secret. The benefit of this approach is that all changes to the Config Secret done on a live cluster will never get overridden on a `helm upgrade` since the secret only gets created on a `helm install`. If you would like the secret to be cleaned up on an `helm uninstall`, enable `alertmanager.cleanupOnUninstall`; however, this is disabled by default to prevent the loss of alerting configuration on an uninstall. This secret will never be modified on a `helm upgrade`. -- Modified the default `securityContext` for `Pod` templates across the chart to `{"runAsNonRoot": "true", "runAsUser": "1000"}` and replaced `grafana.rbac.pspUseAppArmor` in favor of `grafana.rbac.pspAnnotations={}` in order to make it possible to deploy this chart on a hardened cluster which does not support Seccomp or AppArmor annotations in PSPs. Users can always choose to specify the annotations they want to use for the PSP directly as part of the values provided. -- Modified `.Values.prometheus.prometheusSpec.containers` to take in a string representing a template that should be rendered by Helm (via `tpl`) instead of allowing a user to provide YAML directly. -- Modified the default Grafana configuration to auto assign users who access Grafana to the Viewer role and enable anonymous access to Grafana dashboards by default. This default works well for a Rancher user who is accessing Grafana via the `kubectl proxy` on the Rancher Dashboard UI since anonymous users who enter via the proxy are authenticated by the k8s API Server, but you can / should modify this behavior if you plan on exposing Grafana in a way that does not require authentication (e.g. as a `NodePort` service). -- Modified the default Grafana configuration to add a default dashboard for Rancher on the Grafana home page. \ No newline at end of file diff --git a/charts/rancher-monitoring/Chart.yaml b/charts/rancher-monitoring/Chart.yaml deleted file mode 100644 index 7ec6e70..0000000 --- a/charts/rancher-monitoring/Chart.yaml +++ /dev/null @@ -1,158 +0,0 @@ -annotations: - artifacthub.io/license: Apache-2.0 - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - - name: Upgrade Process - url: https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/README.md#upgrading-chart - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/deploys-on-os: windows - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/kube-version: '>= 1.30.0-0 < 1.33.0-0' - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/rancher-version: '>= 2.11.0-0 < 2.12.0-0' - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: monitoring - catalog.cattle.io/upstream-version: 69.8.2 -apiVersion: v2 -appVersion: v0.80.1 -dependencies: -- condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - version: 8.10.4 -- condition: hardenedKubelet.enabled - name: hardenedKubelet - repository: file://./charts/hardenedKubelet - version: 0.1.5-rancher2 -- condition: hardenedNodeExporter.enabled - name: hardenedNodeExporter - repository: file://./charts/hardenedNodeExporter - version: 0.1.5-rancher2 -- condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - version: 0.1.5-rancher2 -- condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - version: 5.30.1 -- condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - version: 0.1.5-rancher2 -- condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - version: 0.1.5-rancher2 -- condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - version: 0.1.5-rancher2 -- condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - version: 0.1.5-rancher2 -- condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - version: 4.13.0 -- condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - version: 4.44.1 -- condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - version: 0.1.5-rancher2 -- condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - version: 0.1.5-rancher2 -- condition: rke2IngressNginx.enabled - name: rke2IngressNginx - repository: file://./charts/rke2IngressNginx - version: 0.1.5-rancher2 -- condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - version: 0.1.5-rancher2 -- condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - version: 0.1.5-rancher2 -- condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - version: 0.1.5-rancher2 -- condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - version: 0.1.5-rancher2 -- condition: rkeIngressNginx.enabled - name: rkeIngressNginx - repository: file://./charts/rkeIngressNginx - version: 0.1.5-rancher2 -- condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - version: 0.1.5-rancher2 -- condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - version: 0.1.5-rancher2 -- condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - version: 0.9.1 -description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, - and Prometheus rules combined with documentation and scripts to provide easy to - operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus - Operator. -home: https://github.com/prometheus-operator/kube-prometheus -icon: file://assets/logos/rancher-monitoring.png -keywords: -- operator -- prometheus -- kube-prometheus -kubeVersion: '>=1.19.0-0' -maintainers: -- email: andrew@quadcorps.co.uk - name: andrewgkew - url: https://github.com/andrewgkew -- email: gianrubio@gmail.com - name: gianrubio - url: https://github.com/gianrubio -- email: github.gkarthiks@gmail.com - name: gkarthiks - url: https://github.com/gkarthiks -- email: kube-prometheus-stack@sisti.pt - name: GMartinez-Sisti - url: https://github.com/GMartinez-Sisti -- email: github@jkroepke.de - name: jkroepke - url: https://github.com/jkroepke -- email: scott@r6by.com - name: scottrigby - url: https://github.com/scottrigby -- email: miroslav.hadzhiev@gmail.com - name: Xtigyro - url: https://github.com/Xtigyro -- email: quentin.bisson@gmail.com - name: QuentinBisson - url: https://github.com/QuentinBisson -name: rancher-monitoring -sources: -- https://github.com/prometheus-community/helm-charts -- https://github.com/prometheus-operator/kube-prometheus -type: application -version: 106.1.2+up69.8.2-rancher.7 diff --git a/charts/rancher-monitoring/app-README.md b/charts/rancher-monitoring/app-README.md deleted file mode 100644 index 3920854..0000000 --- a/charts/rancher-monitoring/app-README.md +++ /dev/null @@ -1,46 +0,0 @@ -# Rancher Monitoring and Alerting - - This chart is based on the upstream [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) chart. The chart deploys [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) and its CRDs along with [Grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana), [Prometheus Adapter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-adapter) and additional charts / Kubernetes manifests to gather metrics. It allows users to monitor their Kubernetes clusters, view metrics in Grafana dashboards, and set up alerts and notifications. - -For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/). - -The chart installs the following components: - -- [Prometheus Operator](https://github.com/coreos/prometheus-operator) - The operator provides easy monitoring definitions for Kubernetes services, manages [Prometheus](https://prometheus.io/) and [AlertManager](https://prometheus.io/docs/alerting/latest/alertmanager/) instances, and adds default scrape targets for some Kubernetes components. -- [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus/) - A collection of community-curated Kubernetes manifests, Grafana Dashboards, and PrometheusRules that deploy a default end-to-end cluster monitoring configuration. -- [Grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana) - Grafana allows a user to create / view dashboards based on the cluster metrics collected by Prometheus. -- [node-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter) / [kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) / [rancher-pushprox](https://github.com/rancher/charts/tree/dev-v2.7/packages/rancher-monitoring/rancher-pushprox/charts) - These charts monitor various Kubernetes components across different Kubernetes cluster types. -- [Prometheus Adapter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-adapter) - The adapter allows a user to expose custom metrics, resource metrics, and external metrics on the default [Prometheus](https://prometheus.io/) instance to the Kubernetes API Server. - -For more information, review the Helm README of this chart. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. -​ -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Upgrading from 100.0.0+up16.6.0 to 100.1.0+up19.0.3 - -### Noticeable changes: -Grafana: -- `sidecar.dashboards.searchNamespace`, `sidecar.datasources.searchNamespace` and `sidecar.notifiers.searchNamespace` support a list of namespaces now. - -Kube-state-metrics -- the type of `collectors` is changed from Dictionary to List. -- `kubeStateMetrics.serviceMonitor.namespaceOverride` was replaced by `kube-state-metrics.namespaceOverride`. - -### Known issues: -- Occasionally, the upgrade fails with errors related to the webhook `prometheusrulemutate.monitoring.coreos.com`. This is a known issue in the upstream, and the workaround is to trigger the upgrade one more time. [32416](https://github.com/rancher/rancher/issues/32416#issuecomment-828881726) diff --git a/charts/rancher-monitoring/charts/grafana/README.md b/charts/rancher-monitoring/charts/grafana/README.md deleted file mode 100644 index c529d4c..0000000 --- a/charts/rancher-monitoring/charts/grafana/README.md +++ /dev/null @@ -1,784 +0,0 @@ -# Grafana Helm Chart - -* Installs the web dashboarding system [Grafana](http://grafana.org/) - -## Get Repo Info - -```console -helm repo add grafana https://grafana.github.io/helm-charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -helm install my-release grafana/grafana -``` - -## Uninstalling the Chart - -To uninstall/delete the my-release deployment: - -```console -helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Upgrading an existing Release to a new major version - -A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an -incompatible breaking change needing manual actions. - -### To 4.0.0 (And 3.12.1) - -This version requires Helm >= 2.12.0. - -### To 5.0.0 - -You have to add --force to your helm upgrade command as the labels of the chart have changed. - -### To 6.0.0 - -This version requires Helm >= 3.1.0. - -### To 7.0.0 - -For consistency with other Helm charts, the `global.image.registry` parameter was renamed -to `global.imageRegistry`. If you were not previously setting `global.image.registry`, no action -is required on upgrade. If you were previously setting `global.image.registry`, you will -need to instead set `global.imageRegistry`. - -## Configuration - -| Parameter | Description | Default | -|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------| -| `replicas` | Number of nodes | `1` | -| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` | -| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` | -| `podDisruptionBudget.apiVersion` | Pod disruption apiVersion | `nil` | -| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` | -| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` | -| `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`| -| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` | -| `priorityClassName` | Name of Priority Class to assign pods | `nil` | -| `image.registry` | Image registry | `docker.io` | -| `image.repository` | Image repository | `grafana/grafana` | -| `image.tag` | Overrides the Grafana image tag whose default is the chart appVersion (`Must be >= 5.0.0`) | `` | -| `image.sha` | Image sha (optional) | `` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Image pull secrets (can be templated) | `[]` | -| `service.enabled` | Enable grafana service | `true` | -| `service.ipFamilies` | Kubernetes service IP families | `[]` | -| `service.ipFamilyPolicy` | Kubernetes service IP family policy | `""` | -| `service.sessionAffinity` | Kubernetes service session affinity config | `""` | -| `service.type` | Kubernetes service type | `ClusterIP` | -| `service.port` | Kubernetes port where service is exposed | `80` | -| `service.portName` | Name of the port on the service | `service` | -| `service.appProtocol` | Adds the appProtocol field to the service | `` | -| `service.targetPort` | Internal service is port | `3000` | -| `service.nodePort` | Kubernetes service nodePort | `nil` | -| `service.annotations` | Service annotations (can be templated) | `{}` | -| `service.labels` | Custom labels | `{}` | -| `service.clusterIP` | internal cluster service IP | `nil` | -| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` | -| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` | -| `service.externalIPs` | service external IP addresses | `[]` | -| `service.externalTrafficPolicy` | change the default externalTrafficPolicy | `nil` | -| `headlessService` | Create a headless service | `false` | -| `extraExposePorts` | Additional service ports for sidecar containers| `[]` | -| `hostAliases` | adds rules to the pod's /etc/hosts | `[]` | -| `ingress.enabled` | Enables Ingress | `false` | -| `ingress.annotations` | Ingress annotations (values are templated) | `{}` | -| `ingress.labels` | Custom labels | `{}` | -| `ingress.path` | Ingress accepted path | `/` | -| `ingress.pathType` | Ingress type of path | `Prefix` | -| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` | -| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.6/guide/ingress/annotations/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` | -| `ingress.tls` | Ingress TLS configuration | `[]` | -| `ingress.ingressClassName` | Ingress Class Name. MAY be required for Kubernetes versions >= 1.18 | `""` | -| `resources` | CPU/Memory resource requests/limits | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Toleration labels for pod assignment | `[]` | -| `affinity` | Affinity settings for pod assignment | `{}` | -| `extraInitContainers` | Init containers to add to the grafana pod | `{}` | -| `extraContainers` | Sidecar containers to add to the grafana pod | `""` | -| `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` | -| `extraLabels` | Custom labels for all manifests | `{}` | -| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | -| `persistence.enabled` | Use persistent volume to store data | `false` | -| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` | -| `persistence.size` | Size of persistent volume claim | `10Gi` | -| `persistence.existingClaim` | Use an existing PVC to persist data (can be templated) | `nil` | -| `persistence.storageClassName` | Type of persistent volume claim | `nil` | -| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` | -| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` | -| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` | -| `persistence.extraPvcLabels` | Extra labels to apply to a PVC. | `{}` | -| `persistence.subPath` | Mount a sub dir of the persistent volume (can be templated) | `nil` | -| `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` | -| `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` | -| `persistence.disableWarning` | Hide NOTES warning, useful when persisting to a database | `false` | -| `initChownData.enabled` | If false, don't reset data ownership at startup | true | -| `initChownData.image.registry` | init-chown-data container image registry | `docker.io` | -| `initChownData.image.repository` | init-chown-data container image repository | `busybox` | -| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` | -| `initChownData.image.sha` | init-chown-data container image sha (optional)| `""` | -| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` | -| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` | -| `schedulerName` | Alternate scheduler name | `nil` | -| `env` | Extra environment variables passed to pods | `{}` | -| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` | -| `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | -| `envFromSecrets` | List of Kubernetes secrets (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` | -| `envFromConfigMaps` | List of Kubernetes ConfigMaps (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` | -| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret. (passed through [tpl](https://helm.sh/docs/howto/charts_tips_and_tricks/#using-the-tpl-function)) | `{}` | -| `enableServiceLinks` | Inject Kubernetes services as environment variables. | `true` | -| `extraSecretMounts` | Additional grafana server secret mounts | `[]` | -| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | -| `extraVolumes` | Additional Grafana server volumes | `[]` | -| `automountServiceAccountToken` | Mounted the service account token on the grafana pod. Mandatory, if sidecars are enabled | `true` | -| `createConfigmap` | Enable creating the grafana configmap | `true` | -| `extraConfigmapMounts` | Additional grafana server configMap volume mounts (values are templated) | `[]` | -| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | -| `plugins` | Plugins to be loaded along with Grafana | `[]` | -| `datasources` | Configure grafana datasources (passed through tpl) | `{}` | -| `alerting` | Configure grafana alerting (passed through tpl) | `{}` | -| `notifiers` | Configure grafana notifiers | `{}` | -| `dashboardProviders` | Configure grafana dashboard providers | `{}` | -| `dashboards` | Dashboards to import | `{}` | -| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` | -| `grafana.ini` | Grafana's primary configuration | `{}` | -| `global.imageRegistry` | Global image pull registry for all images. | `null` | -| `global.imagePullSecrets` | Global image pull secrets (can be templated). Allows either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). | `[]` | -| `ldap.enabled` | Enable LDAP authentication | `false` | -| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` | -| `ldap.config` | Grafana's LDAP configuration | `""` | -| `annotations` | Deployment annotations | `{}` | -| `labels` | Deployment labels | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Pod labels | `{}` | -| `podPortName` | Name of the grafana port on the pod | `grafana` | -| `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` | -| `sidecar.image.registry` | Sidecar image registry | `quay.io` | -| `sidecar.image.repository` | Sidecar image repository | `kiwigrid/k8s-sidecar` | -| `sidecar.image.tag` | Sidecar image tag | `1.30.0` | -| `sidecar.image.sha` | Sidecar image sha (optional) | `""` | -| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | -| `sidecar.resources` | Sidecar resources | `{}` | -| `sidecar.securityContext` | Sidecar securityContext | `{}` | -| `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable. If set to `true` the sidecar will create unique filenames where duplicate data keys exist between ConfigMaps and/or Secrets within the same or multiple Namespaces. | `false` | -| `sidecar.alerts.enabled` | Enables the cluster wide search for alerts and adds/updates/deletes them in grafana |`false` | -| `sidecar.alerts.label` | Label that config maps with alerts should have to be added | `grafana_alert` | -| `sidecar.alerts.labelValue` | Label value that config maps with alerts should have to be added | `""` | -| `sidecar.alerts.searchNamespace` | Namespaces list. If specified, the sidecar will search for alerts config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` | -| `sidecar.alerts.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | -| `sidecar.alerts.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | -| `sidecar.alerts.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/alerting/reload"` | -| `sidecar.alerts.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` | -| `sidecar.alerts.initAlerts` | Set to true to deploy the alerts sidecar as an initContainer. This is needed if skipReload is true, to load any alerts defined at startup time. | `false` | -| `sidecar.alerts.extraMounts` | Additional alerts sidecar volume mounts. | `[]` | -| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | -| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` | -| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` | -| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` | -| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` | -| `sidecar.dashboards.provider.folderUid` | Allows you to specify the static UID for the logical folder above | `""` | -| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` | -| `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` | -| `sidecar.dashboards.provider.type` | Provider type | `file` | -| `sidecar.dashboards.provider.foldersFromFilesStructure` | Allow Grafana to replicate dashboard structure from filesystem. | `false` | -| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | -| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` | -| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` | -| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `""` | -| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` | -| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` | -| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | -| `sidecar.dashboards.searchNamespace` | Namespaces list. If specified, the sidecar will search for dashboards config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` | -| `sidecar.dashboards.script` | Absolute path to shell script to execute after a configmap got reloaded. | `nil` | -| `sidecar.dashboards.reloadURL` | Full url of dashboards configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/dashboards/reload"` | -| `sidecar.dashboards.skipReload` | Enabling this omits defining the REQ_USERNAME, REQ_PASSWORD, REQ_URL and REQ_METHOD environment variables | `false` | -| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | -| `sidecar.dashboards.extraMounts` | Additional dashboard sidecar volume mounts. | `[]` | -| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | -| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` | -| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `""` | -| `sidecar.datasources.searchNamespace` | Namespaces list. If specified, the sidecar will search for datasources config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` | -| `sidecar.datasources.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | -| `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | -| `sidecar.datasources.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/datasources/reload"` | -| `sidecar.datasources.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` | -| `sidecar.datasources.initDatasources` | Set to true to deploy the datasource sidecar as an initContainer in addition to a container. This is needed if skipReload is true, to load any datasources defined at startup time. | `false` | -| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` | -| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` | -| `sidecar.notifiers.labelValue` | Label value that config maps with notifiers should have to be added | `""` | -| `sidecar.notifiers.searchNamespace` | Namespaces list. If specified, the sidecar will search for notifiers config-maps (or secrets) inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` | -| `sidecar.notifiers.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | -| `sidecar.notifiers.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | -| `sidecar.notifiers.reloadURL` | Full url of notifier configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/notifications/reload"` | -| `sidecar.notifiers.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` | -| `sidecar.notifiers.initNotifiers` | Set to true to deploy the notifier sidecar as an initContainer in addition to a container. This is needed if skipReload is true, to load any notifiers defined at startup time. | `false` | -| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` | -| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` | -| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` | -| `admin.existingSecret` | The name of an existing secret containing the admin credentials (can be templated). | `""` | -| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` | -| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` | -| `serviceAccount.automountServiceAccountToken` | Automount the service account token on all pods where is service account is used | `false` | -| `serviceAccount.annotations` | ServiceAccount annotations | | -| `serviceAccount.create` | Create service account | `true` | -| `serviceAccount.labels` | ServiceAccount labels | `{}` | -| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` | -| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` | -| `rbac.create` | Create and use RBAC resources | `true` | -| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` | -| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` | -| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `false` | -| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `false` | -| `rbac.extraRoleRules` | Additional rules to add to the Role | [] | -| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] | -| `command` | Define command to be executed by grafana container at startup | `nil` | -| `args` | Define additional args if command is used | `nil` | -| `testFramework.enabled` | Whether to create test-related resources | `true` | -| `testFramework.image.registry` | `test-framework` image registry. | `docker.io` | -| `testFramework.image.repository` | `test-framework` image repository. | `bats/bats` | -| `testFramework.image.tag` | `test-framework` image tag. | `v1.4.1` | -| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` | -| `testFramework.securityContext` | `test-framework` securityContext | `{}` | -| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` | -| `downloadDashboards.envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | -| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` | -| `downloadDashboardsImage.registry` | Curl docker image registry | `docker.io` | -| `downloadDashboardsImage.repository` | Curl docker image repository | `curlimages/curl` | -| `downloadDashboardsImage.tag` | Curl docker image tag | `8.9.1` | -| `downloadDashboardsImage.sha` | Curl docker image sha (optional) | `""` | -| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` | -| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | -| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` | -| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | | -| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` | -| `serviceMonitor.path` | Path to scrape | `/metrics` | -| `serviceMonitor.scheme` | Scheme to use for metrics scraping | `http` | -| `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` | -| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` | -| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` | -| `serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` | -| `serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` | -| `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` | -| `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` | -| `imageRenderer.image.registry` | image-renderer Image registry | `docker.io` | -| `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` | -| `imageRenderer.image.tag` | image-renderer Image tag | `latest` | -| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` | -| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` | -| `imageRenderer.env` | extra env-vars for image-renderer | `{}` | -| `imageRenderer.envValueFrom` | Environment variables for image-renderer from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` | -| `imageRenderer.extraConfigmapMounts` | Additional image-renderer configMap volume mounts (values are templated) | `[]` | -| `imageRenderer.extraSecretMounts` | Additional image-renderer secret volume mounts | `[]` | -| `imageRenderer.extraVolumeMounts` | Additional image-renderer volume mounts | `[]` | -| `imageRenderer.extraVolumes` | Additional image-renderer volumes | `[]` | -| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` | -| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` | -| `imageRenderer.podAnnotations` | image-renderer image-renderer pod annotation | `{}` | -| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` | -| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` | -| `imageRenderer.service.enabled` | Enable the image-renderer service | `true` | -| `imageRenderer.service.portName` | image-renderer service port name | `http` | -| `imageRenderer.service.port` | image-renderer port used by deployment | `8081` | -| `imageRenderer.service.targetPort` | image-renderer service port used by service | `8081` | -| `imageRenderer.appProtocol` | Adds the appProtocol field to the service | `` | -| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` | -| `imageRenderer.serverURL` | Remote image renderer url | `''` | -| `imageRenderer.renderingCallbackURL` | Callback url for the Grafana image renderer | `''` | -| `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` | -| `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` | -| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` | -| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` | -| `imageRenderer.resources` | Set resource limits for image-renderer pods | `{}` | -| `imageRenderer.nodeSelector` | Node labels for pod assignment | `{}` | -| `imageRenderer.tolerations` | Toleration labels for pod assignment | `[]` | -| `imageRenderer.affinity` | Affinity settings for pod assignment | `{}` | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` | -| `networkPolicy.ingress` | Enable the creation of an ingress network policy | `true` | -| `networkPolicy.egress.enabled` | Enable the creation of an egress network policy | `false` | -| `networkPolicy.egress.ports` | An array of ports to allow for the egress | `[]` | -| `enableKubeBackwardCompatibility` | Enable backward compatibility of kubernetes where pod's defintion version below 1.13 doesn't have the enableServiceLinks option | `false` | - -### Example ingress with path - -With grafana 6.3 and above - -```yaml -grafana.ini: - server: - domain: monitoring.example.com - root_url: "%(protocol)s://%(domain)s/grafana" - serve_from_sub_path: true -ingress: - enabled: true - hosts: - - "monitoring.example.com" - path: "/grafana" -``` - -### Example of extraVolumeMounts and extraVolumes - -Configure additional volumes with `extraVolumes` and volume mounts with `extraVolumeMounts`. - -Example for `extraVolumeMounts` and corresponding `extraVolumes`: - -```yaml -extraVolumeMounts: - - name: plugins - mountPath: /var/lib/grafana/plugins - subPath: configs/grafana/plugins - readOnly: false - - name: dashboards - mountPath: /var/lib/grafana/dashboards - hostPath: /usr/shared/grafana/dashboards - readOnly: false - -extraVolumes: - - name: plugins - existingClaim: existing-grafana-claim - - name: dashboards - hostPath: /usr/shared/grafana/dashboards -``` - -Volumes default to `emptyDir`. Set to `persistentVolumeClaim`, -`hostPath`, `csi`, or `configMap` for other types. For a -`persistentVolumeClaim`, specify an existing claim name with -`existingClaim`. - -## Import dashboards - -There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method: - -```yaml -dashboards: - default: - some-dashboard: - json: | - { - "annotations": - - ... - # Complete json file here - ... - - "title": "Some Dashboard", - "uid": "abcd1234", - "version": 1 - } - custom-dashboard: - # This is a path to a file inside the dashboards directory inside the chart directory - file: dashboards/custom-dashboard.json - prometheus-stats: - # Ref: https://grafana.com/dashboards/2 - gnetId: 2 - revision: 2 - datasource: Prometheus - loki-dashboard-quick-search: - gnetId: 12019 - revision: 2 - datasource: - - name: DS_PROMETHEUS - value: Prometheus - - name: DS_LOKI - value: Loki - local-dashboard: - url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json -``` - -## BASE64 dashboards - -Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit) -A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk. -If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk. - -### Gerrit use case - -Gerrit API for download files has the following schema: where {project-name} and -{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard -the url value is - -## Sidecar for dashboards - -If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana -pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with -a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written -to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported -dashboards are deleted/updated. - -A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside -one configmap is currently not properly mirrored in grafana. - -Example dashboard config: - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: sample-grafana-dashboard - labels: - grafana_dashboard: "1" -data: - k8s-dashboard.json: |- - [...] -``` - -## Sidecar for datasources - -If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana -pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and -filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in -those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, -the data sources in grafana can be imported. - -Should you aim for reloading datasources in Grafana each time the config is changed, set `sidecar.datasources.skipReload: false` and adjust `sidecar.datasources.reloadURL` to `http://..svc.cluster.local/api/admin/provisioning/datasources/reload`. - -Secrets are recommended over configmaps for this usecase because datasources usually contain private -data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those. - -Example values to add a postgres datasource as a kubernetes secret: - -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: grafana-datasources - labels: - grafana_datasource: 'true' # default value for: sidecar.datasources.label -stringData: - pg-db.yaml: |- - apiVersion: 1 - datasources: - - name: My pg db datasource - type: postgres - url: my-postgresql-db:5432 - user: db-readonly-user - secureJsonData: - password: 'SUperSEcretPa$$word' - jsonData: - database: my_datase - sslmode: 'disable' # disable/require/verify-ca/verify-full - maxOpenConns: 0 # Grafana v5.4+ - maxIdleConns: 2 # Grafana v5.4+ - connMaxLifetime: 14400 # Grafana v5.4+ - postgresVersion: 1000 # 903=9.3, 904=9.4, 905=9.5, 906=9.6, 1000=10 - timescaledb: false - # allow users to edit datasources from the UI. - editable: false -``` - -Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): - -```yaml -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - # name of the datasource. Required - - name: Graphite - # datasource type. Required - type: graphite - # access mode. proxy or direct (Server or Browser in the UI). Required - access: proxy - # org id. will default to orgId 1 if not specified - orgId: 1 - # url - url: http://localhost:8080 - # database password, if used - password: - # database user, if used - user: - # database name, if used - database: - # enable/disable basic auth - basicAuth: - # basic auth username - basicAuthUser: - # basic auth password - basicAuthPassword: - # enable/disable with credentials headers - withCredentials: - # mark as default datasource. Max one per org - isDefault: - # fields that will be converted to json and stored in json_data - jsonData: - graphiteVersion: "1.1" - tlsAuth: true - tlsAuthWithCACert: true - # json object of data that will be encrypted. - secureJsonData: - tlsCACert: "..." - tlsClientCert: "..." - tlsClientKey: "..." - version: 1 - # allow users to edit datasources from the UI. - editable: false -``` - -## Sidecar for notifiers - -If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana -pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and -filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in -those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, -the notification channels in grafana can be imported. The secrets must be created before -`helm install` so that the notifiers init container can list the secrets. - -Secrets are recommended over configmaps for this usecase because alert notification channels usually contain -private data like SMTP usernames and passwords. Secrets are the more appropriate cluster resource to manage those. - -Example datasource config adapted from [Grafana](https://grafana.com/docs/grafana/latest/administration/provisioning/#alert-notification-channels): - -```yaml -notifiers: - - name: notification-channel-1 - type: slack - uid: notifier1 - # either - org_id: 2 - # or - org_name: Main Org. - is_default: true - send_reminder: true - frequency: 1h - disable_resolve_message: false - # See `Supported Settings` section for settings supporter for each - # alert notification type. - settings: - recipient: 'XXX' - token: 'xoxb' - uploadImage: true - url: https://slack.com - -delete_notifiers: - - name: notification-channel-1 - uid: notifier1 - org_id: 2 - - name: notification-channel-2 - # default org_id: 1 -``` - -## Sidecar for alerting resources - -If the parameter `sidecar.alerts.enabled` is set, a sidecar container is deployed in the grafana -pod. This container watches all configmaps (or secrets) in the cluster (namespace defined by `sidecar.alerts.searchNamespace`) and filters out the ones with -a label as defined in `sidecar.alerts.label` (default is `grafana_alert`). The files defined in those configmaps are written -to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported alerting resources are updated, however, deletions are a little more complicated (see below). - -This sidecar can be used to provision alert rules, contact points, notification policies, notification templates and mute timings as shown in [Grafana Documentation](https://grafana.com/docs/grafana/next/alerting/set-up/provision-alerting-resources/file-provisioning/). - -To fetch the alert config which will be provisioned, use the alert provisioning API ([Grafana Documentation](https://grafana.com/docs/grafana/next/developers/http_api/alerting_provisioning/)). -You can use either JSON or YAML format. - -Example config for an alert rule: - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: sample-grafana-alert - labels: - grafana_alert: "1" -data: - k8s-alert.yml: |- - apiVersion: 1 - groups: - - orgId: 1 - name: k8s-alert - [...] -``` - -To delete provisioned alert rules is a two step process, you need to delete the configmap which defined the alert rule -and then create a configuration which deletes the alert rule. - -Example deletion configuration: - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: delete-sample-grafana-alert - namespace: monitoring - labels: - grafana_alert: "1" -data: - delete-k8s-alert.yml: |- - apiVersion: 1 - deleteRules: - - orgId: 1 - uid: 16624780-6564-45dc-825c-8bded4ad92d3 -``` - -## Statically provision alerting resources - -If you don't need to change alerting resources (alert rules, contact points, notification policies and notification templates) regularly you could use the `alerting` config option instead of the sidecar option above. -This will grab the alerting config and apply it statically at build time for the helm file. - -There are two methods to statically provision alerting configuration in Grafana. Below are some examples and explanations as to how to use each method: - -```yaml -alerting: - team1-alert-rules.yaml: - file: alerting/team1/rules.yaml - team2-alert-rules.yaml: - file: alerting/team2/rules.yaml - team3-alert-rules.yaml: - file: alerting/team3/rules.yaml - notification-policies.yaml: - file: alerting/shared/notification-policies.yaml - notification-templates.yaml: - file: alerting/shared/notification-templates.yaml - contactpoints.yaml: - apiVersion: 1 - contactPoints: - - orgId: 1 - name: Slack channel - receivers: - - uid: default-receiver - type: slack - settings: - # Webhook URL to be filled in - url: "" - # We need to escape double curly braces for the tpl function. - text: '{{ `{{ template "default.message" . }}` }}' - title: '{{ `{{ template "default.title" . }}` }}' -``` - -The two possibilities for static alerting resource provisioning are: - -* Inlining the file contents as shown for contact points in the above example. -* Importing a file using a relative path starting from the chart root directory as shown for the alert rules in the above example. - -### Important notes on file provisioning - -* The format of the files is defined in the [Grafana documentation](https://grafana.com/docs/grafana/next/alerting/set-up/provision-alerting-resources/file-provisioning/) on file provisioning. -* The chart supports importing YAML and JSON files. -* The filename must be unique, otherwise one volume mount will overwrite the other. -* In case of inlining, double curly braces that arise from the Grafana configuration format and are not intended as templates for the chart must be escaped. -* The number of total files under `alerting:` is not limited. Each file will end up as a volume mount in the corresponding provisioning folder of the deployed Grafana instance. -* The file size for each import is limited by what the function `.Files.Get` can handle, which suffices for most cases. - -## How to serve Grafana with a path prefix (/grafana) - -In order to serve Grafana with a prefix (e.g., ), add the following to your values.yaml. - -```yaml -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/rewrite-target: /$1 - nginx.ingress.kubernetes.io/use-regex: "true" - - path: /grafana/?(.*) - hosts: - - k8s.example.dev - -grafana.ini: - server: - root_url: http://localhost:3000/grafana # this host can be localhost -``` - -## How to securely reference secrets in grafana.ini - -This example uses Grafana [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets. - -In grafana.ini: - -```yaml -grafana.ini: - [auth.generic_oauth] - enabled = true - client_id = $__file{/etc/secrets/auth_generic_oauth/client_id} - client_secret = $__file{/etc/secrets/auth_generic_oauth/client_secret} -``` - -Existing secret, or created along with helm: - -```yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: auth-generic-oauth-secret -type: Opaque -stringData: - client_id: - client_secret: -``` - -Include in the `extraSecretMounts` configuration flag: - -```yaml -extraSecretMounts: - - name: auth-generic-oauth-secret-mount - secretName: auth-generic-oauth-secret - defaultMode: 0440 - mountPath: /etc/secrets/auth_generic_oauth - readOnly: true -``` - -### extraSecretMounts using a Container Storage Interface (CSI) provider - -This example uses a CSI driver e.g. retrieving secrets using [Azure Key Vault Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure) - -```yaml -extraSecretMounts: - - name: secrets-store-inline - mountPath: /run/secrets - readOnly: true - csi: - driver: secrets-store.csi.k8s.io - readOnly: true - volumeAttributes: - secretProviderClass: "my-provider" - nodePublishSecretRef: - name: akv-creds -``` - -## Image Renderer Plug-In - -This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/README.md#run-in-docker) - -```yaml -imageRenderer: - enabled: true -``` - -### Image Renderer NetworkPolicy - -By default the image-renderer pods will have a network policy which only allows ingress traffic from the created grafana instance - -### High Availability for unified alerting - -If you want to run Grafana in a high availability cluster you need to enable -the headless service by setting `headlessService: true` in your `values.yaml` -file. - -As next step you have to setup the `grafana.ini` in your `values.yaml` in a way -that it will make use of the headless service to obtain all the IPs of the -cluster. You should replace ``{{ Name }}`` with the name of your helm deployment. - -```yaml -grafana.ini: - ... - unified_alerting: - enabled: true - ha_peers: {{ Name }}-headless:9094 - ha_listen_address: ${POD_IP}:9094 - ha_advertise_address: ${POD_IP}:9094 - - alerting: - enabled: false -``` diff --git a/charts/rancher-monitoring/charts/grafana/templates/nginx-config.yaml b/charts/rancher-monitoring/charts/grafana/templates/nginx-config.yaml deleted file mode 100644 index 2efd923..0000000 --- a/charts/rancher-monitoring/charts/grafana/templates/nginx-config.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: grafana-nginx-proxy-config - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -data: - nginx.conf: |- - worker_processes auto; - error_log /dev/stdout warn; - pid /var/cache/nginx/nginx.pid; - - events { - worker_connections 1024; - } - - http { - include /etc/nginx/mime.types; - log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; - - proxy_connect_timeout 10; - proxy_read_timeout 180; - proxy_send_timeout 5; - proxy_buffering off; - proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; - - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - server { - listen 8080; - access_log off; - - gzip on; - gzip_min_length 1k; - gzip_comp_level 2; - gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; - gzip_vary on; - gzip_disable "MSIE [1-6]\."; - - proxy_set_header Host $host; - - location /api/dashboards { - proxy_pass http://localhost:3000; - } - - location /api/search { - proxy_pass http://localhost:3000; - - sub_filter_types application/json; - sub_filter_once off; - } - - location /api/live/ { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $http_host; - proxy_pass http://localhost:3000; - } - - location / { - proxy_cache my_zone; - proxy_cache_valid 200 302 1d; - proxy_cache_valid 301 30d; - proxy_cache_valid any 5m; - proxy_cache_bypass $http_cache_control; - add_header X-Proxy-Cache $upstream_cache_status; - add_header Cache-Control "public"; - - proxy_pass http://localhost:3000/; - - sub_filter_once off; - - {{- if eq .Values.global.cattle.clusterId "local" -}} - sub_filter '"appSubUrl":""' '"appSubUrl":"/api/v1/namespaces/{{ template "grafana.namespace" . }}/services/http:{{ template "grafana.fullname" . }}:{{ .Values.service.port }}/proxy"'; - {{- else -}} - sub_filter '"appSubUrl":""' '"appSubUrl":"/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ template "grafana.namespace" . }}/services/http:{{ template "grafana.fullname" . }}:{{ .Values.service.port }}/proxy"'; - {{- end -}} - - sub_filter ':"/avatar/' ':"avatar/'; - - if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { - expires 90d; - } - {{- if .Values.ingress.enabled }} - {{- if eq .Values.global.cattle.clusterId "local" }} - rewrite ^/api/v1/namespaces/{{ template "grafana.namespace" . }}/services/http:{{ template "grafana.fullname" . }}:{{ .Values.service.port }}/proxy/public/plugins/(.*)$ /public/plugins/$1 break; - {{- else }} - rewrite ^/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ template "grafana.namespace" . }}/services/http:{{ template "grafana.fullname" . }}:{{ .Values.service.port }}/proxy/public/plugins/(.*)$ /public/plugins/$1 break; - {{- end }} - {{- end }} - - rewrite ^/k8s/clusters/.*/proxy(.*) /$1 break; - - } - } - } diff --git a/charts/rancher-monitoring/charts/grafana/templates/tests/test-configmap.yaml b/charts/rancher-monitoring/charts/grafana/templates/tests/test-configmap.yaml deleted file mode 100644 index 5695df3..0000000 --- a/charts/rancher-monitoring/charts/grafana/templates/tests/test-configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.testFramework.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "grafana.fullname" . }}-test - namespace: {{ include "grafana.namespace" . }} - annotations: - "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }} - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" - labels: - {{- include "grafana.labels" . | nindent 4 }} -data: - run.sh: |- - @test "Test Health" { - url="http://{{ include "grafana.fullname" . }}/api/health" - - code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^ HTTP/{print $2}') - [ "$code" == "200" ] - } -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/tests/test-podsecuritypolicy.yaml b/charts/rancher-monitoring/charts/grafana/templates/tests/test-podsecuritypolicy.yaml deleted file mode 100644 index 2d9c02c..0000000 --- a/charts/rancher-monitoring/charts/grafana/templates/tests/test-podsecuritypolicy.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled (or .Values.global.cattle.psp.enabled .Values.rbac.pspEnabled) }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "grafana.fullname" . }}-test - annotations: - "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }} - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" - labels: - {{- include "grafana.labels" . | nindent 4 }} -spec: - allowPrivilegeEscalation: true - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - fsGroup: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - runAsUser: - rule: RunAsAny - volumes: - - configMap - - downwardAPI - - emptyDir - - projected - - csi - - secret -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/tests/test-role.yaml b/charts/rancher-monitoring/charts/grafana/templates/tests/test-role.yaml deleted file mode 100644 index 7e340b1..0000000 --- a/charts/rancher-monitoring/charts/grafana/templates/tests/test-role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled (or .Values.global.cattle.psp.enabled .Values.rbac.pspEnabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "grafana.fullname" . }}-test - namespace: {{ include "grafana.namespace" . }} - annotations: - "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }} - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" - labels: - {{- include "grafana.labels" . | nindent 4 }} -rules: - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ include "grafana.fullname" . }}-test] -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/tests/test-rolebinding.yaml b/charts/rancher-monitoring/charts/grafana/templates/tests/test-rolebinding.yaml deleted file mode 100644 index 2032afc..0000000 --- a/charts/rancher-monitoring/charts/grafana/templates/tests/test-rolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled (or .Values.global.cattle.psp.enabled .Values.rbac.pspEnabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "grafana.fullname" . }}-test - namespace: {{ include "grafana.namespace" . }} - annotations: - "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }} - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" - labels: - {{- include "grafana.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "grafana.fullname" . }}-test -subjects: - - kind: ServiceAccount - name: {{ include "grafana.serviceAccountNameTest" . }} - namespace: {{ include "grafana.namespace" . }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/tests/test-serviceaccount.yaml b/charts/rancher-monitoring/charts/grafana/templates/tests/test-serviceaccount.yaml deleted file mode 100644 index 2e5f322..0000000 --- a/charts/rancher-monitoring/charts/grafana/templates/tests/test-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and .Values.testFramework.enabled .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "grafana.labels" . | nindent 4 }} - name: {{ include "grafana.serviceAccountNameTest" . }} - namespace: {{ include "grafana.namespace" . }} - annotations: - "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }} - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/tests/test.yaml b/charts/rancher-monitoring/charts/grafana/templates/tests/test.yaml deleted file mode 100644 index 44e4e0a..0000000 --- a/charts/rancher-monitoring/charts/grafana/templates/tests/test.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.testFramework.enabled }} -{{- $root := . }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ include "grafana.fullname" . }}-test - labels: - {{- include "grafana.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }} - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" - namespace: {{ include "grafana.namespace" . }} -spec: - serviceAccountName: {{ include "grafana.serviceAccountNameTest" . }} - {{- with .Values.testFramework.securityContext }} - securityContext: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- if or .Values.image.pullSecrets .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- include "grafana.imagePullSecrets" (dict "root" $root "imagePullSecrets" .Values.image.pullSecrets) | nindent 4 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- tpl (toYaml .) $root | nindent 4 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 4 }} - {{- end }} - containers: - - name: {{ .Release.Name }}-test - image: "{{ template "system_default_registry" . | default .Values.testFramework.image.registry }}/{{ .Values.testFramework.image.repository }}:{{ .Values.testFramework.image.tag }}" - imagePullPolicy: "{{ .Values.testFramework.imagePullPolicy}}" - command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"] - {{- with .Values.testFramework.containerSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - volumeMounts: - - mountPath: /tests - name: tests - readOnly: true - {{- with .Values.testFramework.resources }} - resources: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: tests - configMap: - name: {{ include "grafana.fullname" . }}-test - restartPolicy: Never -{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/.helmignore b/charts/rancher-monitoring/charts/hardenedKubelet/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/Chart.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/Chart.yaml deleted file mode 100644 index b84173d..0000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: v0.1.5-rancher2 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -kubeVersion: '>=1.26.0-0' -name: hardenedKubelet -type: application -version: 0.1.5-rancher2 diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/README.md b/charts/rancher-monitoring/charts/hardenedKubelet/README.md deleted file mode 100644 index 345002f..0000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/templates/_helpers.tpl b/charts/rancher-monitoring/charts/hardenedKubelet/templates/_helpers.tpl deleted file mode 100644 index 1ba5093..0000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- if .Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- $metricRelabelings := list }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- $metricRelabelings = append $metricRelabelings $clusterIdRelabel }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- $metricRelabelings = append $metricRelabelings $clusterNameRelabel }} -{{- end }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $setHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c3..0000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb3..0000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe609..0000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6..0000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb221..0000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2f..0000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d..0000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/values.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/values.yaml deleted file mode 100644 index 168d86c..0000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.5-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.5-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/.helmignore b/charts/rancher-monitoring/charts/hardenedNodeExporter/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/Chart.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/Chart.yaml deleted file mode 100644 index f8a3e87..0000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: v0.1.5-rancher2 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -kubeVersion: '>=1.26.0-0' -name: hardenedNodeExporter -type: application -version: 0.1.5-rancher2 diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/README.md b/charts/rancher-monitoring/charts/hardenedNodeExporter/README.md deleted file mode 100644 index 345002f..0000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/_helpers.tpl b/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/_helpers.tpl deleted file mode 100644 index 1ba5093..0000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- if .Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- $metricRelabelings := list }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- $metricRelabelings = append $metricRelabelings $clusterIdRelabel }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- $metricRelabelings = append $metricRelabelings $clusterNameRelabel }} -{{- end }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $setHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c3..0000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb3..0000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe609..0000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6..0000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb221..0000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2f..0000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d..0000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/values.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/values.yaml deleted file mode 100644 index 168d86c..0000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.5-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.5-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/k3sServer/.helmignore b/charts/rancher-monitoring/charts/k3sServer/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/rancher-monitoring/charts/k3sServer/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/k3sServer/Chart.yaml b/charts/rancher-monitoring/charts/k3sServer/Chart.yaml deleted file mode 100644 index e945ef6..0000000 --- a/charts/rancher-monitoring/charts/k3sServer/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: v0.1.5-rancher2 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -kubeVersion: '>=1.26.0-0' -name: k3sServer -type: application -version: 0.1.5-rancher2 diff --git a/charts/rancher-monitoring/charts/k3sServer/README.md b/charts/rancher-monitoring/charts/k3sServer/README.md deleted file mode 100644 index 345002f..0000000 --- a/charts/rancher-monitoring/charts/k3sServer/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/k3sServer/templates/_helpers.tpl b/charts/rancher-monitoring/charts/k3sServer/templates/_helpers.tpl deleted file mode 100644 index 1ba5093..0000000 --- a/charts/rancher-monitoring/charts/k3sServer/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- if .Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- $metricRelabelings := list }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- $metricRelabelings = append $metricRelabelings $clusterIdRelabel }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- $metricRelabelings = append $metricRelabelings $clusterNameRelabel }} -{{- end }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $setHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c3..0000000 --- a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb3..0000000 --- a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe609..0000000 --- a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6..0000000 --- a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb221..0000000 --- a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/k3sServer/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/k3sServer/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2f..0000000 --- a/charts/rancher-monitoring/charts/k3sServer/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/k3sServer/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/k3sServer/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d..0000000 --- a/charts/rancher-monitoring/charts/k3sServer/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/k3sServer/values.yaml b/charts/rancher-monitoring/charts/k3sServer/values.yaml deleted file mode 100644 index 168d86c..0000000 --- a/charts/rancher-monitoring/charts/k3sServer/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.5-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.5-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/podsecuritypolicy.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/templates/podsecuritypolicy.yaml deleted file mode 100644 index d9d944d..0000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if and .Values.rbac.create (and (or .Values.global.cattle.psp.enabled .Values.podSecurityPolicy.enabled) (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - volumes: - - 'secret' -{{- if .Values.podSecurityPolicy.additionalVolumes }} -{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }} -{{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/psp-clusterrole.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/templates/psp-clusterrole.yaml deleted file mode 100644 index c69e01a..0000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/psp-clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.rbac.create (and (or .Values.global.cattle.psp.enabled .Values.podSecurityPolicy.enabled) (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -rules: -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-state-metrics.fullname" . }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml deleted file mode 100644 index df81c49..0000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.rbac.create (and (or .Values.global.cattle.psp.enabled .Values.podSecurityPolicy.enabled) (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: psp-{{ template "kube-state-metrics.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.serviceAccountName" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/Chart.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/Chart.yaml deleted file mode 100644 index 1c7762b..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: v0.1.5-rancher2 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -kubeVersion: '>=1.26.0-0' -name: kubeAdmControllerManager -type: application -version: 0.1.5-rancher2 diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/README.md b/charts/rancher-monitoring/charts/kubeAdmControllerManager/README.md deleted file mode 100644 index 345002f..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/_helpers.tpl b/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/_helpers.tpl deleted file mode 100644 index 1ba5093..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- if .Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- $metricRelabelings := list }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- $metricRelabelings = append $metricRelabelings $clusterIdRelabel }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- $metricRelabelings = append $metricRelabelings $clusterNameRelabel }} -{{- end }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $setHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c3..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb3..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe609..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb221..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2f..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/values.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/values.yaml deleted file mode 100644 index 168d86c..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.5-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.5-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/.helmignore b/charts/rancher-monitoring/charts/kubeAdmEtcd/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/Chart.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/Chart.yaml deleted file mode 100644 index b95b7f0..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: v0.1.5-rancher2 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -kubeVersion: '>=1.26.0-0' -name: kubeAdmEtcd -type: application -version: 0.1.5-rancher2 diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/README.md b/charts/rancher-monitoring/charts/kubeAdmEtcd/README.md deleted file mode 100644 index 345002f..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/_helpers.tpl b/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/_helpers.tpl deleted file mode 100644 index 1ba5093..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- if .Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- $metricRelabelings := list }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- $metricRelabelings = append $metricRelabelings $clusterIdRelabel }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- $metricRelabelings = append $metricRelabelings $clusterNameRelabel }} -{{- end }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $setHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c3..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb3..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe609..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb221..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2f..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/values.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/values.yaml deleted file mode 100644 index 168d86c..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.5-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.5-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/.helmignore b/charts/rancher-monitoring/charts/kubeAdmProxy/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/Chart.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/Chart.yaml deleted file mode 100644 index bb40ed8..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: v0.1.5-rancher2 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -kubeVersion: '>=1.26.0-0' -name: kubeAdmProxy -type: application -version: 0.1.5-rancher2 diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/README.md b/charts/rancher-monitoring/charts/kubeAdmProxy/README.md deleted file mode 100644 index 345002f..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/_helpers.tpl b/charts/rancher-monitoring/charts/kubeAdmProxy/templates/_helpers.tpl deleted file mode 100644 index 1ba5093..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- if .Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- $metricRelabelings := list }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- $metricRelabelings = append $metricRelabelings $clusterIdRelabel }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- $metricRelabelings = append $metricRelabelings $clusterNameRelabel }} -{{- end }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $setHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c3..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb3..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe609..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb221..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2f..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/values.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/values.yaml deleted file mode 100644 index 168d86c..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.5-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.5-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/.helmignore b/charts/rancher-monitoring/charts/kubeAdmScheduler/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/Chart.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/Chart.yaml deleted file mode 100644 index 3ed962e..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: v0.1.5-rancher2 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -kubeVersion: '>=1.26.0-0' -name: kubeAdmScheduler -type: application -version: 0.1.5-rancher2 diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/README.md b/charts/rancher-monitoring/charts/kubeAdmScheduler/README.md deleted file mode 100644 index 345002f..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/_helpers.tpl b/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/_helpers.tpl deleted file mode 100644 index 1ba5093..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- if .Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- $metricRelabelings := list }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- $metricRelabelings = append $metricRelabelings $clusterIdRelabel }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- $metricRelabelings = append $metricRelabelings $clusterNameRelabel }} -{{- end }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $setHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c3..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb3..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe609..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb221..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2f..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/values.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/values.yaml deleted file mode 100644 index 168d86c..0000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.5-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.5-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/Chart.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/Chart.yaml deleted file mode 100644 index 0417f99..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -appVersion: v0.12.0 -description: A Helm chart for k8s prometheus adapter -home: https://github.com/kubernetes-sigs/prometheus-adapter -keywords: -- hpa -- metrics -- prometheus -- adapter -kubeVersion: '>=1.26.0-0' -maintainers: -- email: mattias.gees@jetstack.io - name: mattiasgees - url: https://github.com/mattiasgees -- name: steven-sheehy - url: https://github.com/steven-sheehy -- email: hfernandez@mesosphere.com - name: hectorj2f - url: https://github.com/hectorj2f -name: prometheus-adapter -sources: -- https://github.com/kubernetes/charts -- https://github.com/kubernetes-sigs/prometheus-adapter -version: 4.13.0 diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/README.md b/charts/rancher-monitoring/charts/prometheus-adapter/README.md deleted file mode 100644 index d77bb0c..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/README.md +++ /dev/null @@ -1,160 +0,0 @@ -# Prometheus Adapter - -Installs the [Prometheus Adapter](https://github.com/kubernetes-sigs/prometheus-adapter) for the Custom Metrics API. Custom metrics are used in Kubernetes by [Horizontal Pod Autoscalers](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) to scale workloads based upon your own metric pulled from an external metrics provider like Prometheus. This chart complements the [metrics-server](https://github.com/helm/charts/tree/master/stable/metrics-server) chart that provides resource only metrics. - -## Prerequisites - -Kubernetes 1.14+ - -## Get Helm Repositories Info - -```console -helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -helm repo update -``` - -_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Helm Chart - -```console -helm install [RELEASE_NAME] prometheus-community/prometheus-adapter -``` - -_See [configuration](#configuration) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - -## Uninstall Helm Chart - -```console -helm uninstall [RELEASE_NAME] -``` - -This removes all the Kubernetes components associated with the chart and deletes the release. - -_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ - -## Upgrading Helm Chart - -```console -helm upgrade [RELEASE_NAME] [CHART] --install -``` - -_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ - -### To 4.2.0 - -Readiness and liveness probes are now fully configurable through values `readinessProbe` and `livenessProbe`. The previous values have been kept as defaults. - -### To 4.0.0 - -Previously, security context of the container was set directly in the deployment template. This release makes it configurable through the new configuration variable `securityContext` whilst keeping the previously set values as defaults. Furthermore, previous variable `runAsUser` is now set in `securityContext` and is not used any longer. Please, use `securityContext.runAsUser` instead. In the same security context, `seccompProfile` has been enabled and set to type `RuntimeDefault`. - -### To 3.0.0 - -Due to a change in deployment labels, the upgrade requires `helm upgrade --force` in order to re-create the deployment. - -## Configuration - -See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: - -```console -helm show values prometheus-community/prometheus-adapter -``` - -### Prometheus Service Endpoint - -To use the chart, ensure the `prometheus.url` and `prometheus.port` are configured with the correct Prometheus service endpoint. If Prometheus is exposed under HTTPS the host's CA Bundle must be exposed to the container using `extraVolumes` and `extraVolumeMounts`. - -### Adapter Rules - -Additionally, the chart comes with a set of default rules out of the box but they may pull in too many metrics or not map them correctly for your needs. Therefore, it is recommended to populate `rules.custom` with a list of rules (see the [config document](https://github.com/kubernetes-sigs/prometheus-adapter/blob/master/docs/config.md) for the proper format). - -### Horizontal Pod Autoscaler Metrics - -Finally, to configure your Horizontal Pod Autoscaler to use the custom metric, see the custom metrics section of the [HPA walkthrough](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics). - -The Prometheus Adapter can serve three different [metrics APIs](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-metrics-apis): - -### Custom Metrics - -Enabling this option will cause custom metrics to be served at `/apis/custom.metrics.k8s.io/v1beta1`. Enabled by default when `rules.default` is true, but can be customized by populating `rules.custom`: - -```yaml -rules: - custom: - - seriesQuery: '{__name__=~"^some_metric_count$"}' - resources: - template: <<.Resource>> - name: - matches: "" - as: "my_custom_metric" - metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) -``` - -### External Metrics - -Enabling this option will cause external metrics to be served at `/apis/external.metrics.k8s.io/v1beta1`. Can be enabled by populating `rules.external`: - -```yaml -rules: - external: - - seriesQuery: '{__name__=~"^some_metric_count$"}' - resources: - template: <<.Resource>> - name: - matches: "" - as: "my_external_metric" - metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) -``` - -### Resource Metrics - -Enabling this option will cause resource metrics to be served at `/apis/metrics.k8s.io/v1beta1`. Resource metrics will allow pod CPU and Memory metrics to be used in [Horizontal Pod Autoscalers](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) as well as the `kubectl top` command. Can be enabled by populating `rules.resource`: - -```yaml -rules: - resource: - cpu: - containerQuery: | - sum by (<<.GroupBy>>) ( - rate(container_cpu_usage_seconds_total{container!="",<<.LabelMatchers>>}[3m]) - ) - nodeQuery: | - sum by (<<.GroupBy>>) ( - rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal",<<.LabelMatchers>>}[3m]) - ) - resources: - overrides: - node: - resource: node - namespace: - resource: namespace - pod: - resource: pod - containerLabel: container - memory: - containerQuery: | - sum by (<<.GroupBy>>) ( - avg_over_time(container_memory_working_set_bytes{container!="",<<.LabelMatchers>>}[3m]) - ) - nodeQuery: | - sum by (<<.GroupBy>>) ( - avg_over_time(node_memory_MemTotal_bytes{<<.LabelMatchers>>}[3m]) - - - avg_over_time(node_memory_MemAvailable_bytes{<<.LabelMatchers>>}[3m]) - ) - resources: - overrides: - node: - resource: node - namespace: - resource: namespace - pod: - resource: pod - containerLabel: container - window: 3m -``` - -**NOTE:** Setting a value for `rules.resource` will also deploy the resource metrics API service, providing the same functionality as [metrics-server](https://github.com/helm/charts/tree/master/stable/metrics-server). As such it is not possible to deploy them both in the same cluster. diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/NOTES.txt b/charts/rancher-monitoring/charts/prometheus-adapter/templates/NOTES.txt deleted file mode 100644 index b7b9b99..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/NOTES.txt +++ /dev/null @@ -1,9 +0,0 @@ -{{ template "k8s-prometheus-adapter.fullname" . }} has been deployed. -In a few minutes you should be able to list metrics using the following command(s): -{{ if .Values.rules.resource }} - kubectl get --raw /apis/metrics.k8s.io/v1beta1 -{{- end }} - kubectl get --raw /apis/custom.metrics.k8s.io/v1beta1 -{{ if .Values.rules.external }} - kubectl get --raw /apis/external.metrics.k8s.io/v1beta1 -{{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/_helpers.tpl b/charts/rancher-monitoring/charts/prometheus-adapter/templates/_helpers.tpl deleted file mode 100644 index 13b1747..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/_helpers.tpl +++ /dev/null @@ -1,105 +0,0 @@ -# Rancher -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "k8s-prometheus-adapter.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "k8s-prometheus-adapter.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts -*/}} -{{- define "k8s-prometheus-adapter.namespace" -}} -{{- default .Release.Namespace .Values.namespaceOverride -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "k8s-prometheus-adapter.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Generate basic labels -*/}} -{{- define "k8s-prometheus-adapter.labels" }} -helm.sh/chart: {{ include "k8s-prometheus-adapter.chart" . }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/component: metrics -app.kubernetes.io/part-of: {{ template "k8s-prometheus-adapter.name" . }} -{{- include "k8s-prometheus-adapter.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels }} -{{- end }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "k8s-prometheus-adapter.selectorLabels" }} -app.kubernetes.io/name: {{ include "k8s-prometheus-adapter.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "k8s-prometheus-adapter.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "k8s-prometheus-adapter.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* Get Policy API Version */}} -{{- define "k8s-prometheus-adapter.pdb.apiVersion" -}} -{{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" .Capabilities.KubeVersion.Version) -}} - {{- print "policy/v1" -}} -{{- else -}} - {{- print "policy/v1beta1" -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/certmanager.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/certmanager.yaml deleted file mode 100644 index a99970d..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/certmanager.yaml +++ /dev/null @@ -1,82 +0,0 @@ -{{- if .Values.certManager.enabled -}} ---- -# Create a selfsigned Issuer, in order to create a root CA certificate for -# signing webhook serving certificates -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: {{ template "k8s-prometheus-adapter.fullname" . }}-self-signed-issuer - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} -spec: - selfSigned: {} ---- -# Generate a CA Certificate used to sign certificates for the webhook -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} -spec: - secretName: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert - duration: {{ .Values.certManager.caCertDuration }} - {{- with .Values.certManager.caCertRevisionHistoryLimit }} - revisionHistoryLimit: {{ . }} - {{- end }} - issuerRef: - name: {{ template "k8s-prometheus-adapter.fullname" . }}-self-signed-issuer - commonName: "ca.webhook.prometheus-adapter" - isCA: true ---- -# Create an Issuer that uses the above generated CA certificate to issue certs -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-issuer - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} -spec: - ca: - secretName: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert ---- -# Finally, generate a serving certificate for the apiservices to use -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ template "k8s-prometheus-adapter.fullname" . }}-cert - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} -spec: - secretName: {{ template "k8s-prometheus-adapter.fullname" . }} - duration: {{ .Values.certManager.certDuration }} - {{- with .Values.certManager.certRevisionHistoryLimit }} - revisionHistoryLimit: {{ . }} - {{- end }} - issuerRef: - name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-issuer - dnsNames: - - {{ template "k8s-prometheus-adapter.fullname" . }} - - {{ template "k8s-prometheus-adapter.fullname" . }}.{{ include "k8s-prometheus-adapter.namespace" . }} - - {{ template "k8s-prometheus-adapter.fullname" . }}.{{ include "k8s-prometheus-adapter.namespace" . }}.svc -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml deleted file mode 100644 index 6701e6b..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-system-auth-delegator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-auth-reader.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-auth-reader.yaml deleted file mode 100644 index fe13048..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-auth-reader.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.useAuthReaderClusterRole -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-auth-reader -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml deleted file mode 100644 index 67efd2a..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-resource-reader -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "k8s-prometheus-adapter.name" . }}-resource-reader -subjects: -- kind: ServiceAccount - name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml deleted file mode 100644 index 2c690a0..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-resource-reader -rules: -- apiGroups: - - "" - resources: - - namespaces - - pods - - services - - configmaps - verbs: - - get - - list - - watch -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/configmap.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/configmap.yaml deleted file mode 100644 index 17f415d..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/configmap.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- if not .Values.rules.existing -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "k8s-prometheus-adapter.fullname" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} -data: - config.yaml: | -{{- if or .Values.rules.default .Values.rules.custom }} - rules: -{{- if .Values.rules.default }} - - seriesQuery: '{__name__=~"^container_.*",container!="POD",namespace!="",pod!=""}' - seriesFilters: [] - resources: - overrides: - namespace: - resource: namespace - pod: - resource: pod - name: - matches: ^container_(.*)_seconds_total$ - as: "" - metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>,container!="POD"}[5m])) - by (<<.GroupBy>>) - - seriesQuery: '{__name__=~"^container_.*",container!="POD",namespace!="",pod!=""}' - seriesFilters: - - isNot: ^container_.*_seconds_total$ - resources: - overrides: - namespace: - resource: namespace - pod: - resource: pod - name: - matches: ^container_(.*)_total$ - as: "" - metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>,container!="POD"}[5m])) - by (<<.GroupBy>>) - - seriesQuery: '{__name__=~"^container_.*",container!="POD",namespace!="",pod!=""}' - seriesFilters: - - isNot: ^container_.*_total$ - resources: - overrides: - namespace: - resource: namespace - pod: - resource: pod - name: - matches: ^container_(.*)$ - as: "" - metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>,container!="POD"}) by (<<.GroupBy>>) - - seriesQuery: '{namespace!="",__name__!~"^container_.*"}' - seriesFilters: - - isNot: .*_total$ - resources: - template: <<.Resource>> - name: - matches: "" - as: "" - metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) - - seriesQuery: '{namespace!="",__name__!~"^container_.*"}' - seriesFilters: - - isNot: .*_seconds_total - resources: - template: <<.Resource>> - name: - matches: ^(.*)_total$ - as: "" - metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>) - - seriesQuery: '{namespace!="",__name__!~"^container_.*"}' - seriesFilters: [] - resources: - template: <<.Resource>> - name: - matches: ^(.*)_seconds_total$ - as: "" - metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>) -{{- end -}} -{{- if .Values.rules.custom }} -{{ toYaml .Values.rules.custom | indent 4 }} -{{- end -}} -{{- end -}} -{{- if .Values.rules.external }} - externalRules: -{{ toYaml .Values.rules.external | indent 4 }} -{{- end -}} -{{- if .Values.rules.resource }} - resourceRules: -{{ toYaml .Values.rules.resource | indent 6 }} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml deleted file mode 100644 index 8b7b4e5..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if or .Values.rules.default .Values.rules.custom }} -{{- if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1" }} -apiVersion: apiregistration.k8s.io/v1 -{{- else }} -apiVersion: apiregistration.k8s.io/v1beta1 -{{- end }} -kind: APIService -metadata: -{{- if or .Values.certManager.enabled .Values.customAnnotations }} - annotations: - certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" (include "k8s-prometheus-adapter.namespace" .) (include "k8s-prometheus-adapter.fullname" .) | quote }} - cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" (include "k8s-prometheus-adapter.namespace" .) (include "k8s-prometheus-adapter.fullname" .) | quote }} - {{- if .Values.customAnnotations }} - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} -{{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: v1beta1.custom.metrics.k8s.io -spec: - service: - name: {{ template "k8s-prometheus-adapter.fullname" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} - {{- if .Values.tls.enable }} - caBundle: {{ b64enc .Values.tls.ca }} - {{- end }} - group: custom.metrics.k8s.io - version: v1beta1 - {{- if not (or .Values.tls.enable .Values.certManager.enabled) }} - insecureSkipTLSVerify: true - {{- end }} - groupPriorityMinimum: 100 - versionPriority: 100 -{{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml deleted file mode 100644 index 0cc6920..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- /* -This if must be aligned with custom-metrics-cluster-role.yaml -as otherwise this binding will point to not existing role. -*/ -}} -{{- if and .Values.rbac.create (or .Values.rules.default .Values.rules.custom) -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-hpa-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "k8s-prometheus-adapter.name" . }}-server-resources -subjects: -- kind: ServiceAccount - name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml deleted file mode 100644 index f441e1b..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.rbac.create (or .Values.rules.default .Values.rules.custom) -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-server-resources -rules: -- apiGroups: - - custom.metrics.k8s.io - resources: {{ toYaml .Values.rbac.customMetrics.resources | nindent 2 }} - verbs: ["*"] -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/deployment.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/deployment.yaml deleted file mode 100644 index a25f35d..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/deployment.yaml +++ /dev/null @@ -1,154 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - {{- if or .Values.customAnnotations .Values.deploymentAnnotations }} - annotations: - {{- with .Values.customAnnotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.deploymentAnnotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.fullname" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} -spec: - replicas: {{ .Values.replicas }} - strategy: {{ toYaml .Values.strategy | nindent 4 }} - selector: - matchLabels: - {{- include "k8s-prometheus-adapter.selectorLabels" . | indent 6 }} - template: - metadata: - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | trim | nindent 8 }} - {{- end }} - name: {{ template "k8s-prometheus-adapter.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.customAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} - serviceAccountName: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - {{- if .Values.hostNetwork.enabled }} - hostNetwork: true - {{- end }} - {{- if .Values.dnsPolicy }} - dnsPolicy: {{ .Values.dnsPolicy }} - {{- end}} - {{- with .Values.dnsConfig }} - dnsConfig: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- with .Values.env }} - env: - {{- toYaml . | nindent 8 }} - {{- end }} - args: - - /adapter - - --secure-port={{ .Values.listenPort }} - {{- if or .Values.tls.enable .Values.certManager.enabled }} - - --tls-cert-file=/var/run/serving-cert/tls.crt - - --tls-private-key-file=/var/run/serving-cert/tls.key - {{- end }} - - --cert-dir=/tmp/cert - - --prometheus-url={{ tpl .Values.prometheus.url . }}{{ if .Values.prometheus.port }}:{{ .Values.prometheus.port }}{{end}}{{ .Values.prometheus.path }} - - --metrics-relist-interval={{ .Values.metricsRelistInterval }} - - --v={{ .Values.logLevel }} - - --config=/etc/adapter/config.yaml - {{- if .Values.extraArguments }} - {{- toYaml .Values.extraArguments | trim | nindent 8 }} - {{- end }} - ports: - - containerPort: {{ .Values.listenPort }} - name: https - {{- with .Values.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.startupProbe }} - startupProbe: - {{- toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.resources }} - resources: - {{- toYaml .Values.resources | nindent 10 }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 10 }} - {{- end }} - volumeMounts: - {{- if .Values.extraVolumeMounts }} - {{ toYaml .Values.extraVolumeMounts | trim | nindent 8 }} - {{ end }} - - mountPath: /etc/adapter/ - name: config - readOnly: true - - mountPath: /tmp - name: tmp - {{- if or .Values.tls.enable .Values.certManager.enabled }} - - mountPath: /var/run/serving-cert - name: volume-serving-cert - readOnly: true - {{- end }} - {{- with .Values.extraContainers }} - {{- toYaml . | nindent 6 }} - {{- end }} - nodeSelector: - kubernetes.io/os: linux - {{- with .Values.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - affinity: - {{- toYaml .Values.affinity | nindent 8 }} - topologySpreadConstraints: - {{- toYaml .Values.topologySpreadConstraints | nindent 8 }} - {{- with .Values.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} - {{- if .Values.podSecurityContext }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} - {{- if .Values.tolerations }} - {{- toYaml .Values.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range .Values.image.pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} - volumes: - {{- if .Values.extraVolumes }} - {{ toYaml .Values.extraVolumes | trim | nindent 6 }} - {{ end }} - - name: config - configMap: - name: {{ .Values.rules.existing | default (include "k8s-prometheus-adapter.fullname" . ) }} - - name: tmp - emptyDir: {} - {{- if or .Values.tls.enable .Values.certManager.enabled }} - - name: volume-serving-cert - secret: - secretName: {{ template "k8s-prometheus-adapter.fullname" . }} - {{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml deleted file mode 100644 index 21339af..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.rules.external }} -{{- if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1" }} -apiVersion: apiregistration.k8s.io/v1 -{{- else }} -apiVersion: apiregistration.k8s.io/v1beta1 -{{- end }} -kind: APIService -metadata: -{{- if or .Values.certManager.enabled .Values.customAnnotations }} - annotations: - certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" (include "k8s-prometheus-adapter.namespace" .) (include "k8s-prometheus-adapter.fullname" .) | quote }} - cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" (include "k8s-prometheus-adapter.namespace" .) (include "k8s-prometheus-adapter.fullname" .) | quote }} - {{- if .Values.customAnnotations }} - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} -{{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: v1beta1.external.metrics.k8s.io -spec: - service: - name: {{ template "k8s-prometheus-adapter.fullname" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} - {{- if .Values.tls.enable }} - caBundle: {{ b64enc .Values.tls.ca }} - {{- end }} - group: external.metrics.k8s.io - version: v1beta1 - {{- if not (or .Values.tls.enable .Values.certManager.enabled) }} - insecureSkipTLSVerify: true - {{- end }} - groupPriorityMinimum: 100 - versionPriority: 100 -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml deleted file mode 100644 index 05547bd..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.rbac.create .Values.rules.external -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-hpa-controller-external-metrics -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "k8s-prometheus-adapter.name" . }}-external-metrics -subjects: -- kind: ServiceAccount - name: horizontal-pod-autoscaler - namespace: kube-system -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml deleted file mode 100644 index 71783fd..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.rbac.create .Values.rules.external -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-external-metrics -rules: -- apiGroups: - - "external.metrics.k8s.io" - resources: {{ toYaml .Values.rbac.externalMetrics.resources | nindent 2 }} - verbs: - - list - - get - - watch -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/pdb.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/pdb.yaml deleted file mode 100644 index 205761a..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/pdb.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.podDisruptionBudget.enabled }} -apiVersion: {{ include "k8s-prometheus-adapter.pdb.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "k8s-prometheus-adapter.fullname" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} -spec: - {{- if .Values.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - {{- include "k8s-prometheus-adapter.selectorLabels" . | indent 6 }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/psp.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/psp.yaml deleted file mode 100644 index 02eb592..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/psp.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if and (or .Values.global.cattle.psp.enabled .Values.psp.create) (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "k8s-prometheus-adapter.fullname" . }} - {{- with (merge .Values.customAnnotations .Values.psp.annotations) }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} -spec: - {{- if .Values.hostNetwork.enabled }} - hostNetwork: true - hostPorts: - - min: {{ .Values.listenPort }} - max: {{ .Values.listenPort }} - {{- end }} - fsGroup: - rule: RunAsAny - runAsGroup: - rule: RunAsAny - runAsUser: - rule: MustRunAs - ranges: - - min: 1024 - max: 65535 - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - secret - - emptyDir - - configMap ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-psp -rules: -- apiGroups: - - 'policy' - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "k8s-prometheus-adapter.fullname" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-psp -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "k8s-prometheus-adapter.name" . }}-psp -subjects: -- kind: ServiceAccount - name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml deleted file mode 100644 index 0cc9fff..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.rules.resource}} -{{- if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1" }} -apiVersion: apiregistration.k8s.io/v1 -{{- else }} -apiVersion: apiregistration.k8s.io/v1beta1 -{{- end }} -kind: APIService -metadata: -{{- if or .Values.certManager.enabled .Values.customAnnotations }} - annotations: - certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" (include "k8s-prometheus-adapter.namespace" .) (include "k8s-prometheus-adapter.fullname" .) | quote }} - cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" (include "k8s-prometheus-adapter.namespace" .) (include "k8s-prometheus-adapter.fullname" .) | quote }} - {{- if .Values.customAnnotations }} - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} -{{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: v1beta1.metrics.k8s.io -spec: - service: - name: {{ template "k8s-prometheus-adapter.fullname" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} - {{- if .Values.tls.enable }} - caBundle: {{ b64enc .Values.tls.ca }} - {{- end }} - group: metrics.k8s.io - version: v1beta1 - {{- if not (or .Values.tls.enable .Values.certManager.enabled) }} - insecureSkipTLSVerify: true - {{- end }} - groupPriorityMinimum: 100 - versionPriority: 100 -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml deleted file mode 100644 index 3c247e4..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.rbac.create .Values.rules.resource -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-hpa-controller-metrics -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "k8s-prometheus-adapter.name" . }}-metrics -subjects: -- kind: ServiceAccount - name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml deleted file mode 100644 index 73d8953..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.rbac.create .Values.rules.resource -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-metrics -rules: -- apiGroups: - - "" - resources: - - pods - - nodes - - nodes/stats - verbs: - - get - - list - - watch -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml deleted file mode 100644 index f01997e..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.rbac.create (not .Values.rbac.useAuthReaderClusterRole) -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-auth-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/secret.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/secret.yaml deleted file mode 100644 index 3e7e888..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.tls.enable -}} -apiVersion: v1 -kind: Secret -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.fullname" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} -type: kubernetes.io/tls -data: - tls.crt: {{ b64enc .Values.tls.certificate }} - tls.key: {{ b64enc .Values.tls.key }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/service.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/service.yaml deleted file mode 100644 index 4879385..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - {{- if or .Values.service.annotations .Values.customAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{ toYaml .Values.service.annotations | indent 4 }} - {{- end }} - {{- if .Values.customAnnotations }} - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.fullname" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} -spec: -{{- if .Values.service.ipDualStack.enabled }} - ipFamilies: {{ toYaml .Values.service.ipDualStack.ipFamilies | nindent 4 }} - ipFamilyPolicy: {{ .Values.service.ipDualStack.ipFamilyPolicy }} -{{- end }} - ports: - - port: {{ .Values.service.port }} - name: https - protocol: TCP - targetPort: https - selector: - {{- include "k8s-prometheus-adapter.selectorLabels" . | indent 4 }} - type: {{ .Values.service.type }} - {{- if .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/serviceaccount.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/serviceaccount.yaml deleted file mode 100644 index 81535a8..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/serviceaccount.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -metadata: - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} -{{- if or .Values.serviceAccount.annotations .Values.customAnnotations }} - annotations: - {{- if .Values.serviceAccount.annotations }} - {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- if .Values.customAnnotations }} - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} -{{- end }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/values.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/values.yaml deleted file mode 100644 index 03b3529..0000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/values.yaml +++ /dev/null @@ -1,311 +0,0 @@ -# Default values for k8s-prometheus-adapter.. -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - -affinity: {} - -topologySpreadConstraints: [] - -image: - repository: rancher/mirrored-prometheus-adapter-prometheus-adapter - # if not set appVersion field from Chart.yaml is used - tag: v0.12.0 - pullPolicy: IfNotPresent - pullSecrets: [] - # - foo - -logLevel: 4 - -metricsRelistInterval: 1m - -listenPort: 6443 - -nodeSelector: {} - -priorityClassName: "" - -## Override the release namespace (for multi-namespace deployments in combined charts) -namespaceOverride: "" - -## Additional annotations to add to all resources -customAnnotations: {} - # role: custom-metrics - -## Additional labels to add to all resources -customLabels: {} - # monitoring: prometheus-adapter - -# Url to access prometheus -prometheus: - # Value is templated - url: http://prometheus.default.svc - port: 9090 - path: "" - -replicas: 1 - -# k8s 1.21 needs fsGroup to be set for non root deployments -# ref: https://github.com/kubernetes/kubernetes/issues/70679 -podSecurityContext: - fsGroup: 10001 - -# SecurityContext of the container -# ref. https://kubernetes.io/docs/tasks/configure-pod-container/security-context -securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 10001 - seccompProfile: - type: RuntimeDefault - -rbac: - # Specifies whether RBAC resources should be created - create: true - # Specifies if a Cluster Role should be used for the Auth Reader - useAuthReaderClusterRole: false - externalMetrics: - resources: ["*"] - customMetrics: - resources: ["*"] - -psp: - # Specifies whether PSP resources should be created - create: false - # Annotations added to the pod security policy - annotations: {} - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - -# If false then the user will opt out of automounting API credentials. -automountServiceAccountToken: true - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - # ServiceAccount annotations. - # Use case: AWS EKS IAM roles for service accounts - # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html - annotations: {} - # If false then the user will opt out of automounting API credentials. - automountServiceAccountToken: true - -# Custom DNS configuration to be added to prometheus-adapter pods -dnsConfig: {} - # nameservers: - # - 1.2.3.4 - # searches: - # - ns1.svc.cluster-domain.example - # - my.dns.search.suffix - # options: - # - name: ndots - # value: "2" - # - name: edns0 - -resources: {} - # requests: - # cpu: 100m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - -# Configure liveness probe -# https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#Probe -livenessProbe: - httpGet: - path: /healthz - port: https - scheme: HTTPS - initialDelaySeconds: 30 - timeoutSeconds: 5 - -# Configure readiness probe -readinessProbe: - httpGet: - path: /healthz - port: https - scheme: HTTPS - initialDelaySeconds: 30 - timeoutSeconds: 5 - -# Configure startup probe -# Use if prometheus-adapter takes a long time to finish startup e.g. polling a lot of API versions in cluster -startupProbe: {} - -rules: - default: true - - custom: [] - # - seriesQuery: '{__name__=~"^some_metric_count$"}' - # resources: - # template: <<.Resource>> - # name: - # matches: "" - # as: "my_custom_metric" - # metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) - - # Mounts a configMap with pre-generated rules for use. Overrides the - # default, custom, external and resource entries - existing: - - external: [] - # - seriesQuery: '{__name__=~"^some_metric_count$"}' - # resources: - # template: <<.Resource>> - # name: - # matches: "" - # as: "my_external_metric" - # metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) - - # resource: - # cpu: - # containerQuery: | - # sum by (<<.GroupBy>>) ( - # rate(container_cpu_usage_seconds_total{container!="",<<.LabelMatchers>>}[3m]) - # ) - # nodeQuery: | - # sum by (<<.GroupBy>>) ( - # rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal",<<.LabelMatchers>>}[3m]) - # ) - # resources: - # overrides: - # node: - # resource: node - # namespace: - # resource: namespace - # pod: - # resource: pod - # containerLabel: container - # memory: - # containerQuery: | - # sum by (<<.GroupBy>>) ( - # avg_over_time(container_memory_working_set_bytes{container!="",<<.LabelMatchers>>}[3m]) - # ) - # nodeQuery: | - # sum by (<<.GroupBy>>) ( - # avg_over_time(node_memory_MemTotal_bytes{<<.LabelMatchers>>}[3m]) - # - - # avg_over_time(node_memory_MemAvailable_bytes{<<.LabelMatchers>>}[3m]) - # ) - # resources: - # overrides: - # node: - # resource: node - # namespace: - # resource: namespace - # pod: - # resource: pod - # containerLabel: container - # window: 3m - -service: - annotations: {} - port: 443 - type: ClusterIP - # clusterIP: 1.2.3.4 - ipDualStack: - enabled: false - ipFamilies: ["IPv6", "IPv4"] - ipFamilyPolicy: "PreferDualStack" -tls: - enable: false - ca: |- - # Public CA file that signed the APIService - key: |- - # Private key of the APIService - certificate: |- - # Public key of the APIService - -# Set environment variables from secrets, configmaps or by setting them as name/value -env: [] - # - name: TMP_DIR - # value: /tmp - # - name: PASSWORD - # valueFrom: - # secretKeyRef: - # name: mysecret - # key: password - # optional: false - -# Any extra arguments -extraArguments: [] - # - --tls-private-key-file=/etc/tls/tls.key - # - --tls-cert-file=/etc/tls/tls.crt - -# Additional containers to add to the pod -extraContainers: [] - -# Any extra volumes -extraVolumes: [] - # - name: example-name - # hostPath: - # path: /path/on/host - # type: DirectoryOrCreate - # - name: ssl-certs - # hostPath: - # path: /etc/ssl/certs/ca-bundle.crt - # type: File - -# Any extra volume mounts -extraVolumeMounts: [] - # - name: example-name - # mountPath: /path/in/container - # - name: ssl-certs - # mountPath: /etc/ssl/certs/ca-certificates.crt - # readOnly: true - -tolerations: [] - -# Labels added to the pod -podLabels: {} - -# Annotations added to the pod -podAnnotations: {} - -# Annotations added to the deployment -deploymentAnnotations: {} - -hostNetwork: - # Specifies if prometheus-adapter should be started in hostNetwork mode. - # - # You would require this enabled if you use alternate overlay networking for pods and - # API server unable to communicate with metrics-server. As an example, this is required - # if you use Weave network on EKS. See also dnsPolicy - enabled: false - -# When hostNetwork is enabled, you probably want to set this to ClusterFirstWithHostNet -# dnsPolicy: ClusterFirstWithHostNet - -# Deployment strategy type -strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 25% - maxSurge: 25% - -podDisruptionBudget: - # Specifies if PodDisruptionBudget should be enabled - # When enabled, minAvailable or maxUnavailable should also be defined. - enabled: false - minAvailable: - maxUnavailable: 1 - -certManager: - enabled: false - caCertDuration: 43800h0m0s - certDuration: 8760h0m0s - # -- Set the revisionHistoryLimit on the Certificates. See - # https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec - # Defaults to nil. - caCertRevisionHistoryLimit: - certRevisionHistoryLimit: diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml b/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml deleted file mode 100644 index ee5bbba..0000000 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (or .Values.global.cattle.psp.enable (and .Values.rbac.create .Values.rbac.pspEnabled)) (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: psp-{{ include "prometheus-node-exporter.fullname" . }} - labels: - {{- include "prometheus-node-exporter.labels" . | nindent 4 }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ include "prometheus-node-exporter.fullname" . }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml b/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml deleted file mode 100644 index 160f2bb..0000000 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and (or .Values.global.cattle.psp.enable (and .Values.rbac.create .Values.rbac.pspEnabled)) (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: psp-{{ include "prometheus-node-exporter.fullname" . }} - labels: - {{- include "prometheus-node-exporter.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: psp-{{ include "prometheus-node-exporter.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "prometheus-node-exporter.fullname" . }} - namespace: {{ include "prometheus-node-exporter.namespace" . }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp.yaml b/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp.yaml deleted file mode 100644 index f3b52e1..0000000 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if and (or .Values.global.cattle.psp.enable (and .Values.rbac.create .Values.rbac.pspEnabled)) (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "prometheus-node-exporter.fullname" . }} - namespace: {{ include "prometheus-node-exporter.namespace" . }} - labels: - {{- include "prometheus-node-exporter.labels" . | nindent 4 }} - {{- with .Values.rbac.pspAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - privileged: false - # Allow core volume types. - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - - 'hostPath' - hostNetwork: true - hostIPC: false - hostPID: true - hostPorts: - - min: 0 - max: 65535 - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/.helmignore b/charts/rancher-monitoring/charts/rke2ControllerManager/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/Chart.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/Chart.yaml deleted file mode 100644 index a28987c..0000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: v0.1.5-rancher2 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -kubeVersion: '>=1.26.0-0' -name: rke2ControllerManager -type: application -version: 0.1.5-rancher2 diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/README.md b/charts/rancher-monitoring/charts/rke2ControllerManager/README.md deleted file mode 100644 index 345002f..0000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rke2ControllerManager/templates/_helpers.tpl deleted file mode 100644 index 1ba5093..0000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- if .Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- $metricRelabelings := list }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- $metricRelabelings = append $metricRelabelings $clusterIdRelabel }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- $metricRelabelings = append $metricRelabelings $clusterNameRelabel }} -{{- end }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $setHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c3..0000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb3..0000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe609..0000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6..0000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb221..0000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2f..0000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d..0000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/values.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/values.yaml deleted file mode 100644 index 168d86c..0000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.5-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.5-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rke2Etcd/.helmignore b/charts/rancher-monitoring/charts/rke2Etcd/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rke2Etcd/Chart.yaml b/charts/rancher-monitoring/charts/rke2Etcd/Chart.yaml deleted file mode 100644 index 2c22008..0000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: v0.1.5-rancher2 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -kubeVersion: '>=1.26.0-0' -name: rke2Etcd -type: application -version: 0.1.5-rancher2 diff --git a/charts/rancher-monitoring/charts/rke2Etcd/README.md b/charts/rancher-monitoring/charts/rke2Etcd/README.md deleted file mode 100644 index 345002f..0000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rke2Etcd/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rke2Etcd/templates/_helpers.tpl deleted file mode 100644 index 1ba5093..0000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- if .Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- $metricRelabelings := list }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- $metricRelabelings = append $metricRelabelings $clusterIdRelabel }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- $metricRelabelings = append $metricRelabelings $clusterNameRelabel }} -{{- end }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $setHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c3..0000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb3..0000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe609..0000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6..0000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb221..0000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Etcd/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rke2Etcd/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2f..0000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2Etcd/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rke2Etcd/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d..0000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Etcd/values.yaml b/charts/rancher-monitoring/charts/rke2Etcd/values.yaml deleted file mode 100644 index 168d86c..0000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.5-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.5-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/.helmignore b/charts/rancher-monitoring/charts/rke2IngressNginx/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/Chart.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/Chart.yaml deleted file mode 100644 index 0084f25..0000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: v0.1.5-rancher2 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -kubeVersion: '>=1.26.0-0' -name: rke2IngressNginx -type: application -version: 0.1.5-rancher2 diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/README.md b/charts/rancher-monitoring/charts/rke2IngressNginx/README.md deleted file mode 100644 index 345002f..0000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rke2IngressNginx/templates/_helpers.tpl deleted file mode 100644 index 1ba5093..0000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- if .Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- $metricRelabelings := list }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- $metricRelabelings = append $metricRelabelings $clusterIdRelabel }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- $metricRelabelings = append $metricRelabelings $clusterNameRelabel }} -{{- end }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $setHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c3..0000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb3..0000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe609..0000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6..0000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb221..0000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2f..0000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d..0000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/values.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/values.yaml deleted file mode 100644 index 168d86c..0000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.5-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.5-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rke2Proxy/.helmignore b/charts/rancher-monitoring/charts/rke2Proxy/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rke2Proxy/Chart.yaml b/charts/rancher-monitoring/charts/rke2Proxy/Chart.yaml deleted file mode 100644 index 047c4bc..0000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: v0.1.5-rancher2 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -kubeVersion: '>=1.26.0-0' -name: rke2Proxy -type: application -version: 0.1.5-rancher2 diff --git a/charts/rancher-monitoring/charts/rke2Proxy/README.md b/charts/rancher-monitoring/charts/rke2Proxy/README.md deleted file mode 100644 index 345002f..0000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rke2Proxy/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rke2Proxy/templates/_helpers.tpl deleted file mode 100644 index 1ba5093..0000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- if .Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- $metricRelabelings := list }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- $metricRelabelings = append $metricRelabelings $clusterIdRelabel }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- $metricRelabelings = append $metricRelabelings $clusterNameRelabel }} -{{- end }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $setHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c3..0000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb3..0000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe609..0000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6..0000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb221..0000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Proxy/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rke2Proxy/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2f..0000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2Proxy/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rke2Proxy/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d..0000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Proxy/values.yaml b/charts/rancher-monitoring/charts/rke2Proxy/values.yaml deleted file mode 100644 index 168d86c..0000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.5-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.5-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/.helmignore b/charts/rancher-monitoring/charts/rke2Scheduler/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/Chart.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/Chart.yaml deleted file mode 100644 index 685790e..0000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: v0.1.5-rancher2 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -kubeVersion: '>=1.26.0-0' -name: rke2Scheduler -type: application -version: 0.1.5-rancher2 diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/README.md b/charts/rancher-monitoring/charts/rke2Scheduler/README.md deleted file mode 100644 index 345002f..0000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rke2Scheduler/templates/_helpers.tpl deleted file mode 100644 index 1ba5093..0000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- if .Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- $metricRelabelings := list }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- $metricRelabelings = append $metricRelabelings $clusterIdRelabel }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- $metricRelabelings = append $metricRelabelings $clusterNameRelabel }} -{{- end }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $setHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c3..0000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb3..0000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe609..0000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6..0000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb221..0000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2f..0000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d..0000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/values.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/values.yaml deleted file mode 100644 index 168d86c..0000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.5-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.5-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/.helmignore b/charts/rancher-monitoring/charts/rkeControllerManager/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/Chart.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/Chart.yaml deleted file mode 100644 index 71c6821..0000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: v0.1.5-rancher2 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -kubeVersion: '>=1.26.0-0' -name: rkeControllerManager -type: application -version: 0.1.5-rancher2 diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/README.md b/charts/rancher-monitoring/charts/rkeControllerManager/README.md deleted file mode 100644 index 345002f..0000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rkeControllerManager/templates/_helpers.tpl deleted file mode 100644 index 1ba5093..0000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- if .Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- $metricRelabelings := list }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- $metricRelabelings = append $metricRelabelings $clusterIdRelabel }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- $metricRelabelings = append $metricRelabelings $clusterNameRelabel }} -{{- end }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $setHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c3..0000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb3..0000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe609..0000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6..0000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb221..0000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2f..0000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d..0000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/values.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/values.yaml deleted file mode 100644 index 168d86c..0000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.5-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.5-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rkeEtcd/.helmignore b/charts/rancher-monitoring/charts/rkeEtcd/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rkeEtcd/Chart.yaml b/charts/rancher-monitoring/charts/rkeEtcd/Chart.yaml deleted file mode 100644 index fa5a1e7..0000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: v0.1.5-rancher2 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -kubeVersion: '>=1.26.0-0' -name: rkeEtcd -type: application -version: 0.1.5-rancher2 diff --git a/charts/rancher-monitoring/charts/rkeEtcd/README.md b/charts/rancher-monitoring/charts/rkeEtcd/README.md deleted file mode 100644 index 345002f..0000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rkeEtcd/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rkeEtcd/templates/_helpers.tpl deleted file mode 100644 index 1ba5093..0000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- if .Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- $metricRelabelings := list }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- $metricRelabelings = append $metricRelabelings $clusterIdRelabel }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- $metricRelabelings = append $metricRelabelings $clusterNameRelabel }} -{{- end }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $setHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c3..0000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb3..0000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe609..0000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6..0000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb221..0000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeEtcd/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rkeEtcd/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2f..0000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeEtcd/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rkeEtcd/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d..0000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeEtcd/values.yaml b/charts/rancher-monitoring/charts/rkeEtcd/values.yaml deleted file mode 100644 index 168d86c..0000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.5-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.5-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/.helmignore b/charts/rancher-monitoring/charts/rkeIngressNginx/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/Chart.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/Chart.yaml deleted file mode 100644 index 98f1768..0000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: v0.1.5-rancher2 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -kubeVersion: '>=1.26.0-0' -name: rkeIngressNginx -type: application -version: 0.1.5-rancher2 diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/README.md b/charts/rancher-monitoring/charts/rkeIngressNginx/README.md deleted file mode 100644 index 345002f..0000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rkeIngressNginx/templates/_helpers.tpl deleted file mode 100644 index 1ba5093..0000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- if .Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- $metricRelabelings := list }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- $metricRelabelings = append $metricRelabelings $clusterIdRelabel }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- $metricRelabelings = append $metricRelabelings $clusterNameRelabel }} -{{- end }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $setHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c3..0000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb3..0000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe609..0000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6..0000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb221..0000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2f..0000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d..0000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/values.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/values.yaml deleted file mode 100644 index 168d86c..0000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.5-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.5-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rkeProxy/.helmignore b/charts/rancher-monitoring/charts/rkeProxy/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/rancher-monitoring/charts/rkeProxy/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rkeProxy/Chart.yaml b/charts/rancher-monitoring/charts/rkeProxy/Chart.yaml deleted file mode 100644 index 51f001f..0000000 --- a/charts/rancher-monitoring/charts/rkeProxy/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: v0.1.5-rancher2 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -kubeVersion: '>=1.26.0-0' -name: rkeProxy -type: application -version: 0.1.5-rancher2 diff --git a/charts/rancher-monitoring/charts/rkeProxy/README.md b/charts/rancher-monitoring/charts/rkeProxy/README.md deleted file mode 100644 index 345002f..0000000 --- a/charts/rancher-monitoring/charts/rkeProxy/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rkeProxy/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rkeProxy/templates/_helpers.tpl deleted file mode 100644 index 1ba5093..0000000 --- a/charts/rancher-monitoring/charts/rkeProxy/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- if .Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- $metricRelabelings := list }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- $metricRelabelings = append $metricRelabelings $clusterIdRelabel }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- $metricRelabelings = append $metricRelabelings $clusterNameRelabel }} -{{- end }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $setHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c3..0000000 --- a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb3..0000000 --- a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe609..0000000 --- a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6..0000000 --- a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb221..0000000 --- a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeProxy/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rkeProxy/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2f..0000000 --- a/charts/rancher-monitoring/charts/rkeProxy/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeProxy/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rkeProxy/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d..0000000 --- a/charts/rancher-monitoring/charts/rkeProxy/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeProxy/values.yaml b/charts/rancher-monitoring/charts/rkeProxy/values.yaml deleted file mode 100644 index 168d86c..0000000 --- a/charts/rancher-monitoring/charts/rkeProxy/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.5-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.5-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rkeScheduler/.helmignore b/charts/rancher-monitoring/charts/rkeScheduler/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rkeScheduler/Chart.yaml b/charts/rancher-monitoring/charts/rkeScheduler/Chart.yaml deleted file mode 100644 index 8966e2b..0000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: v0.1.5-rancher2 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -kubeVersion: '>=1.26.0-0' -name: rkeScheduler -type: application -version: 0.1.5-rancher2 diff --git a/charts/rancher-monitoring/charts/rkeScheduler/README.md b/charts/rancher-monitoring/charts/rkeScheduler/README.md deleted file mode 100644 index 345002f..0000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rkeScheduler/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rkeScheduler/templates/_helpers.tpl deleted file mode 100644 index 1ba5093..0000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- if .Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- $metricRelabelings := list }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- $metricRelabelings = append $metricRelabelings $clusterIdRelabel }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- $metricRelabelings = append $metricRelabelings $clusterNameRelabel }} -{{- end }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $setHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c3..0000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb3..0000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe609..0000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6..0000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb221..0000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeScheduler/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rkeScheduler/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2f..0000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeScheduler/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rkeScheduler/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d..0000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeScheduler/values.yaml b/charts/rancher-monitoring/charts/rkeScheduler/values.yaml deleted file mode 100644 index 168d86c..0000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.5-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.37.0 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.5-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/windowsExporter/.helmignore b/charts/rancher-monitoring/charts/windowsExporter/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/charts/rancher-monitoring/charts/windowsExporter/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-monitoring/charts/windowsExporter/scripts/configure-firewall.ps1 b/charts/rancher-monitoring/charts/windowsExporter/scripts/configure-firewall.ps1 deleted file mode 100644 index 9cbed71..0000000 --- a/charts/rancher-monitoring/charts/windowsExporter/scripts/configure-firewall.ps1 +++ /dev/null @@ -1,31 +0,0 @@ -$ErrorActionPreference = 'Continue' - -function CheckFirewallRuleError { - # We hit an error. This can happen for a number of reasons, including if the rule already exists - if ($error[0]) { - if (($error[0].Exception.NativeErrorCode) -and ($error[0].Exception.NativeErrorCode.ToString() -eq "AlreadyExists")) { - # Previous versions of monitoring may have already created this Firewall Rule - # Because of this, if the rule alreadys exists there is no need to delete and recreate it. - Write-Host "Detected Existing Firewall Rule, Nothing To Do" - } else { - Write-Host "Error Encountered Setting Up Required Firewall Rule" - $error[0].Exception - exit 1 - } - } -} - -Write-Host "Attempting To Configure Firewall Rules For Ports 9796, 10250" - -# This is the exact same firewall rule that has historically been created by rancher-wins -# https://github.com/rancher/wins/blob/91f670c47f19c6d9fe97d8f66a695d3081ad994f/pkg/apis/process_service_mgmt.go#L149 -New-NetFirewallRule -DisplayName rancher-wins-windows-exporter-TCP-9796 -Name rancher-wins-windows-exporter-TCP-9796 -Action Allow -Protocol TCP -LocalPort 9796 -Enabled True -PolicyStore ActiveStore -CheckFirewallRuleError -Write-Host "Windows Node Exporter Firewall Rule Successfully Created" - -# This rule is required in order to have the Rancher UI display node metrics in the 'Nodes' tab of the cluster explorer -New-NetFirewallRule -DisplayName rancher-wins-windows-exporter-TCP-10250 -Name rancher-wins-windows-exporter-TCP-10250 -Action Allow -Protocol TCP -LocalPort 10250 -Enabled True -PolicyStore ActiveStore -CheckFirewallRuleError -Write-Host "Windows Prometheus Metrics Firewall Rule Successfully Created" - -Write-Host "All Firewall Rules Successfully Configured" diff --git a/charts/rancher-monitoring/charts/windowsExporter/templates/scriptConfig.yaml b/charts/rancher-monitoring/charts/windowsExporter/templates/scriptConfig.yaml deleted file mode 100644 index f514c81..0000000 --- a/charts/rancher-monitoring/charts/windowsExporter/templates/scriptConfig.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "prometheus-windows-exporter.fullname" . }}-scripts - namespace: {{ include "prometheus-windows-exporter.namespace" . }} - labels: - {{- include "windowsExporter.labels" $ | nindent 4 }} - {{- with .Values.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -data: -{{ (.Files.Glob "scripts/*").AsConfig | indent 2 }} - diff --git a/charts/rancher-monitoring/files/ingress-nginx/nginx.json b/charts/rancher-monitoring/files/ingress-nginx/nginx.json deleted file mode 100644 index 5653522..0000000 --- a/charts/rancher-monitoring/files/ingress-nginx/nginx.json +++ /dev/null @@ -1,1445 +0,0 @@ -{ - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - }, - { - "datasource": "$datasource", - "enable": true, - "expr": "sum(changes(nginx_ingress_controller_config_last_reload_successful_timestamp_seconds{instance!=\"unknown\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[30s])) by (controller_class)", - "hide": false, - "iconColor": "rgba(255, 96, 96, 1)", - "limit": 100, - "name": "Config Reloads", - "showIn": 0, - "step": "30s", - "tagKeys": "controller_class", - "tags": [], - "titleFormat": "Config Reloaded", - "type": "tags" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "iteration": 1534359654832, - "links": [], - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "$datasource", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 0 - }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[2m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Controller Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 0 - }, - "id": 82, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(avg_over_time(nginx_ingress_controller_nginx_process_connections{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",state=\"active\"}[2m]))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Controller Connections", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "$datasource", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 0 - }, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",status!~\"[4-5].*\"}[2m])) / sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[2m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "95, 99, 99.5", - "title": "Controller Success Rate (non-4|5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "$datasource", - "decimals": 0, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 3, - "x": 18, - "y": 0 - }, - "id": 81, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "avg(irate(nginx_ingress_controller_success{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[1m])) * 60", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Config Reloads", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "total" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "$datasource", - "decimals": 0, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 3, - "x": 21, - "y": 0 - }, - "id": 83, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "count(nginx_ingress_controller_config_last_reload_successful{controller_pod=~\"$controller\",controller_namespace=~\"$namespace\"} == 0)", - "format": "time_series", - "instant": true, - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Last Config Failed", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": 2, - "editable": true, - "error": false, - "fill": 1, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 3 - }, - "height": "200px", - "id": 86, - "isNew": true, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": false, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": 300, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "repeatDirection": "h", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress), 0.001)", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "metric": "network", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Ingress Request Volume", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "transparent": false, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "max - istio-proxy": "#890f02", - "max - master": "#bf1b00", - "max - prometheus": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": 2, - "editable": false, - "error": false, - "fill": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 3 - }, - "id": 87, - "isNew": true, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": 300, - "sort": "avg", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",ingress=~\"$ingress\",status!~\"[4-5].*\"}[2m])) by (ingress) / sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", - "format": "time_series", - "instant": false, - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "metric": "container_memory_usage:sort_desc", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Ingress Success Rate (non-4|5xx responses)", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 1, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": 2, - "editable": true, - "error": false, - "fill": 1, - "grid": {}, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 10 - }, - "height": "200px", - "id": 32, - "isNew": true, - "legend": { - "alignAsTable": false, - "avg": true, - "current": true, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": 200, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum (irate (nginx_ingress_controller_request_size_sum{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m]))", - "format": "time_series", - "instant": false, - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "Received", - "metric": "network", - "refId": "A", - "step": 10 - }, - { - "expr": "- sum (irate (nginx_ingress_controller_response_size_sum{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m]))", - "format": "time_series", - "hide": false, - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "Sent", - "metric": "network", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Network I/O pressure", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "transparent": false, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "max - istio-proxy": "#890f02", - "max - master": "#bf1b00", - "max - prometheus": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": 2, - "editable": false, - "error": false, - "fill": 0, - "grid": {}, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 10 - }, - "id": 77, - "isNew": true, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": 200, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "avg(nginx_ingress_controller_nginx_process_resident_memory_bytes{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}) ", - "format": "time_series", - "instant": false, - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "nginx", - "metric": "container_memory_usage:sort_desc", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Average Memory Usage", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "max - istio-proxy": "#890f02", - "max - master": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": 3, - "editable": false, - "error": false, - "fill": 0, - "grid": {}, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 10 - }, - "height": "", - "id": 79, - "isNew": true, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sort": null, - "sortDesc": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "avg (rate (nginx_ingress_controller_nginx_process_cpu_seconds_total{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m])) ", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "nginx", - "metric": "container_cpu", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - { - "colorMode": "critical", - "fill": true, - "line": true, - "op": "gt" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Average CPU Usage", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "transparent": false, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": "cores", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "columns": [], - "datasource": "$datasource", - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 16 - }, - "hideTimeOverride": false, - "id": 75, - "links": [], - "pageSize": 7, - "repeat": null, - "repeatDirection": "h", - "scroll": true, - "showHeader": true, - "sort": { - "col": 1, - "desc": true - }, - "styles": [ - { - "alias": "Ingress", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "ingress", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "Requests", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "ops" - }, - { - "alias": "Errors", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "link": false, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "dtdurations" - }, - { - "alias": "P90 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "dtdurations" - }, - { - "alias": "P99 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "dtdurations" - }, - { - "alias": "IN", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - "" - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "OUT", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #G", - "thresholds": [], - "type": "number", - "unit": "Bps" - } - ], - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "refId": "D" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "E" - }, - { - "expr": "sum(irate(nginx_ingress_controller_request_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "refId": "F" - }, - { - "expr": "sum(irate(nginx_ingress_controller_response_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", - "format": "table", - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "refId": "G" - } - ], - "timeFrom": null, - "title": "Ingress Percentile Response Times and Transfer Rates", - "transform": "table", - "transparent": false, - "type": "table" - }, - { - "columns": [ - { - "text": "Current", - "value": "current" - } - ], - "datasource": "$datasource", - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 24 - }, - "height": "1024", - "id": 85, - "links": [], - "pageSize": 7, - "scroll": true, - "showHeader": true, - "sort": { - "col": 1, - "desc": false - }, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" - }, - { - "alias": "TTL", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "pattern": "Current", - "thresholds": [ - "0", - "691200" - ], - "type": "number", - "unit": "s" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "avg(nginx_ingress_controller_ssl_expire_time_seconds{kubernetes_pod_name=~\"$controller\",namespace=~\"$namespace\",ingress=~\"$ingress\"}) by (host) - time()", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ host }}", - "metric": "gke_letsencrypt_cert_expiration", - "refId": "A", - "step": 1 - } - ], - "title": "Ingress Certificate Expiry", - "transform": "timeseries_aggregations", - "type": "table" - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [ - "nginx" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": ".*", - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": "label_values(nginx_ingress_controller_config_hash, controller_namespace)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".*", - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": "Controller Class", - "multi": false, - "name": "controller_class", - "options": [], - "query": "label_values(nginx_ingress_controller_config_hash{namespace=~\"$namespace\"}, controller_class) ", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".*", - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": "Controller", - "multi": false, - "name": "controller", - "options": [], - "query": "label_values(nginx_ingress_controller_config_hash{namespace=~\"$namespace\",controller_class=~\"$controller_class\"}, controller_pod) ", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".*", - "current": { - "tags": [], - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": "Ingress", - "multi": false, - "name": "ingress", - "options": [], - "query": "label_values(nginx_ingress_controller_requests{namespace=~\"$namespace\",controller_class=~\"$controller_class\",controller_pod=~\"$controller\"}, ingress) ", - "refresh": 1, - "regex": "", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "2m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "NGINX / Ingress Controller", - "uid": "nginx", - "version": 1 -} \ No newline at end of file diff --git a/charts/rancher-monitoring/files/ingress-nginx/request-handling-performance.json b/charts/rancher-monitoring/files/ingress-nginx/request-handling-performance.json deleted file mode 100644 index 156e331..0000000 --- a/charts/rancher-monitoring/files/ingress-nginx/request-handling-performance.json +++ /dev/null @@ -1,963 +0,0 @@ -{ - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "gnetId": 9614, - "graphTooltip": 1, - "id": null, - "iteration": 1582146566338, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "Total time taken for nginx and upstream servers to process a request and send a response", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 91, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(\n 0.5,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", - "interval": "", - "legendFormat": ".5", - "refId": "D" - }, - { - "expr": "histogram_quantile(\n 0.95,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", - "interval": "", - "legendFormat": ".95", - "refId": "B" - }, - { - "expr": "histogram_quantile(\n 0.99,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", - "interval": "", - "legendFormat": ".99", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Total request handling time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "The time spent on receiving the response from the upstream server", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 0 - }, - "hiddenSeries": false, - "id": 94, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(\n 0.5,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": ".5", - "refId": "D" - }, - { - "expr": "histogram_quantile(\n 0.95,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", - "interval": "", - "legendFormat": ".95", - "refId": "B" - }, - { - "expr": "histogram_quantile(\n 0.99,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", - "interval": "", - "legendFormat": ".99", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Upstream response time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 8 - }, - "hiddenSeries": false, - "id": 93, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": " sum by (path)(\n rate(\n nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ path }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request volume by Path", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "For each path observed, its median upstream response time", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 8 - }, - "hiddenSeries": false, - "id": 98, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(\n .5,\n sum by (le, path)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ path }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Median upstream response time by Path", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "Percentage of 4xx and 5xx responses among all responses.", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 16 - }, - "hiddenSeries": false, - "id": 100, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null as zero", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (path) (rate(nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n status =~ \"[4-5].*\"\n}[1m])) / sum by (path) (rate(nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n}[1m]))", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ path }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Response error rate by Path", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "For each path observed, the sum of upstream request time", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 16 - }, - "hiddenSeries": false, - "id": 102, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (path) (rate(nginx_ingress_controller_response_duration_seconds_sum{ingress =~ \"$ingress\"}[1m]))", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ path }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Upstream time consumed by Path", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 24 - }, - "hiddenSeries": false, - "id": 101, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": " sum (\n rate(\n nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n status =~\"[4-5].*\",\n }[1m]\n )\n ) by(path, status)\n", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ path }} {{ status }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Response error volume by Path", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 24 - }, - "hiddenSeries": false, - "id": 99, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum (\n rate (\n nginx_ingress_controller_response_size_sum {\n ingress =~ \"$ingress\",\n }[1m]\n )\n) by (path) / sum (\n rate(\n nginx_ingress_controller_response_size_count {\n ingress =~ \"$ingress\",\n }[1m]\n )\n) by (path)\n", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ path }}", - "refId": "D" - }, - { - "expr": " sum (rate(nginx_ingress_controller_response_size_bucket{\n ingress =~ \"$ingress\",\n }[1m])) by (le)\n", - "hide": true, - "legendFormat": "{{le}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Average response size by Path", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 32 - }, - "hiddenSeries": false, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum (\n rate(\n nginx_ingress_controller_ingress_upstream_latency_seconds_sum {\n ingress =~ \"$ingress\",\n }[1m]\n)) / sum (\n rate(\n nginx_ingress_controller_ingress_upstream_latency_seconds_count {\n ingress =~ \"$ingress\",\n }[1m]\n )\n)\n", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "average", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Upstream service latency", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "30s", - "schemaVersion": 22, - "style": "dark", - "tags": [ - "nginx" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": ".*", - "current": {}, - "datasource": "$datasource", - "definition": "label_values(nginx_ingress_controller_requests, ingress) ", - "hide": 0, - "includeAll": true, - "label": "Service Ingress", - "multi": false, - "name": "ingress", - "options": [], - "query": "label_values(nginx_ingress_controller_requests, ingress) ", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-15m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "2m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "NGINX / Request Handling Performance", - "uid": "4GFbkOsZk", - "version": 1 -} diff --git a/charts/rancher-monitoring/files/rancher/cluster/rancher-cluster-nodes.json b/charts/rancher-monitoring/files/rancher/cluster/rancher-cluster-nodes.json deleted file mode 100644 index d1cc3b7..0000000 --- a/charts/rancher-monitoring/files/rancher/cluster/rancher-cluster-nodes.json +++ /dev/null @@ -1,793 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 28, - "links": [], - "panels": [ - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "{{instance}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Load[5m] ({{instance}})" - }, - "properties": [] - } - ] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(node_load1 OR avg_over_time(windows_system_processor_queue_length[1m])) by (instance)", - "interval": "", - "legendFormat": "Load[1m] ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(node_load5 OR avg_over_time(windows_system_processor_queue_length[5m])) by (instance)", - "interval": "", - "legendFormat": "Load[5m] ({{instance}})", - "refId": "B" - }, - { - "expr": "sum(node_load15 OR avg_over_time(windows_system_processor_queue_length[15m])) by (instance)", - "interval": "", - "legendFormat": "Load[15m] ({{instance}})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Load Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - sum(node_memory_MemAvailable_bytes OR windows_os_physical_memory_free_bytes) by (instance) / sum(node_memory_MemTotal_bytes OR windows_cs_physical_memory_bytes) by (instance) ", - "interval": "", - "legendFormat": "{{instance}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance))", - "interval": "", - "legendFormat": "{{instance}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_disk_read_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Read ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(rate(node_disk_written_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Write ({{instance}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 7 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_received_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Receive Errors ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Receive Total ({{instance}})", - "refId": "B" - }, - { - "expr": "sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_outbound_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Transmit Errors ({{instance}})", - "refId": "C" - }, - { - "expr": "sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_received_discarded_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Receive Dropped ({{instance}})", - "refId": "D" - }, - { - "expr": "sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Transmit Dropped ({{instance}})", - "refId": "E" - }, - { - "expr": "sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Transmit Total ({{instance}})", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 14 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Transmit Total ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Receive Total ({{instance}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Cluster (Nodes)", - "uid": "rancher-cluster-nodes-1", - "version": 3 -} diff --git a/charts/rancher-monitoring/files/rancher/cluster/rancher-cluster.json b/charts/rancher-monitoring/files/rancher/cluster/rancher-cluster.json deleted file mode 100644 index ec977f5..0000000 --- a/charts/rancher-monitoring/files/rancher/cluster/rancher-cluster.json +++ /dev/null @@ -1,776 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 28, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[$__rate_interval]))", - "legendFormat": "Total", - "interval": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Load[5m]" - }, - "properties": [] - } - ] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(node_load1 OR avg_over_time(windows_system_processor_queue_length[1m]))", - "interval": "", - "legendFormat": "Load[1m]", - "refId": "A" - }, - { - "expr": "sum(node_load5 OR avg_over_time(windows_system_processor_queue_length[5m]))", - "interval": "", - "legendFormat": "Load[5m]", - "refId": "B" - }, - { - "expr": "sum(node_load15 OR avg_over_time(windows_system_processor_queue_length[15m]))", - "interval": "", - "legendFormat": "Load[15m]", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Load Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - sum(node_memory_MemAvailable_bytes OR windows_os_physical_memory_free_bytes) / sum(node_memory_MemTotal_bytes OR windows_cs_physical_memory_bytes)", - "legendFormat": "Total", - "interval": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}))", - "legendFormat": "Total", - "interval": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_disk_read_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total[$__rate_interval]))", - "interval": "", - "legendFormat": "Read", - "refId": "A" - }, - { - "expr": "sum(rate(node_disk_written_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total[$__rate_interval]))", - "interval": "", - "legendFormat": "Write", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 7 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Receive Errors", - "refId": "A" - }, - { - "expr": "(sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Receive Total", - "refId": "B" - }, - { - "expr": "(sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Transmit Errors", - "refId": "C" - }, - { - "expr": "(sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_discarded_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Receive Dropped", - "refId": "D" - }, - { - "expr": "(sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Transmit Dropped", - "refId": "E" - }, - { - "expr": "(sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Transmit Total", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 14 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", - "interval": "", - "legendFormat": "Transmit Total", - "refId": "A" - }, - { - "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", - "interval": "", - "legendFormat": "Receive Total", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Cluster", - "uid": "rancher-cluster-1", - "version": 3 -} diff --git a/charts/rancher-monitoring/files/rancher/fleet/bundle.json b/charts/rancher-monitoring/files/rancher/fleet/bundle.json deleted file mode 100644 index 698f48a..0000000 --- a/charts/rancher-monitoring/files/rancher/fleet/bundle.json +++ /dev/null @@ -1,246 +0,0 @@ -{ - "description": "Bundle", - "graphTooltip": 1, - "panels": [ - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": "percentunit" - } - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 0, - "y": 0 - }, - "id": 1, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundle_ready{exported_namespace=\"$namespace\",name=~\"$name\"}) / sum(fleet_bundle_desired_ready{exported_namespace=\"$namespace\",name=~\"$name\"})" - } - ], - "title": "Ready Bundles", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 5, - "w": 17, - "x": 7, - "y": 0 - }, - "id": 2, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundle_desired_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Desired Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundle_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundle_not_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Not Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundle_out_of_sync{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Out of Sync" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundle_err_applied{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Err Applied" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundle_modified{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Modified" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundle_pending{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Pending" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundle_wait_applied{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Wait Applied" - } - ], - "title": "Bundles", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 8 - }, - "id": 3, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundle_desired_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Desired Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundle_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundle_not_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Not Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundle_out_of_sync{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Out of Sync" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundle_err_applied{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Err Applied" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundle_modified{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Modified" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundle_pending{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Pending" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundle_wait_applied{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Wait Applied" - } - ], - "title": "Bundles", - "type": "timeseries" - } - ], - "schemaVersion": 39, - "templating": { - "list": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "name": "namespace", - "query": "label_values(fleet_bundle_desired_ready, exported_namespace)", - "refresh": 2, - "type": "query" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "includeAll": true, - "name": "name", - "query": "label_values(fleet_bundle_desired_ready{exported_namespace=~\"$namespace\"}, name)", - "refresh": 2, - "type": "query" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timezone": "utc", - "title": "Fleet / Bundle", - "uid": "fleet-bundle" -} diff --git a/charts/rancher-monitoring/files/rancher/fleet/bundledeployment.json b/charts/rancher-monitoring/files/rancher/fleet/bundledeployment.json deleted file mode 100644 index c81f7a6..0000000 --- a/charts/rancher-monitoring/files/rancher/fleet/bundledeployment.json +++ /dev/null @@ -1,219 +0,0 @@ -{ - "description": "BundleDeployment", - "graphTooltip": 1, - "panels": [ - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": "percentunit" - } - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 0, - "y": 0 - }, - "id": 1, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundledeployment_state{cluster_namespace=~\"$namespace\",state=\"Ready\"}) / sum(fleet_bundledeployment_state{cluster_namespace=~\"$namespace\"})" - } - ], - "title": "Ready BundleDeployments", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 5, - "w": 17, - "x": 7, - "y": 0 - }, - "id": 2, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundledeployment_state{cluster_namespace=~\"$namespace\",state=\"Ready\"})", - "legendFormat": "Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundledeployment_state{cluster_namespace=~\"$namespace\",state=\"NotReady\"})", - "legendFormat": "Not Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundledeployment_state{cluster_namespace=~\"$namespace\",state=\"WaitApplied\"})", - "legendFormat": "Wait Applied" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundledeployment_state{cluster_namespace=~\"$namespace\",state=\"ErrApplied\"})", - "legendFormat": "Err Applied" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundledeployment_state{cluster_namespace=~\"$namespace\",state=\"OutOfSync\"})", - "legendFormat": "OutOfSync" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundledeployment_state{cluster_namespace=~\"$namespace\",state=\"Pending\"})", - "legendFormat": "Pending" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundledeployment_state{cluster_namespace=~\"$namespace\",state=\"Modified\"})", - "legendFormat": "Modified" - } - ], - "title": "BundleDeployments", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 8 - }, - "id": 3, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundledeployment_state{cluster_namespace=~\"$namespace\",state=\"Ready\"})", - "legendFormat": "Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundledeployment_state{cluster_namespace=~\"$namespace\",state=\"NotReady\"})", - "legendFormat": "Not Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundledeployment_state{cluster_namespace=~\"$namespace\",state=\"WaitApplied\"})", - "legendFormat": "Wait Applied" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundledeployment_state{cluster_namespace=~\"$namespace\",state=\"ErrApplied\"})", - "legendFormat": "Err Applied" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundledeployment_state{cluster_namespace=~\"$namespace\",state=\"OutOfSync\"})", - "legendFormat": "OutOfSync" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundledeployment_state{cluster_namespace=~\"$namespace\",state=\"Pending\"})", - "legendFormat": "Pending" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_bundledeployment_state{cluster_namespace=~\"$namespace\",state=\"Modified\"})", - "legendFormat": "Modified" - } - ], - "title": "BundleDeployments", - "type": "timeseries" - } - ], - "schemaVersion": 39, - "templating": { - "list": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "name": "namespace", - "query": "label_values(fleet_bundledeployment_state, cluster_namespace)", - "refresh": 2, - "type": "query" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timezone": "utc", - "title": "Fleet / BundleDeployment", - "uid": "fleet-bundledeployment" -} diff --git a/charts/rancher-monitoring/files/rancher/fleet/cluster.json b/charts/rancher-monitoring/files/rancher/fleet/cluster.json deleted file mode 100644 index 73bdea4..0000000 --- a/charts/rancher-monitoring/files/rancher/fleet/cluster.json +++ /dev/null @@ -1,484 +0,0 @@ -{ - "description": "Cluster", - "graphTooltip": 1, - "panels": [ - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": "percentunit" - } - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 0, - "y": 0 - }, - "id": 1, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_ready_git_repos{exported_namespace=\"$namespace\",name=~\"$name\"}) / sum(fleet_cluster_desired_ready_git_repos{exported_namespace=\"$namespace\",name=~\"$name\"})" - } - ], - "title": "Ready Git Repos", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 5, - "w": 17, - "x": 7, - "y": 0 - }, - "id": 2, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_desired_ready_git_repos{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Desired Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_ready_git_repos{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Ready" - } - ], - "title": "Git Repos", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 8 - }, - "id": 3, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_desired_ready_git_repos{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Desired Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_ready_git_repos{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Ready" - } - ], - "title": "Git Repos", - "type": "timeseries" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": "percentunit" - } - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 0, - "y": 13 - }, - "id": 4, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_resources_count_ready{exported_namespace=\"$namespace\",name=~\"$name\"}) / sum(fleet_cluster_resources_count_desiredready{exported_namespace=\"$namespace\",name=~\"$name\"})" - } - ], - "title": "Ready Resources", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 5, - "w": 17, - "x": 7, - "y": 13 - }, - "id": 5, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_resources_count_desiredready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Desired Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_resources_count_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_resources_count_notready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Not Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_resources_count_missing{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Missing" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_resources_count_modified{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Modified" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_resources_count_unknown{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Unknown" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_resources_count_orphaned{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Orphaned" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_resources_count_waitapplied{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Wait Applied" - } - ], - "title": "Resources", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 21 - }, - "id": 6, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_resources_count_desiredready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Desired Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_resources_count_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_resources_count_notready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Not Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_resources_count_missing{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Missing" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_resources_count_modified{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Modified" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_resources_count_unknown{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Unknown" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_resources_count_orphaned{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Orphaned" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_resources_count_waitapplied{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Wait Applied" - } - ], - "title": "Resources", - "type": "timeseries" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": "percentunit" - } - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 0, - "y": 26 - }, - "id": 7, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_state{exported_namespace=\"$namespace\",name=~\"$name\",state=\"Ready\"}) / sum(fleet_cluster_state{exported_namespace=\"$namespace\",name=~\"$name\"})" - } - ], - "title": "Ready Clusters", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 5, - "w": 17, - "x": 7, - "y": 26 - }, - "id": 8, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_state{exported_namespace=\"$namespace\",name=~\"$name\",state=\"Ready\"})", - "legendFormat": "Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_state{exported_namespace=\"$namespace\",name=~\"$name\",state=\"NotReady\"})", - "legendFormat": "Not Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_state{exported_namespace=\"$namespace\",name=~\"$name\",state=\"WaitCheckIn\"})", - "legendFormat": "Wait Check In" - } - ], - "title": "Clusters", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 9, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_state{exported_namespace=\"$namespace\",name=~\"$name\",state=\"Ready\"})", - "legendFormat": "Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_state{exported_namespace=\"$namespace\",name=~\"$name\",state=\"NotReady\"})", - "legendFormat": "Not Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_state{exported_namespace=\"$namespace\",name=~\"$name\",state=\"WaitCheckIn\"})", - "legendFormat": "Wait Check In" - } - ], - "title": "Clusters", - "type": "timeseries" - } - ], - "schemaVersion": 39, - "templating": { - "list": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "name": "namespace", - "query": "label_values(fleet_cluster_desired_ready_git_repos, exported_namespace)", - "refresh": 2, - "type": "query" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "includeAll": true, - "name": "name", - "query": "label_values(fleet_cluster_desired_ready_git_repos{exported_namespace=~\"$namespace\"}, name)", - "refresh": 2, - "type": "query" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timezone": "utc", - "title": "Fleet / Cluster", - "uid": "fleet-cluster" -} diff --git a/charts/rancher-monitoring/files/rancher/fleet/clustergroup.json b/charts/rancher-monitoring/files/rancher/fleet/clustergroup.json deleted file mode 100644 index ce3df87..0000000 --- a/charts/rancher-monitoring/files/rancher/fleet/clustergroup.json +++ /dev/null @@ -1,468 +0,0 @@ -{ - "description": "ClusterGroup", - "graphTooltip": 1, - "panels": [ - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": "percentunit" - } - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 0, - "y": 0 - }, - "id": 1, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_bundle_ready{exported_namespace=\"$namespace\",name=~\"$name\"}) / sum(fleet_cluster_group_bundle_desired_ready{exported_namespace=\"$namespace\",name=~\"$name\"})" - } - ], - "title": "Ready Bundles", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 5, - "w": 17, - "x": 7, - "y": 0 - }, - "id": 2, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_bundle_desired_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Desired Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_bundle_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Ready" - } - ], - "title": "Bundles", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 8 - }, - "id": 3, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_bundle_desired_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Desired Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_bundle_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Ready" - } - ], - "title": "Bundles", - "type": "timeseries" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": "percentunit" - } - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 0, - "y": 13 - }, - "id": 4, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "(sum(fleet_cluster_group_cluster_count{exported_namespace=\"$namespace\",name=~\"$name\"}) - sum(fleet_cluster_group_non_ready_cluster_count{exported_namespace=\"$namespace\",name=~\"$name\"})) / sum(fleet_cluster_group_cluster_count{exported_namespace=\"$namespace\",name=~\"$name\"})" - } - ], - "title": "Ready Clusters", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 5, - "w": 17, - "x": 7, - "y": 13 - }, - "id": 5, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_cluster_count{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Total" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_non_ready_cluster_count{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Non Ready" - } - ], - "title": "Clusters", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 21 - }, - "id": 6, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_cluster_count{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Total" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_non_ready_cluster_count{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Non Ready" - } - ], - "title": "Clusters", - "type": "timeseries" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": "percentunit" - } - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 0, - "y": 26 - }, - "id": 7, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_resource_count_ready{exported_namespace=\"$namespace\",name=~\"$name\"}) / sum(fleet_cluster_group_resource_count_desired_ready{exported_namespace=\"$namespace\",name=~\"$name\"})" - } - ], - "title": "Ready Resources", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 5, - "w": 17, - "x": 7, - "y": 26 - }, - "id": 8, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_resource_count_desired_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Desired Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_resource_count_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_resource_count_notready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Not Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_resource_count_missing{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Missing" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_resource_count_modified{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Modified" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_resource_count_orphaned{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Orphaned" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_resource_count_unknown{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Unknown" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_resource_count_waitapplied{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Wait Applied" - } - ], - "title": "Resources", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 9, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_resource_count_desired_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Desired Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_resource_count_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_resource_count_notready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Not Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_resource_count_missing{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Missing" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_resource_count_modified{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Modified" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_resource_count_orphaned{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Orphaned" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_resource_count_unknown{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Unknown" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_cluster_group_resource_count_waitapplied{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Wait Applied" - } - ], - "title": "Resources", - "type": "timeseries" - } - ], - "schemaVersion": 39, - "templating": { - "list": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "name": "namespace", - "query": "label_values(fleet_cluster_group_bundle_desired_ready, exported_namespace)", - "refresh": 2, - "type": "query" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "includeAll": true, - "name": "name", - "query": "label_values(fleet_cluster_group_bundle_desired_ready{exported_namespace=~\"$namespace\"}, name)", - "refresh": 2, - "type": "query" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timezone": "utc", - "title": "Fleet / ClusterGroup", - "uid": "fleet-cluster-group" -} diff --git a/charts/rancher-monitoring/files/rancher/fleet/controller-runtime.json b/charts/rancher-monitoring/files/rancher/fleet/controller-runtime.json deleted file mode 100644 index 23a81f2..0000000 --- a/charts/rancher-monitoring/files/rancher/fleet/controller-runtime.json +++ /dev/null @@ -1,454 +0,0 @@ -{ - "description": "Controller Runtime", - "graphTooltip": 1, - "panels": [ - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 1, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "controller_runtime_active_workers{job=\"$job\", namespace=\"$namespace\"}", - "legendFormat": "{{controller}} {{instance}}" - } - ], - "title": "Number of Workers in Use", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": null, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 8 - }, - "id": 2, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(rate(controller_runtime_reconcile_errors_total{job=\"$job\", namespace=\"$namespace\"}[5m])) by (instance, pod)", - "legendFormat": "{{instance}} {{pod}}" - } - ], - "title": "Reconciliation Error Count per Controller", - "type": "timeseries" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": null, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 16 - }, - "id": 3, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(rate(controller_runtime_reconcile_total{job=\"$job\", namespace=\"$namespace\"}[5m])) by (instance, pod)", - "legendFormat": "{{instance}} {{pod}}" - } - ], - "title": "Total Reconciliation Count per Controller", - "type": "timeseries" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 24 - }, - "id": 4, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "workqueue_depth{job=\"$job\", namespace=\"$namespace\"}", - "legendFormat": "{{instance}} {{pod}}" - } - ], - "title": "WorkQueue Depth", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": null, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 5, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "histogram_quantile(0.50, sum(rate(workqueue_queue_duration_seconds_bucket{job=\"$job\", namespace=\"$namespace\"}[5m])) by (instance, name, le))", - "legendFormat": "P50 {{name}}" - } - ], - "title": "Seconds for Items Stay in Queue (before being requested) P50", - "type": "timeseries" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": null, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 40 - }, - "id": 6, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "histogram_quantile(0.90, sum(rate(workqueue_queue_duration_seconds_bucket{job=\"$job\", namespace=\"$namespace\"}[5m])) by (instance, name, le))", - "legendFormat": "P90 {{name}}" - } - ], - "title": "Seconds for Items Stay in Queue (before being requested) P90", - "type": "timeseries" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": null, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 48 - }, - "id": 7, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{job=\"$job\", namespace=\"$namespace\"}[5m])) by (instance, name, le))", - "legendFormat": "P99 {{name}}" - } - ], - "title": "Seconds for Items Stay in Queue (before being requested) P99", - "type": "timeseries" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": null, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 56 - }, - "id": 8, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(rate(workqueue_adds_total{job=\"$job\", namespace=\"$namespace\"}[2m])) by (instance, name)", - "legendFormat": "{{name}} {{instance}}" - } - ], - "title": "Work Queue Add Rate", - "type": "timeseries" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": null, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 64 - }, - "id": 9, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "rate(workqueue_unfinished_work_seconds{job=\"$job\", namespace=\"$namespace\"}[5m])", - "legendFormat": "{{name}} {{instance}}" - } - ], - "title": "Unfinished Seconds", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": null, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 72 - }, - "id": 10, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "histogram_quantile(0.50, sum(rate(workqueue_work_duration_seconds_bucket{job=\"$job\", namespace=\"$namespace\"}[5m])) by (instance, name, le))", - "legendFormat": "P50 {{name}}" - } - ], - "title": "Seconds Processing Items from WorkQueue - 50th Percentile", - "type": "timeseries" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": null, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 80 - }, - "id": 11, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "histogram_quantile(0.90, sum(rate(workqueue_work_duration_seconds_bucket{job=\"$job\", namespace=\"$namespace\"}[5m])) by (instance, name, le))", - "legendFormat": "P90 {{name}}" - } - ], - "title": "Seconds Processing Items from WorkQueue - 90th Percentile", - "type": "timeseries" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": null, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 88 - }, - "id": 12, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "histogram_quantile(0.99, sum(rate(workqueue_work_duration_seconds_bucket{job=\"$job\", namespace=\"$namespace\"}[5m])) by (instance, name, le))", - "legendFormat": "P99 {{name}}" - } - ], - "title": "Seconds Processing Items from WorkQueue - 99th Percentile", - "type": "timeseries" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": null, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 96 - }, - "id": 13, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(rate(workqueue_retries_total{job=\"$job\", namespace=\"$namespace\"}[5m])) by (instance, name)", - "legendFormat": "{{name}} {{instance}}" - } - ], - "title": "Work Queue Retries Rate", - "type": "timeseries" - } - ], - "schemaVersion": 39, - "templating": { - "list": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "name": "namespace", - "query": "label_values(controller_runtime_reconcile_total, namespace)", - "refresh": 2, - "type": "query" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "name": "job", - "query": "label_values(controller_runtime_reconcile_total{namespace=~\"$namespace\"}, job)", - "refresh": 2, - "type": "query" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timezone": "utc", - "title": "Fleet / Controller-Runtime", - "uid": "fleet-controller-runtime" -} diff --git a/charts/rancher-monitoring/files/rancher/fleet/gitrepo.json b/charts/rancher-monitoring/files/rancher/fleet/gitrepo.json deleted file mode 100644 index 1a50c29..0000000 --- a/charts/rancher-monitoring/files/rancher/fleet/gitrepo.json +++ /dev/null @@ -1,325 +0,0 @@ -{ - "description": "GitRepo", - "graphTooltip": 1, - "panels": [ - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": "percentunit" - } - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 0, - "y": 0 - }, - "id": 1, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_ready_clusters{exported_namespace=\"$namespace\",name=~\"$name\"}) / sum(fleet_gitrepo_desired_ready_clusters{exported_namespace=\"$namespace\",name=~\"$name\"})" - } - ], - "title": "Ready Clusters", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 5, - "w": 17, - "x": 7, - "y": 0 - }, - "id": 2, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_desired_ready_clusters{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Desired Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_ready_clusters{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Ready" - } - ], - "title": "Clusters", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 8 - }, - "id": 3, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_desired_ready_clusters{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Desired Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_ready_clusters{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Ready" - } - ], - "title": "Clusters", - "type": "timeseries" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": "percentunit" - } - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 0, - "y": 13 - }, - "id": 4, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_resources_ready{exported_namespace=\"$namespace\",name=~\"$name\"}) / sum(fleet_gitrepo_resources_desired_ready{exported_namespace=\"$namespace\",name=~\"$name\"})" - } - ], - "title": "Ready Resources", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 5, - "w": 17, - "x": 7, - "y": 13 - }, - "id": 5, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_resources_desired_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Desired Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_resources_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_resources_not_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Not Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_resources_missing{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Missing" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_resources_modified{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Modified" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_resources_unknown{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Unknown" - } - ], - "title": "Resources", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Mixed --" - }, - "fieldConfig": { - "defaults": { - "decimals": 0, - "unit": null - } - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 21 - }, - "id": 6, - "pluginVersion": "v11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_resources_desired_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Desired Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_resources_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_resources_not_ready{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Not Ready" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_resources_missing{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Missing" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_resources_modified{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Modified" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(fleet_gitrepo_resources_unknown{exported_namespace=\"$namespace\",name=~\"$name\"})", - "legendFormat": "Unknown" - } - ], - "title": "Resources", - "type": "timeseries" - } - ], - "schemaVersion": 39, - "templating": { - "list": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "name": "namespace", - "query": "label_values(fleet_gitrepo_desired_ready_clusters, exported_namespace)", - "refresh": 2, - "type": "query" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "includeAll": true, - "name": "name", - "query": "label_values(fleet_gitrepo_desired_ready_clusters{exported_namespace=~\"$namespace\"}, name)", - "refresh": 2, - "type": "query" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timezone": "utc", - "title": "Fleet / GitRepo", - "uid": "fleet-gitrepo" -} diff --git a/charts/rancher-monitoring/files/rancher/home/rancher-default-home.json b/charts/rancher-monitoring/files/rancher/home/rancher-default-home.json deleted file mode 100644 index 1820ae0..0000000 --- a/charts/rancher-monitoring/files/rancher/home/rancher-default-home.json +++ /dev/null @@ -1,1290 +0,0 @@ -{ - "annotations": { - "list": [] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 1, - "title": "", - "type": "welcome" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 4 - }, - "height": "180px", - "id": 6, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(1 - (avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[5m])))) * 100", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "65, 90", - "title": "CPU Utilization", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 4 - }, - "height": "180px", - "id": 4, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(1 - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"})) * 100", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "65, 90", - "title": "Memory Utilization", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 4 - }, - "height": "180px", - "id": 7, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(1 - (((sum(max by (device) (node_filesystem_free_bytes{fstype != \"tmpfs\"})) OR on() vector(0)) + (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))) / ((sum(max by (device) (node_filesystem_size_bytes{fstype != \"tmpfs\"})) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))))) * 100", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "metric": "", - "refId": "A", - "step": 10 - } - ], - "thresholds": "65, 90", - "title": "Disk Utilization", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 0, - "y": 9 - }, - "height": "1px", - "id": 11, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": " cores", - "postfixFontSize": "30%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode!=\"idle\"}[5m]))", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "", - "title": "CPU Used", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 4, - "y": 9 - }, - "height": "1px", - "id": 12, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": " cores", - "postfixFontSize": "30%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(kube_node_status_allocatable_cpu_cores{}) OR sum(kube_node_status_allocatable{resource=\"cpu\",unit=\"core\"})", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "", - "title": "CPU Total", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 8, - "y": 9 - }, - "height": "1px", - "id": 9, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "20%", - "prefix": "", - "prefixFontSize": "20%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}) - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"})", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "", - "title": "Memory Used", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 12, - "y": 9 - }, - "height": "1px", - "id": 10, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(kube_node_status_allocatable_memory_bytes{}) OR sum(kube_node_status_allocatable{resource=\"memory\", unit=\"byte\"})", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "", - "title": "Memory Total", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 16, - "y": 9 - }, - "height": "1px", - "id": 13, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(sum(max by (device) (node_filesystem_size_bytes{fstype != \"tmpfs\"})) - sum(max by (device) (node_filesystem_free_bytes{fstype != \"tmpfs\"})) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) - sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "", - "title": "Disk Used", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 20, - "y": 9 - }, - "height": "1px", - "id": 14, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(sum(max by (device) (node_filesystem_size_bytes{fstype != \"tmpfs\"})) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "", - "title": "Disk Total", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 12 - }, - "hiddenSeries": false, - "id": 2051, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - (avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[$__rate_interval])))", - "format": "time_series", - "hide": false, - "instant": false, - "intervalFactor": 1, - "legendFormat": "Cluster", - "refId": "A" - }, - { - "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\", mode=\"idle\"}[$__rate_interval])) by (instance)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ instance }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 12 - }, - "hiddenSeries": false, - "id": 2052, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "100 * (1 - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}))", - "format": "time_series", - "hide": false, - "instant": false, - "intervalFactor": 1, - "legendFormat": "Cluster", - "refId": "A" - }, - { - "expr": "100 * (1- sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) by (instance) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}) by (instance))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ instance }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 12 - }, - "hiddenSeries": false, - "id": 2053, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(1 - ((sum(max by (device) (node_filesystem_free_bytes{fstype != \"tmpfs\"})) OR on() vector(0)) + (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"} OR on() vector(0)))) / ((sum(max by (device) (node_filesystem_size_bytes{fstype != \"tmpfs\"})) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0)))) * 100", - "legendFormat": "Cluster", - "refId": "A" - }, - { - "expr": "(1 - (sum(max by (instance, device) (node_filesystem_free_bytes{fstype != \"tmpfs\"})) by (instance)) / sum(max by (instance, device) (node_filesystem_size_bytes{fstype != \"tmpfs\"})) by (instance)) * 100", - "hide": false, - "legendFormat": "{{ instance }}", - "refId": "B" - }, - { - "expr": "(1 - (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance)) / sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance)) * 100", - "hide": false, - "legendFormat": "{{ instance }}", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "folderId": 0, - "gridPos": { - "h": 15, - "w": 12, - "x": 0, - "y": 18 - }, - "headings": true, - "id": 3, - "limit": 30, - "links": [], - "query": "", - "recent": true, - "search": true, - "starred": false, - "tags": [], - "title": "Dashboards", - "type": "dashlist" - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 18 - }, - "id": 2055, - "options": { - "content": "## About Rancher Monitoring\n\nRancher Monitoring is a Helm chart developed by Rancher that is powered by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). It is based on the upstream [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) Helm chart maintained by the Prometheus community.\n\nBy default, the chart deploys Grafana alongside a set of Grafana dashboards curated by the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project.\n\nFor more information on how Rancher Monitoring differs from [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack), please view the CHANGELOG.md of the rancher-monitoring chart located in the [rancher/charts](https://github.com/rancher/charts) repository.\n\nFor more information about how to configure Rancher Monitoring, please view the [Rancher docs](https://ranchermanager.docs.rancher.com/integrations-in-rancher/monitoring-and-alerting).\n\n", - "mode": "markdown" - }, - "pluginVersion": "7.1.0", - "timeFrom": null, - "timeShift": null, - "title": "", - "type": "text" - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "hidden": true, - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ], - "type": "timepicker" - }, - "timezone": "browser", - "title": "Home", - "uid": "rancher-home-1", - "version": 5 -} diff --git a/charts/rancher-monitoring/files/rancher/k8s/rancher-etcd-nodes.json b/charts/rancher-monitoring/files/rancher/k8s/rancher-etcd-nodes.json deleted file mode 100644 index 8af4b81..0000000 --- a/charts/rancher-monitoring/files/rancher/k8s/rancher-etcd-nodes.json +++ /dev/null @@ -1,687 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 32, - "links": [], - "panels": [ - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(etcd_network_client_grpc_received_bytes_total{job=\"kube-etcd\"}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Client Traffic In ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(rate(etcd_network_client_grpc_sent_bytes_total{job=\"kube-etcd\"}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Client Traffic Out ({{instance}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "GRPC Client Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Load[5m]({{instance}})" - }, - "properties": [] - } - ] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(etcd_mvcc_db_total_size_in_bytes) by (instance)", - "interval": "", - "legendFormat": "DB Size ({{instance}})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "DB Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) by (instance) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) by (instance)", - "interval": "", - "legendFormat": "Watch Streams ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) by (instance) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) by (instance)", - "interval": "", - "legendFormat": "Lease Watch Stream ({{instance}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Active Streams", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(etcd_server_proposals_committed_total[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Proposal Committed ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(rate(etcd_server_proposals_applied_total[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Proposal Applied ({{instance}})", - "refId": "B" - }, - { - "expr": "sum(rate(etcd_server_proposals_failed_total[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Proposal Failed ({{instance}})", - "refId": "C" - }, - { - "expr": "sum(etcd_server_proposals_pending) by (instance)", - "interval": "", - "legendFormat": "Proposal Pending ({{instance}})", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Raft Proposals", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_started_total{grpc_type=\"unary\"}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "RPC Rate ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(rate(grpc_server_handled_total{grpc_type=\"unary\",grpc_code!=\"OK\"}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "RPC Failure Rate ({{instance}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "RPC Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 7 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket[$__rate_interval])) by (instance, le))", - "interval": "", - "legendFormat": "WAL fsync ({{instance}})", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket[$__rate_interval])) by (instance, le))", - "interval": "", - "legendFormat": "DB fsync ({{instance}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk Sync Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / etcd (Nodes)", - "uid": "rancher-etcd-nodes-1", - "version": 5 -} diff --git a/charts/rancher-monitoring/files/rancher/k8s/rancher-etcd.json b/charts/rancher-monitoring/files/rancher/k8s/rancher-etcd.json deleted file mode 100644 index d81e9d9..0000000 --- a/charts/rancher-monitoring/files/rancher/k8s/rancher-etcd.json +++ /dev/null @@ -1,665 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 33, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(etcd_network_client_grpc_received_bytes_total{job=\"kube-etcd\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Client Traffic In", - "refId": "A" - }, - { - "expr": "sum(rate(etcd_network_client_grpc_sent_bytes_total{job=\"kube-etcd\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Client Traffic Out", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "GRPC Client Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(etcd_mvcc_db_total_size_in_bytes)", - "interval": "", - "legendFormat": "DB Size", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "DB Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"})", - "interval": "", - "legendFormat": "Watch Streams", - "refId": "A" - }, - { - "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"})", - "interval": "", - "legendFormat": "Lease Watch Stream", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Active Streams", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(etcd_server_proposals_committed_total[$__rate_interval]))", - "interval": "", - "legendFormat": "Proposal Committed", - "refId": "A" - }, - { - "expr": "sum(rate(etcd_server_proposals_applied_total[$__rate_interval]))", - "interval": "", - "legendFormat": "Proposal Applied", - "refId": "B" - }, - { - "expr": "sum(rate(etcd_server_proposals_failed_total[$__rate_interval]))", - "interval": "", - "legendFormat": "Proposal Failed", - "refId": "C" - }, - { - "expr": "sum(etcd_server_proposals_pending)", - "interval": "", - "legendFormat": "Proposal Pending", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Raft Proposals", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_started_total{grpc_type=\"unary\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "RPC Rate", - "refId": "A" - }, - { - "expr": "sum(rate(grpc_server_handled_total{grpc_type=\"unary\",grpc_code!=\"OK\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "RPC Failure Rate", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "RPC Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 7 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket[$__rate_interval])) by (instance, le))", - "interval": "", - "legendFormat": "WAL fsync", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket[$__rate_interval])) by (instance, le))", - "interval": "", - "legendFormat": "DB fsync", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk Sync Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / etcd", - "uid": "rancher-etcd-1", - "version": 4 -} diff --git a/charts/rancher-monitoring/files/rancher/k8s/rancher-k8s-components-nodes.json b/charts/rancher-monitoring/files/rancher/k8s/rancher-k8s-components-nodes.json deleted file mode 100644 index b31358e..0000000 --- a/charts/rancher-monitoring/files/rancher/k8s/rancher-k8s-components-nodes.json +++ /dev/null @@ -1,527 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 30, - "links": [], - "panels": [ - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(apiserver_request_total[$__rate_interval])) by (instance, code)", - "interval": "", - "legendFormat": "{{code}}({{instance}})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "API Server Request Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Load[5m]({{instance}})" - }, - "properties": [] - } - ] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (instance, name)", - "interval": "", - "legendFormat": "Deployment Depth ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"volumes\"}) by (instance, name)", - "interval": "", - "legendFormat": "Volumes Depth ({{instance}})", - "refId": "B" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicaset\"}) by (instance, name)", - "interval": "", - "legendFormat": "ReplicaSet Depth ({{instance}})", - "refId": "C" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"service\"}) by (instance, name)", - "interval": "", - "legendFormat": "Service Depth ({{instance}})", - "refId": "D" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"serviceaccount\"}) by (instance, name)", - "interval": "", - "legendFormat": "ServiceAccount Depth ({{instance}})", - "refId": "E" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"endpoint\"}) by (instance, name)", - "interval": "", - "legendFormat": "Endpoint Depth ({{instance}})", - "refId": "F" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"daemonset\"}) by (instance, name)", - "interval": "", - "legendFormat": "DaemonSet Depth ({{instance}})", - "refId": "G" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"statefulset\"}) by (instance, name)", - "interval": "", - "legendFormat": "StatefulSet Depth ({{instance}})", - "refId": "H" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicationmanager\"}) by (instance, name)", - "interval": "", - "legendFormat": "ReplicationManager Depth ({{instance}})", - "refId": "I" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Controller Manager Queue Depth", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(kube_pod_status_scheduled{condition=\"false\"})", - "interval": "", - "legendFormat": "Failed To Schedule", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pod Scheduling Status", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"reading\"}) by (instance)", - "interval": "", - "legendFormat": "Reading ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"waiting\"}) by (instance)", - "interval": "", - "legendFormat": "Waiting ({{instance}})", - "refId": "B" - }, - { - "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"writing\"}) by (instance)", - "interval": "", - "legendFormat": "Writing ({{instance}})", - "refId": "C" - }, - { - "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"accepted\"}[$__rate_interval]))) by (instance)", - "interval": "", - "legendFormat": "Accepted ({{instance}})", - "refId": "D" - }, - { - "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"handled\"}[$__rate_interval]))) by (instance)", - "interval": "", - "legendFormat": "Handled ({{instance}})", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Ingress Controller Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Kubernetes Components (Nodes)", - "uid": "rancher-k8s-components-nodes-1", - "version": 5 -} diff --git a/charts/rancher-monitoring/files/rancher/k8s/rancher-k8s-components.json b/charts/rancher-monitoring/files/rancher/k8s/rancher-k8s-components.json deleted file mode 100644 index 44cf97f..0000000 --- a/charts/rancher-monitoring/files/rancher/k8s/rancher-k8s-components.json +++ /dev/null @@ -1,519 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 31, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(apiserver_request_total[$__rate_interval])) by (code)", - "interval": "", - "legendFormat": "{{code}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "API Server Request Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Load[5m]({{instance}})" - }, - "properties": [] - } - ] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (name)", - "interval": "", - "legendFormat": "Deployment Depth", - "refId": "A" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"volumes\"}) by (name)", - "interval": "", - "legendFormat": "Volumes Depth", - "refId": "B" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicaset\"}) by (name)", - "interval": "", - "legendFormat": "Replicaset Depth", - "refId": "C" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"service\"}) by (name)", - "interval": "", - "legendFormat": "Service Depth", - "refId": "D" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"serviceaccount\"}) by (name)", - "interval": "", - "legendFormat": "ServiceAccount Depth", - "refId": "E" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"endpoint\"}) by (name)", - "interval": "", - "legendFormat": "Endpoint Depth", - "refId": "F" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"daemonset\"}) by (name)", - "interval": "", - "legendFormat": "DaemonSet Depth", - "refId": "G" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"statefulset\"}) by (name)", - "interval": "", - "legendFormat": "StatefulSet Depth", - "refId": "H" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicationmanager\"}) by (name)", - "interval": "", - "legendFormat": "ReplicationManager Depth", - "refId": "I" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Controller Manager Queue Depth", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(kube_pod_status_scheduled{condition=\"false\"})", - "interval": "", - "legendFormat": "Failed To Schedule", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pod Scheduling Status", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"reading\"})", - "interval": "", - "legendFormat": "Reading", - "refId": "A" - }, - { - "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"waiting\"})", - "interval": "", - "legendFormat": "Waiting", - "refId": "B" - }, - { - "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"writing\"})", - "interval": "", - "legendFormat": "Writing", - "refId": "C" - }, - { - "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"accepted\"}[$__rate_interval])))", - "interval": "", - "legendFormat": "Accepted", - "refId": "D" - }, - { - "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"handled\"}[$__rate_interval])))", - "interval": "", - "legendFormat": "Handled", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Ingress Controller Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Kubernetes Components", - "uid": "rancher-k8s-components-1", - "version": 5 -} diff --git a/charts/rancher-monitoring/files/rancher/logging/fluentbit.json b/charts/rancher-monitoring/files/rancher/logging/fluentbit.json deleted file mode 100644 index b00582c..0000000 --- a/charts/rancher-monitoring/files/rancher/logging/fluentbit.json +++ /dev/null @@ -1,760 +0,0 @@ -{ - "annotations": { - "list": [ - { - "$$hashKey": "object:7", - "builtIn": 1, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "Monitoring of the logging-stack", - "editable": true, - "fiscalYearStartMonth": 0, - "gnetId": 13042, - "graphTooltip": 1, - "links": [], - "liveNow": false, - "panels": [ - { - "collapsed": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 19, - "panels": [], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "General", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [], - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 1 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:1802", - "alias": "/Error.*/", - "color": "#E02F44" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "\nsum(rate(fluentbit_output_retries_total[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Retry rate", - "range": true, - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(rate(fluentbit_output_errors_total[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error rate", - "range": true, - "refId": "C" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Fluentbit output error/retry rate", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1697", - "format": "ops", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:1698", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Input and output total rates", - "fieldConfig": { - "defaults": { - "links": [], - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 1 - }, - "hiddenSeries": false, - "id": 44, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(rate(fluentbit_input_records_total[1m]))", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "input", - "range": true, - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(rate(fluentbit_output_proc_records_total[1m]))", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "output", - "range": true, - "refId": "B" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Fluentbit input/output rate", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [], - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 30, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(rate(fluentbit_output_retries_total[1m])) by (type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{type}}", - "range": true, - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Current retry count", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [], - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 7 - }, - "hiddenSeries": false, - "id": 45, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(rate(fluentbit_output_errors_total[1m])) by (type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{type}}", - "range": true, - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Current error count", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fieldConfig": { - "defaults": { - "links": [], - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 13 - }, - "hiddenSeries": false, - "id": 46, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(rate(fluentbit_input_records_total[1m])) by (type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{type}}", - "range": true, - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Input records total", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fieldConfig": { - "defaults": { - "links": [], - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 13 - }, - "hiddenSeries": false, - "id": 47, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(rate(fluentbit_filter_drop_records_total[1m])) by (type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{type}}", - "range": true, - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Dropped records total", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "refresh": false, - "schemaVersion": 39, - "tags": [ - "logging", - "fluentbit" - ], - "templating": { - "list": [ - { - "hide": 2, - "name": "DS_PROMETHEUS", - "query": "prometheus", - "skipUrlSync": false, - "type": "constant" - } - ] - }, - "time": { - "from": "2024-08-20T15:06:03.311Z", - "to": "2024-08-20T21:06:03.311Z" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "utc", - "title": "Rancher / Fluentbit", - "uid": "rancher-logging-fluentbit", - "version": 1, - "weekStart": "" -} \ No newline at end of file diff --git a/charts/rancher-monitoring/files/rancher/logging/fluentd.json b/charts/rancher-monitoring/files/rancher/logging/fluentd.json deleted file mode 100644 index 8861425..0000000 --- a/charts/rancher-monitoring/files/rancher/logging/fluentd.json +++ /dev/null @@ -1,3221 +0,0 @@ -{ - "annotations": { - "list": [ - { - "$$hashKey": "object:7", - "builtIn": 1, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "Monitoring of the logging-stack", - "editable": true, - "fiscalYearStartMonth": 0, - "gnetId": 13042, - "graphTooltip": 1, - "links": [], - "liveNow": false, - "panels": [ - { - "collapsed": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 19, - "panels": [], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "General", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "If you see errors then you probbaly have serious issues with log processing, see https://docs.fluentd.org/buffer#handling-unrecoverable-errors\n\nRetries are normal but should occur only from time to time, otherwise check for network errors or destination is too slow and requires additional tuning per given provider.", - "fieldConfig": { - "defaults": { - "links": [], - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 1 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:1802", - "alias": "/Error.*/", - "color": "#E02F44" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_output_status_retry_count[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "Retry rate", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_output_status_num_errors[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Error rate", - "refId": "C" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Fluentd output error/retry rate", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1697", - "format": "ops", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:1698", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Input and output total rates", - "fieldConfig": { - "defaults": { - "links": [], - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 1 - }, - "hiddenSeries": false, - "id": 44, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_input_status_num_records_total[1m]))", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "input", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_output_status_write_count[1m]))", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "output", - "refId": "B" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Fluentd input/output rate", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "This should not reach 0 otherwise logs are blocked from processing or even dropped", - "fieldConfig": { - "defaults": { - "links": [], - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 1 - }, - "hiddenSeries": false, - "id": 20, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "min(fluentd_output_status_buffer_available_space_ratio)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "lowest across all hosts", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Fluentd output status buffer available space ratio", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:918", - "decimals": 0, - "format": "percent", - "logBase": 1, - "max": "100", - "min": "0", - "show": true - }, - { - "$$hashKey": "object:919", - "decimals": 0, - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "total flush time", - "fieldConfig": { - "defaults": { - "links": [], - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 6 - }, - "hiddenSeries": false, - "id": 21, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:906", - "alias": "count", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_output_status_flush_time_count[1m]))", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "time", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_output_status_slow_flush_count[1m]))", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "count", - "refId": "B" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Fluentd output status flush time count rate", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:400", - "decimals": 0, - "format": "ms", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:401", - "decimals": 0, - "format": "short", - "logBase": 1, - "min": "0", - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Current total size of stage and queue buffers.\nfluentd_output_status_buffer_total_bytes", - "fieldConfig": { - "defaults": { - "links": [], - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 6 - }, - "hiddenSeries": false, - "id": 13, - "legend": { - "alignAsTable": false, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(fluentd_output_status_buffer_total_bytes) by (type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ type }}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Current total size of stage and queue buffers", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:321", - "format": "bytes", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:322", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [], - "unitScale": true - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 6 - }, - "hiddenSeries": false, - "id": 15, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "10.3.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(fluentd_output_status_buffer_queue_length)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "total", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Fluentd output buffer queue", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1460", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:1461", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "collapsed": true, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 17, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_input_status_num_records_total", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 12 - }, - "hiddenSeries": false, - "id": 39, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_input_status_num_records_total[1m])) ", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "total", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Input entries rate (total)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_input_status_num_records_total", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 12 - }, - "hiddenSeries": false, - "id": 47, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_input_status_num_records_total[1m])) by (hostname)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{hostname}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Input entries rate per hostname", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_input_status_num_records_total", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 18 - }, - "hiddenSeries": false, - "id": 60, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_input_status_num_records_total[1m])) by (namespace)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Input entries rate per namespace", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_input_status_num_records_total", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 18 - }, - "hiddenSeries": false, - "id": 48, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_input_status_num_records_total[1m])) by (instance)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Input entries rate per instance", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Input details", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 12 - }, - "id": 59, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_input_status_num_records_total", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 25 - }, - "hiddenSeries": false, - "id": 49, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_input_status_num_records_total[1m])) by (tag)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{tag}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Input entries rate per tag", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Input details (warning, very slow!)", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 41, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_output_status_buffer_stage_length", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 32 - }, - "hiddenSeries": false, - "id": 22, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(fluentd_output_status_buffer_stage_length) by (pod, type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{pod}} {{ type }}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Current length of stage buffers", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_output_status_buffer_stage_byte_size", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 32 - }, - "hiddenSeries": false, - "id": 23, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(fluentd_output_status_buffer_stage_byte_size) by (pod, type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{pod}} {{ type }}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Current total size of stage buffers", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "bytes", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Buffer stage", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 43, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 39 - }, - "hiddenSeries": false, - "id": 50, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "max_over_time(fluentd_output_status_buffer_queue_length[1m])", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{pod}} {{ type }}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Maximum buffer length in last 1min", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 39 - }, - "hiddenSeries": false, - "id": 25, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "max_over_time(fluentd_output_status_buffer_total_bytes[1m])", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{pod}} {{ type }}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Maximum buffer bytes in last 1min", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "bytes", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_output_status_buffer_queue_length", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 45 - }, - "hiddenSeries": false, - "id": 24, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(fluentd_output_status_buffer_queue_length) by (pod, type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{pod}} {{ type }}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Current length of queue buffers", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_output_status_queue_byte_size", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 45 - }, - "hiddenSeries": false, - "id": 51, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(fluentd_output_status_queue_byte_size) by (pod, type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{pod}} {{ type }}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Current total size of queue buffers", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "bytes", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Buffer queue", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 15 - }, - "id": 46, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_output_status_buffer_available_space_ratio", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 52 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(fluentd_output_status_buffer_available_space_ratio) by (pod, type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{pod}} {{ type }}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Ratio of available space in buffer", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "percent", - "logBase": 1, - "max": "100", - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Buffer space", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 16 - }, - "id": 53, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_output_status_retry_count", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 59 - }, - "hiddenSeries": false, - "id": 30, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_output_status_retry_count[1m])) by (type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{type}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Current retry counts", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_output_status_emit_records", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 59 - }, - "hiddenSeries": false, - "id": 33, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_output_status_emit_records[1m])) by (type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{type}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Current emit records", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_output_status_emit_count", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 65 - }, - "hiddenSeries": false, - "id": 32, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_output_status_emit_count[1m])) by (type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{type}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Current emit counts rate", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_output_status_rollback_count", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 65 - }, - "hiddenSeries": false, - "id": 35, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_output_status_rollback_count[1m])) by (type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{type}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Current rollback counts", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_output_status_write_count", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 71 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_output_status_write_count[1m])) by (type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{type}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Current write counts", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_output_status_slow_flush_count", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 71 - }, - "hiddenSeries": false, - "id": 37, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_output_status_slow_flush_count[1m])) by (type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{type}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Current slow flush counts", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_output_status_retry_wait", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 77 - }, - "hiddenSeries": false, - "id": 38, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_output_status_retry_wait[1m])) by (type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{type}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Current retry wait", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_output_status_flush_time_count", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 77 - }, - "hiddenSeries": false, - "id": 36, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_output_status_flush_time_count[1m])) by (type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{type}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Total flush time", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "ms", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Buffer retries", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 17 - }, - "id": 57, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_output_status_num_errors", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 84 - }, - "hiddenSeries": false, - "id": 31, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(fluentd_output_status_num_errors[1m])) by (type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{type}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Current number of errors rate", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Buffer errors", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 18 - }, - "id": 55, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 91 - }, - "hiddenSeries": false, - "id": 29, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "fluentd_output_status_buffer_newest_timekey - fluentd_output_status_buffer_oldest_timekey", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{pod}} {{ type}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Timekey diff", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_output_status_buffer_newest_timekey", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 91 - }, - "hiddenSeries": false, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(fluentd_output_status_buffer_newest_timekey) by (pod, type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{pod}} {{ type }}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Newest timekey in buffer", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "fluentd_output_status_buffer_oldest_timekey", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 97 - }, - "hiddenSeries": false, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": false, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(fluentd_output_status_buffer_oldest_timekey) by (pod, type)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{pod}} {{ type }}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Oldest timekey in buffer", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:250", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Buffer timekeys", - "type": "row" - } - ], - "refresh": "10s", - "schemaVersion": 39, - "tags": [ - "fluentd", - "logging" - ], - "templating": { - "list": [ - { - "hide": 2, - "name": "DS_PROMETHEUS", - "query": "prometheus", - "skipUrlSync": false, - "type": "constant" - } - ] - }, - "time": { - "from": "now-3h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "utc", - "title": "Rancher / Fluentd", - "uid": "rancher-logging-fluentd", - "version": 1, - "weekStart": "" -} \ No newline at end of file diff --git a/charts/rancher-monitoring/files/rancher/nodes/rancher-node-detail.json b/charts/rancher-monitoring/files/rancher/nodes/rancher-node-detail.json deleted file mode 100644 index 920fb94..0000000 --- a/charts/rancher-monitoring/files/rancher/nodes/rancher-node-detail.json +++ /dev/null @@ -1,805 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 28, - "links": [], - "panels": [ - { - "aliasColors": { - "{{mode}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\", instance=\"$instance\"}[$__rate_interval])) by (mode)", - "interval": "", - "legendFormat": "{{mode}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Load[5m]" - }, - "properties": [] - } - ] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(node_load5{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[5m]))", - "interval": "", - "legendFormat": "Load[5m]", - "refId": "A" - }, - { - "expr": "sum(node_load1{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[1m]))", - "interval": "", - "legendFormat": "Load[1m]", - "refId": "B" - }, - { - "expr": "sum(node_load15{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[15m]))", - "interval": "", - "legendFormat": "Load[15m]", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Load Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - (node_memory_MemAvailable_bytes{instance=~\"$instance\"} OR windows_os_physical_memory_free_bytes{instance=~\"$instance\"}) / (node_memory_MemTotal_bytes{instance=~\"$instance\"} OR windows_cs_physical_memory_bytes{instance=~\"$instance\"})", - "interval": "", - "legendFormat": "Total", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{device}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}) by (device) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}) by (device))", - "interval": "", - "legendFormat": "{{device}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{device}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Read ({{device}})", - "refId": "A" - }, - { - "expr": "sum(rate(node_disk_written_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total{instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Write ({{device}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{device}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 7 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_received_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Receive Errors ({{device}})", - "refId": "A" - }, - { - "expr": "sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Receive Total ({{device}})", - "refId": "B" - }, - { - "expr": "sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_outbound_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Transmit Errors ({{device}})", - "refId": "C" - }, - { - "expr": "sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_received_discarded_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Receive Dropped ({{device}})", - "refId": "D" - }, - { - "expr": "sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Transmit Dropped ({{device}})", - "refId": "E" - }, - { - "expr": "sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Transmit Total ({{device}})", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{device}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 14 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Transmit Total ({{device}})", - "refId": "A" - }, - { - "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Receive Total ({{device}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "instance", - "query": "label_values({__name__=~\"node_exporter_build_info|windows_exporter_build_info\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Node (Detail)", - "uid": "rancher-node-detail-1", - "version": 3 -} diff --git a/charts/rancher-monitoring/files/rancher/nodes/rancher-node.json b/charts/rancher-monitoring/files/rancher/nodes/rancher-node.json deleted file mode 100644 index 367df3c..0000000 --- a/charts/rancher-monitoring/files/rancher/nodes/rancher-node.json +++ /dev/null @@ -1,792 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 28, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\", instance=\"$instance\", mode=\"idle\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Total", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Load[5m]" - }, - "properties": [] - } - ] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(node_load5{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[5m]))", - "interval": "", - "legendFormat": "Load[5m]", - "refId": "A" - }, - { - "expr": "sum(node_load1{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[1m]))", - "interval": "", - "legendFormat": "Load[1m]", - "refId": "B" - }, - { - "expr": "sum(node_load15{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[15m]))", - "interval": "", - "legendFormat": "Load[15m]", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Load Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - sum(node_memory_MemAvailable_bytes{instance=~\"$instance\"} OR windows_os_physical_memory_free_bytes{instance=~\"$instance\"}) / sum(node_memory_MemTotal_bytes{instance=~\"$instance\"} OR windows_cs_physical_memory_bytes{instance=~\"$instance\"})", - "interval": "", - "legendFormat": "Total", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}))", - "interval": "", - "legendFormat": "Total", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Read", - "refId": "A" - }, - { - "expr": "sum(rate(node_disk_written_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total{instance=~\"$instance\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Write", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 7 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Receive Errors", - "refId": "A" - }, - { - "expr": "(sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Receive Total", - "refId": "B" - }, - { - "expr": "(sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Transmit Errors", - "refId": "C" - }, - { - "expr": "(sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_discarded_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Receive Dropped", - "refId": "D" - }, - { - "expr": "(sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Transmit Dropped", - "refId": "E" - }, - { - "expr": "(sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Transmit Total", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 14 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Transmit Total", - "refId": "A" - }, - { - "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Receive Total", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "instance", - "query": "label_values({__name__=~\"node_exporter_build_info|windows_exporter_build_info\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Node", - "uid": "rancher-node-1", - "version": 3 -} diff --git a/charts/rancher-monitoring/files/rancher/performance/performance-debugging.json b/charts/rancher-monitoring/files/rancher/performance/performance-debugging.json deleted file mode 100644 index 454bc39..0000000 --- a/charts/rancher-monitoring/files/rancher/performance/performance-debugging.json +++ /dev/null @@ -1,1652 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "datasource", - "uid": "grafana" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "links": [], - "liveNow": false, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "$datasource" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": true, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "exemplar": true, - "expr": "topk(20,sum by (handler_name) (rate(lasso_controller_reconcile_time_seconds_sum[5m]))\n/\nsum by (handler_name) (rate(lasso_controller_reconcile_time_seconds_count[5m])))", - "interval": "", - "legendFormat": "{{handler_name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Handler Average Execution Times Over Last 5 Minutes (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1390", - "format": "short", - "label": "Execution Time in Seconds", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:1391", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "$datasource" - }, - "description": "", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 8 - }, - "hiddenSeries": false, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "exemplar": true, - "expr": "topk(20,sum by (resource, method, code) (rate(steve_api_request_time_sum{resource!=\"subscribe\"}[5m]))\n/\nsum by (resource, method, code) (rate(steve_api_request_time_count{resource!=\"subscribe\"}[5m])))", - "interval": "", - "legendFormat": "{{resource}} {{method}} {{code}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Rancher API Average Request Times Over Last 5 Minutes (Top 20) (Subscribes Omitted)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:178", - "format": "ms", - "label": "", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:179", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "$datasource" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 16 - }, - "hiddenSeries": false, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "exemplar": true, - "expr": "rate(steve_api_request_time_sum{resource=\"subscribe\"}[5m])\n/\nrate(steve_api_request_time_count{resource=\"subscribe\"}[5m])", - "interval": "", - "legendFormat": "{{resource}} {{method}} {{code}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Subscribe Average Request Times Over Last 5 Minutes", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:368", - "format": "ms", - "label": "", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:369", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "$datasource" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 24 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "exemplar": true, - "expr": "topk(20,workqueue_depth)", - "interval": "", - "legendFormat": "{{name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Lasso Controller Work Queue Depth (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1553", - "format": "short", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:1554", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "$datasource" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 13, - "w": 16, - "x": 0, - "y": 32 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "exemplar": true, - "expr": "topk(20,sum by (id, resource, method, code) (steve_api_total_requests))", - "instant": false, - "interval": "", - "legendFormat": "{{id}} {{resource}} {{method}} {{code}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Number of Rancher Requests (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:290", - "format": "short", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:291", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "$datasource" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 16, - "x": 0, - "y": 45 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "exemplar": true, - "expr": "topk(20,sum by (id, resource, method) (steve_api_total_requests{code!=\"200\",code!=\"201\"}))", - "interval": "", - "legendFormat": "{{id}} {{resource}} {{method}} {{code}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Number of Failed Rancher API Requests (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:428", - "format": "short", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:429", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "$datasource" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 54 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "exemplar": true, - "expr": "topk(20,sum by (resource, method, code) (rate(k8s_proxy_store_request_time_sum[5m]))\n/\nsum by (resource, method, code) (rate(k8s_proxy_store_request_time_count[5m])))", - "interval": "", - "legendFormat": "{{resource}} {{method}} {{code}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "K8s Proxy Store Average Request Times Over Last 5 Minutes (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:662", - "format": "ms", - "label": "", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:663", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "$datasource" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 62 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": true, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "exemplar": true, - "expr": "topk(20,sum by (resource, method, code) (rate(k8s_proxy_client_request_time_sum[5m]))\n/\nsum by (resource, method, code) (rate(k8s_proxy_client_request_time_count[5m])))", - "interval": "", - "legendFormat": "{{resource}} {{method}} {{code}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "K8s Proxy Client Average Request Times Over Last 5 Minutes (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1710", - "format": "ms", - "label": "", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:1711", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "$datasource" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 70 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "exemplar": true, - "expr": "topk(20,lasso_controller_total_cached_object)", - "interval": "", - "legendFormat": "{{kind}} {{version}} {{group}} {{pod}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Cached Objects by GroupVersionKind (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:744", - "format": "short", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:745", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "$datasource" - }, - "description": "", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 78 - }, - "hiddenSeries": false, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "exemplar": true, - "expr": "topk(20,sum by (handler_name) (\nlasso_controller_total_handler_execution\n))", - "interval": "", - "legendFormat": "{{handler_name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Lasso Handler Executions (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:824", - "format": "short", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:825", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "$datasource" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 86 - }, - "hiddenSeries": false, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "exemplar": true, - "expr": "topk(20, sum by (handler_name,controller_name) (\nincrease(lasso_controller_total_handler_execution[2m])\n))", - "interval": "", - "legendFormat": "{{controller_name}}.{{handler_name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Handler Executions Over Last 2 Minutes (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "$datasource" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 94 - }, - "hiddenSeries": false, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "exemplar": true, - "expr": "topk(20,sum by (handler_name) (\nlasso_controller_total_handler_execution{has_error=\"true\"}\n))", - "interval": "", - "legendFormat": "{{handler_name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Total Handler Executions with Error (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1230", - "format": "short", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:1231", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "$datasource" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 102 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "exemplar": true, - "expr": "topk(20,sum by (handler_name,controller_name) (\nincrease(lasso_controller_total_handler_execution{has_error=\"true\"}[2m])\n))", - "interval": "", - "legendFormat": "{{controller_name}}.{{handler_name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Handler Executions Over Last 2 Minutes (Top 20)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "$datasource" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 110 - }, - "hiddenSeries": false, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "exemplar": true, - "expr": "topk(20,session_server_total_transmit_bytes)", - "interval": "", - "legendFormat": "{{clientkey}} {{pod}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Data Transmitted by Remote Dialer Sessions (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1953", - "format": "decbytes", - "label": "", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:1954", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "$datasource" - }, - "description": "", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 118 - }, - "hiddenSeries": false, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "exemplar": true, - "expr": "session_server_total_transmit_error_bytes", - "interval": "", - "legendFormat": "{{clientkey}} {{pod}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Errors for Remote Dialer Sessions (Top 20)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:2045", - "format": "ms", - "label": "Error Data", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:2046", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 126 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "editorMode": "code", - "exemplar": true, - "expr": "session_server_total_add_websocket_session - (session_server_total_remove_websocket_session or (0 * session_server_total_add_websocket_session))", - "interval": "", - "legendFormat": "{{clientkey}} {{pod}}", - "range": true, - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Remote Dialer Active Connections (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:2199", - "format": "short", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:2200", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 134 - }, - "hiddenSeries": false, - "id": 35, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "editorMode": "code", - "exemplar": true, - "expr": "rate(session_server_total_remove_connections[$__rate_interval])", - "interval": "", - "legendFormat": "{{clientkey}} {{pod}}", - "range": true, - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Remote Dialer Removed Connections Rate (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:2199", - "format": "short", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:2200", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 142 - }, - "hiddenSeries": false, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "$datasource" - }, - "editorMode": "code", - "exemplar": true, - "expr": "rate(session_server_total_add_connections[$__rate_interval])", - "interval": "", - "legendFormat": "{{clientkey}} {{pod}}", - "range": true, - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Remote Dialer Added Connections Rate (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:2117", - "format": "short", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:2118", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "schemaVersion": 37, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "includeAll": false, - "label": "Data Source", - "multi": false, - "name": "datasource", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - } - ] - }, - "time": { - "from": "now-15m", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Rancher Performance Debugging", - "uid": "tfrfU0a7k", - "version": 1, - "weekStart": "" -} \ No newline at end of file diff --git a/charts/rancher-monitoring/files/rancher/pods/rancher-pod-containers.json b/charts/rancher-monitoring/files/rancher/pods/rancher-pod-containers.json deleted file mode 100644 index cf78a22..0000000 --- a/charts/rancher-monitoring/files/rancher/pods/rancher-pod-containers.json +++ /dev/null @@ -1,636 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 28, - "iteration": 1618265214337, - "links": [], - "panels": [ - { - "aliasColors": { - "{{container}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_cfs_throttled_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "CFS throttled ({{container}})", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_system_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "System ({{container}})", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Total ({{container}})", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_user_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_cpu_usage_seconds_usermode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "User ({{container}})", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "cpu", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{container}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_working_set_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"} OR windows_container_memory_usage_commit_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"}) by (container)", - "interval": "", - "legendFormat": "({{container}})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{container}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container) OR sum(irate(windows_container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Receive Total ({{container}})", - "refId": "A" - }, - { - "expr": "sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container) OR sum(irate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Transmit Total ({{container}})", - "refId": "B" - }, - { - "expr": "sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container) OR sum(irate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Receive Dropped ({{container}})", - "refId": "C" - }, - { - "expr": "sum(irate(container_network_receive_errors_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Receive Errors ({{container}})", - "refId": "D" - }, - { - "expr": "sum(irate(container_network_transmit_errors_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Transmit Errors ({{container}})", - "refId": "E" - }, - { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container) OR sum(irate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Transmit Dropped ({{container}})", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{container}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container) OR sum(irate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Receive Total ({{container}})", - "refId": "A" - }, - { - "expr": "sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container) OR sum(irate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Transmit Total ({{container}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{container}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Write ({{container}})", - "refId": "A" - }, - { - "expr": "sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Read ({{container}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "namespace", - "query": "label_values(kube_pod_info{}, namespace)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "pod", - "query": "label_values(kube_pod_info{namespace=\"$namespace\"}, pod)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Pod (Containers)", - "uid": "rancher-pod-containers-1", - "version": 8 -} diff --git a/charts/rancher-monitoring/files/rancher/pods/rancher-pod.json b/charts/rancher-monitoring/files/rancher/pods/rancher-pod.json deleted file mode 100644 index 4859ecc..0000000 --- a/charts/rancher-monitoring/files/rancher/pods/rancher-pod.json +++ /dev/null @@ -1,636 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 28, - "iteration": 1618265214337, - "links": [], - "panels": [ - { - "aliasColors": { - "": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_cfs_throttled_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "CFS throttled", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_system_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "System", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Total", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_user_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_cpu_usage_seconds_usermode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "User", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "cpu", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_working_set_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"} OR windows_container_memory_usage_commit_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"})", - "interval": "", - "legendFormat": "Total", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) OR sum(irate(windows_container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Receive Total", - "refId": "A" - }, - { - "expr": "sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) OR sum(irate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Transmit Total", - "refId": "B" - }, - { - "expr": "sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) OR sum(irate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Receive Dropped", - "refId": "C" - }, - { - "expr": "sum(irate(container_network_receive_errors_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Receive Errors", - "refId": "D" - }, - { - "expr": "sum(irate(container_network_transmit_errors_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Transmit Errors", - "refId": "E" - }, - { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) OR sum(irate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Transmit Dropped", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) OR sum(irate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Receive Total", - "refId": "A" - }, - { - "expr": "sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) OR sum(irate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Transmit Total", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Write", - "refId": "A" - }, - { - "expr": "sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Read", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "namespace", - "query": "label_values(kube_pod_info{}, namespace)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "pod", - "query": "label_values(kube_pod_info{namespace=\"$namespace\"}, pod)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Pod", - "uid": "rancher-pod-1", - "version": 8 -} diff --git a/charts/rancher-monitoring/files/rancher/workloads/rancher-workload-pods.json b/charts/rancher-monitoring/files/rancher/workloads/rancher-workload-pods.json deleted file mode 100644 index 245eb79..0000000 --- a/charts/rancher-monitoring/files/rancher/workloads/rancher-workload-pods.json +++ /dev/null @@ -1,652 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 28, - "iteration": 1618265214337, - "links": [], - "panels": [ - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(rate(container_cpu_cfs_throttled_seconds_total{namespace=~\"$namespace\",container=\"\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "CFS throttled ({{pod}})", - "refId": "A" - }, - { - "expr": "(sum(rate(container_cpu_system_seconds_total{namespace=~\"$namespace\",container=\"\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "System ({{pod}})", - "refId": "B" - }, - { - "expr": "(sum(rate(container_cpu_usage_seconds_total{namespace=~\"$namespace\",container=\"\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Total ({{pod}})", - "refId": "C" - }, - { - "expr": "(sum(rate(container_cpu_user_seconds_total{namespace=~\"$namespace\",container=\"\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_usermode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "User ({{pod}})", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "cpu", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(container_memory_working_set_bytes{namespace=~\"$namespace\",container=\"\"} OR windows_container_memory_usage_commit_bytes{namespace=~\"$namespace\"}) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "({{pod}})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Receive Total ({{pod}})", - "refId": "A" - }, - { - "expr": "(sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Transmit Total ({{pod}})", - "refId": "B" - }, - { - "expr": "(sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Receive Dropped ({{pod}})", - "refId": "C" - }, - { - "expr": "(sum(irate(container_network_receive_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Receive Errors ({{pod}})", - "refId": "D" - }, - { - "expr": "(sum(irate(container_network_transmit_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Transmit Errors ({{pod}})", - "refId": "E" - }, - { - "expr": "(sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Transmit Dropped ({{pod}})", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Receive Total ({{pod}})", - "refId": "A" - }, - { - "expr": "(sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Transmit Total ({{pod}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Write ({{pod}})", - "refId": "A" - }, - { - "expr": "(sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Read ({{pod}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "namespace", - "query": "query_result(kube_pod_info{namespace!=\"\"} * on(pod, namespace) group_right( created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod,namespace))", - "refresh": 2, - "regex": "/.*namespace=\"([^\"]*)\"/", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "kind", - "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", - "refresh": 2, - "regex": "/.*created_by_kind=\"([^\"]*)\"/", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "workload", - "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind=\"$kind\", created_by_name!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", - "refresh": 2, - "regex": "/.*created_by_name=\"([^\"]*)\"/", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Workload (Pods)", - "uid": "rancher-workload-pods-1", - "version": 8 -} diff --git a/charts/rancher-monitoring/files/rancher/workloads/rancher-workload.json b/charts/rancher-monitoring/files/rancher/workloads/rancher-workload.json deleted file mode 100644 index 18cac29..0000000 --- a/charts/rancher-monitoring/files/rancher/workloads/rancher-workload.json +++ /dev/null @@ -1,652 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 28, - "iteration": 1618265214337, - "links": [], - "panels": [ - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum((sum(rate(container_cpu_cfs_throttled_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "CFS throttled", - "refId": "A" - }, - { - "expr": "sum((sum(rate(container_cpu_system_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "System", - "refId": "B" - }, - { - "expr": "sum((sum(rate(container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Total", - "refId": "C" - }, - { - "expr": "sum((sum(rate(container_cpu_user_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_usermode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "User", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "cpu", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum((sum(container_memory_working_set_bytes{namespace=~\"$namespace\"} OR windows_container_memory_usage_commit_bytes{namespace=~\"$namespace\"}) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Total", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum((sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Receive Total", - "refId": "A" - }, - { - "expr": "sum((sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Transmit Total", - "refId": "B" - }, - { - "expr": "sum((sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Receive Dropped", - "refId": "C" - }, - { - "expr": "sum((sum(irate(container_network_receive_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Receive Errors", - "refId": "D" - }, - { - "expr": "sum((sum(irate(container_network_transmit_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Transmit Errors", - "refId": "E" - }, - { - "expr": "sum((sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Transmit Dropped", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum((sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Receive Total", - "refId": "A" - }, - { - "expr": "sum((sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Transmit Total", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum((sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Write", - "refId": "A" - }, - { - "expr": "sum((sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Read", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "namespace", - "query": "query_result(kube_pod_info{namespace!=\"\"} * on(pod, namespace) group_right( created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod,namespace))", - "refresh": 2, - "regex": "/.*namespace=\"([^\"]*)\"/", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "kind", - "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", - "refresh": 2, - "regex": "/.*created_by_kind=\"([^\"]*)\"/", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "workload", - "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind=\"$kind\", created_by_name!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", - "refresh": 2, - "regex": "/.*created_by_name=\"([^\"]*)\"/", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Workload", - "uid": "rancher-workload-1", - "version": 8 -} diff --git a/charts/rancher-monitoring/files/upgrade/scripts/delete-workloads-with-old-labels.sh b/charts/rancher-monitoring/files/upgrade/scripts/delete-workloads-with-old-labels.sh deleted file mode 100644 index 89431e7..0000000 --- a/charts/rancher-monitoring/files/upgrade/scripts/delete-workloads-with-old-labels.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -set -e -set -x - -# node-exporter -kubectl delete daemonset -l app=prometheus-node-exporter,release=rancher-monitoring --ignore-not-found=true - -# prometheus-adapter -kubectl delete deployments -l app=prometheus-adapter,release=rancher-monitoring --ignore-not-found=true - -# kube-state-metrics -kubectl delete deployments -l app.kubernetes.io/instance=rancher-monitoring,app.kubernetes.io/name=kube-state-metrics --cascade=orphan --ignore-not-found=true -kubectl delete statefulsets -l app.kubernetes.io/instance=rancher-monitoring,app.kubernetes.io/name=kube-state-metrics --cascade=orphan --ignore-not-found=true diff --git a/charts/rancher-monitoring/my-values/values-prod.yaml b/charts/rancher-monitoring/my-values/values-prod.yaml deleted file mode 100644 index 12e63c2..0000000 --- a/charts/rancher-monitoring/my-values/values-prod.yaml +++ /dev/null @@ -1,62 +0,0 @@ -namespaceOverride: monitoring - -prometheus: - prometheusSpec: - serviceMonitorSelectorNilUsesHelmValues: false - podMonitorSelectorNilUsesHelmValues: false - retention: 10d - resources: - requests: - memory: 400Mi - cpu: 200m - storageSpec: - volumeClaimTemplate: - spec: - accessModes: ["ReadWriteOnce"] - storageClassName: nfs-client - resources: - requests: - storage: 50Gi - additionalScrapeConfigsSecret: - enabled: true - name: prometheus-additional-scrape-configs - key: additional-scrape-configs.yaml - -grafana: - persistence: - enabled: true - storageClassName: nfs-client - accessModes: ["ReadWriteOnce"] - size: 2Gi - - ingress: - enabled: true - hosts: - - grafana.dvirlabs.com - annotations: - cert-manager.io/cluster-issuer: letsencrypt - tls: - - hosts: - - grafana.dvirlabs.com - secretName: tls-grafana - - envFromSecret: grafana-oidc-secret - - grafana.ini: - server: - root_url: https://grafana.dvirlabs.com - auth: - disable_login_form: true - disable_signout_menu: false - auth.generic_oauth: - enabled: true - name: Keycloak - allow_sign_up: true - client_id: grafana - client_secret: ${client_secret} - scopes: openid profile email - auth_url: https://keycloak.dvirlabs.com/realms/lab/protocol/openid-connect/auth - token_url: https://keycloak.dvirlabs.com/realms/lab/protocol/openid-connect/token - api_url: https://keycloak.dvirlabs.com/realms/lab/protocol/openid-connect/userinfo - role_attribute_path: 'Admin' - allow_assign_grafana_admin: true diff --git a/charts/rancher-monitoring/templates/alertmanager/psp-role.yaml b/charts/rancher-monitoring/templates/alertmanager/psp-role.yaml deleted file mode 100644 index e8da52e..0000000 --- a/charts/rancher-monitoring/templates/alertmanager/psp-role.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -rules: -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-prometheus-stack.fullname" . }}-alertmanager -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/alertmanager/psp-rolebinding.yaml b/charts/rancher-monitoring/templates/alertmanager/psp-rolebinding.yaml deleted file mode 100644 index 71a8ec4..0000000 --- a/charts/rancher-monitoring/templates/alertmanager/psp-rolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager -subjects: - - kind: ServiceAccount - name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/alertmanager/psp.yaml b/charts/rancher-monitoring/templates/alertmanager/psp.yaml deleted file mode 100644 index 5a940af..0000000 --- a/charts/rancher-monitoring/templates/alertmanager/psp.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager - labels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -{{- if .Values.global.rbac.pspAnnotations }} - annotations: -{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} -{{- end }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - privileged: false - # Allow core volume types. - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-state-metrics/validate.yaml b/charts/rancher-monitoring/templates/exporters/kube-state-metrics/validate.yaml deleted file mode 100644 index 9211b3d..0000000 --- a/charts/rancher-monitoring/templates/exporters/kube-state-metrics/validate.yaml +++ /dev/null @@ -1,7 +0,0 @@ -{{- if .Values.kubeStateMetrics.enabled }} -{{- if not (kindIs "invalid" .Values.kubeStateMetrics.serviceMonitor) }} -{{- if .Values.kubeStateMetrics.serviceMonitor.namespaceOverride }} -{{- fail "kubeStateMetrics.serviceMonitor.namespaceOverride was removed. Please use kube-state-metrics.namespaceOverride instead." }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/node-exporter/validate.yaml b/charts/rancher-monitoring/templates/exporters/node-exporter/validate.yaml deleted file mode 100644 index bdc73d6..0000000 --- a/charts/rancher-monitoring/templates/exporters/node-exporter/validate.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{- if (and (not .Values.nodeExporter.enabled) .Values.hardenedNodeExporter.enabled) }} -{{ required "Cannot set .Values.hardenedNodeExporter.enabled=true when .Values.nodeExporter.enabled=false" "" }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/extra-objects.yaml b/charts/rancher-monitoring/templates/extra-objects.yaml deleted file mode 100644 index 567f7bf..0000000 --- a/charts/rancher-monitoring/templates/extra-objects.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{ range .Values.extraManifests }} ---- -{{ tpl (toYaml .) $ }} -{{ end }} diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/alertmanager-overview.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/alertmanager-overview.yaml deleted file mode 100644 index d8c1fab..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/alertmanager-overview.yaml +++ /dev/null @@ -1,616 +0,0 @@ -{{- /* -Generated from 'alertmanager-overview' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (or .Values.alertmanager.enabled .Values.alertmanager.forceDeployDashboards) }} -{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.selfMonitor }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "alertmanager-overview" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - alertmanager-overview.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "30s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "current set of alerts stored in the Alertmanager", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 2, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(alertmanager_alerts{namespace=~\"$namespace\",service=~\"$service\"}) by (namespace,service,instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Alerts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "rate of successful and invalid alerts received by the Alertmanager", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(alertmanager_alerts_received_total{namespace=~\"$namespace\",service=~\"$service\"}[$__rate_interval])) by (namespace,service,instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Received", - "refId": "A" - }, - { - "expr": "sum(rate(alertmanager_alerts_invalid_total{namespace=~\"$namespace\",service=~\"$service\"}[$__rate_interval])) by (namespace,service,instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Invalid", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Alerts receive rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Alerts", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "rate of successful and invalid notifications sent by the Alertmanager", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": "integration", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(alertmanager_notifications_total{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (integration,namespace,service,instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Total", - "refId": "A" - }, - { - "expr": "sum(rate(alertmanager_notifications_failed_total{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (integration,namespace,service,instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Failed", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "$integration: Notifications Send Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "latency of notifications sent by the Alertmanager", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 5, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": "integration", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99,\n sum(rate(alertmanager_notification_latency_seconds_bucket{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (le,namespace,service,instance)\n) \n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} 99th Percentile", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.50,\n sum(rate(alertmanager_notification_latency_seconds_bucket{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (le,namespace,service,instance)\n) \n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Median", - "refId": "B" - }, - { - "expr": "sum(rate(alertmanager_notification_latency_seconds_sum{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (namespace,service,instance)\n/\nsum(rate(alertmanager_notification_latency_seconds_count{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (namespace,service,instance)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Average", - "refId": "C" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "$integration: Notification Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Notifications", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "alertmanager-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": "namespace", - "multi": false, - "name": "namespace", - "options": [ - - ], - "query": "label_values(alertmanager_alerts, namespace)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": "service", - "multi": false, - "name": "service", - "options": [ - - ], - "query": "label_values(alertmanager_alerts, service)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "all", - "value": "$__all" - }, - "datasource": "$datasource", - "hide": 2, - "includeAll": true, - "label": null, - "multi": false, - "name": "integration", - "options": [ - - ], - "query": "label_values(alertmanager_notifications_total{integration=~\".*\"}, integration)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Alertmanager / Overview", - "uid": "alertmanager-overview", - "version": 0 - } -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/cluster-total.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/cluster-total.yaml deleted file mode 100644 index 4240ab4..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/cluster-total.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- /* -Generated from 'cluster-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "cluster-total" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - cluster-total.json: |- - {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"binBps"}},"gridPos":{"h":9,"w":12,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Current Rate of Bytes Received","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"binBps"}},"gridPos":{"h":9,"w":12,"x":12,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Current Rate of Bytes Transmitted","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/Bytes/"},"properties":[{"id":"unit","value":"binBps"}]},{"matcher":{"id":"byRegexp","options":"/Packets/"},"properties":[{"id":"unit","value":"pps"}]},{"matcher":{"id":"byName","options":"Namespace"},"properties":[{"id":"links","value":[{"title":"Drill down","url":"/d/8b7a8b326d7a6f1f04244066368c67af/kubernetes-networking-namespace-pods?${datasource:queryparam}&var-cluster=${cluster}&var-namespace=${__data.fields.Namespace}"}]}]}]},"gridPos":{"h":9,"w":24,"x":0,"y":9},"id":3,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"avg by (namespace) (\n rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"avg by (namespace) (\n rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_receive_packets_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true}],"title":"Current Status","transformations":[{"id":"joinByField","options":{"byField":"namespace","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"Time 7":true,"Time 8":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Time 7":6,"Time 8":7,"Value #A":9,"Value #B":10,"Value #C":11,"Value #D":12,"Value #E":13,"Value #F":14,"Value #G":15,"Value #H":16,"namespace":8},"renameByName":{"Value #A":"Rx Bytes","Value #B":"Tx Bytes","Value #C":"Rx Bytes (Avg)","Value #D":"Tx Bytes (Avg)","Value #E":"Rx Packets","Value #F":"Tx Packets","Value #G":"Rx Packets Dropped","Value #H":"Tx Packets Dropped","namespace":"Namespace"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"binBps"}},"gridPos":{"h":9,"w":12,"x":0,"y":18},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"avg by (namespace) (\n rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Average Rate of Bytes Received","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"binBps"}},"gridPos":{"h":9,"w":12,"x":12,"y":18},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"avg by (namespace) (\n rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Average Rate of Bytes Transmitted","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"binBps"}},"gridPos":{"h":9,"w":12,"x":0,"y":27},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"binBps"}},"gridPos":{"h":9,"w":12,"x":12,"y":27},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":0,"y":36},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_receive_packets_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":12,"y":36},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":0,"y":45},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":12,"y":45},"id":11,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (namespace) (\n rate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"percentunit"}},"gridPos":{"h":9,"w":12,"x":0,"y":54},"id":12,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (instance) (\n rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$__rate_interval]) / rate(node_netstat_Tcp_OutSegs{cluster=\"$cluster\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of TCP Retransmits out of all sent segments","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"percentunit"}},"gridPos":{"h":9,"w":12,"x":12,"y":54},"id":13,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (instance) (\n rate(node_netstat_TcpExt_TCPSynRetrans{cluster=\"$cluster\"}[$__rate_interval]) / rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of TCP SYN Retransmits out of all retransmits","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Cluster","uid":"ff635a025bcfea7bc3dd4f508990a3e9"}`}} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/controller-manager.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/controller-manager.yaml deleted file mode 100644 index cb792dc..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/controller-manager.yaml +++ /dev/null @@ -1,1196 +0,0 @@ -{{- /* -Generated from 'controller-manager' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (or .Values.alertmanager.enabled .Values.alertmanager.forceDeployDashboards) }} -{{- if (include "exporter.kubeControllerManager.enabled" .)}} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "controller-manager" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - controller-manager.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 2, - "interval": "1m", - "legend": { - "alignAsTable": true, - "rightSide": true - }, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 2, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - {{- if .Values.k3sServer.enabled }} - "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", metrics_path=\"/metrics\"})", - {{- else }} - "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\"})", - {{- end }} - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Up", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "min" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(workqueue_adds_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Work Queue Add Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(workqueue_depth{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Work Queue Depth", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 5, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Work Queue Latency", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 6, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "2xx", - "refId": "A" - }, - { - "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "3xx", - "refId": "B" - }, - { - "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "4xx", - "refId": "C" - }, - { - "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "5xx", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Kube API Request Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 7, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 8, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\", verb=\"POST\"}[$__rate_interval])) by (verb, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}verb{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Post Request Latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}verb{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Get Request Latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 10, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\",instance=~\"$instance\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU usage", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 11, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": "cluster", - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "instance", - "options": [ - - ], - "query": "label_values(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Controller Manager", - "uid": "72e0e05bef5099e5f049b05fdc429ed4", - "version": 0 - } -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/etcd.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/etcd.yaml deleted file mode 100644 index aa5434c..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/etcd.yaml +++ /dev/null @@ -1,1229 +0,0 @@ -{{- /* -Generated from 'etcd' from https://github.com/etcd-io/etcd.git -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (or .Values.alertmanager.enabled .Values.alertmanager.forceDeployDashboards) }} -{{- if (include "exporter.kubeEtcd.enabled" .)}} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "etcd" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - etcd.json: |- - { - "annotations": { - "list": [] - }, - "description": "etcd sample Grafana dashboard with Prometheus", - "editable": true, - "gnetId": null, - "hideControls": false, - "links": [], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "editable": true, - "height": "250px", - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "$datasource", - "editable": true, - "error": false, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "id": 28, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 3, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "targets": [ - { - "expr": "sum(etcd_server_has_leader{job=\"$cluster\"})", - "intervalFactor": 2, - "legendFormat": "", - "metric": "etcd_server_has_leader", - "refId": "A", - "step": 20 - } - ], - "thresholds": "", - "title": "Up", - "type": "singlestat", - "valueFontSize": "200%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fill": 0, - "id": 23, - "isNew": true, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 5, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_started_total{job=\"$cluster\",grpc_type=\"unary\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "RPC Rate", - "metric": "grpc_server_started_total", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(grpc_server_handled_total{job=\"$cluster\",grpc_type=\"unary\",grpc_code=~\"Unknown|FailedPrecondition|ResourceExhausted|Internal|Unavailable|DataLoss|DeadlineExceeded\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "RPC Failed Rate", - "metric": "grpc_server_handled_total", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "RPC Rate", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fill": 0, - "id": 41, - "isNew": true, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 4, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"})", - "intervalFactor": 2, - "legendFormat": "Watch Streams", - "metric": "grpc_server_handled_total", - "refId": "A", - "step": 4 - }, - { - "expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"})", - "intervalFactor": 2, - "legendFormat": "Lease Streams", - "metric": "grpc_server_handled_total", - "refId": "B", - "step": 4 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Active Streams", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "showTitle": false, - "title": "Row" - }, - { - "collapse": false, - "editable": true, - "height": "250px", - "panels": [ - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "decimals": null, - "editable": true, - "error": false, - "fill": 0, - "grid": {}, - "id": 1, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "etcd_mvcc_db_total_size_in_bytes{job=\"$cluster\"}", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} DB Size", - "metric": "", - "refId": "A", - "step": 4 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "DB Size", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fill": 0, - "grid": {}, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 1, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 4, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=\"$cluster\"}[$__rate_interval])) by (instance, le))", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} WAL fsync", - "metric": "etcd_disk_wal_fsync_duration_seconds_bucket", - "refId": "A", - "step": 4 - }, - { - "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket{job=\"$cluster\"}[$__rate_interval])) by (instance, le))", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} DB fsync", - "metric": "etcd_disk_backend_commit_duration_seconds_bucket", - "refId": "B", - "step": 4 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk Sync Duration", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fill": 0, - "id": 29, - "isNew": true, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_resident_memory_bytes{job=\"$cluster\"}", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Resident Memory", - "metric": "process_resident_memory_bytes", - "refId": "A", - "step": 4 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "title": "New row" - }, - { - "collapse": false, - "editable": true, - "height": "250px", - "panels": [ - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fill": 5, - "id": 22, - "isNew": true, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 3, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "rate(etcd_network_client_grpc_received_bytes_total{job=\"$cluster\"}[$__rate_interval])", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic In", - "metric": "etcd_network_client_grpc_received_bytes_total", - "refId": "A", - "step": 4 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Traffic In", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fill": 5, - "id": 21, - "isNew": true, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 3, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "rate(etcd_network_client_grpc_sent_bytes_total{job=\"$cluster\"}[$__rate_interval])", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic Out", - "metric": "etcd_network_client_grpc_sent_bytes_total", - "refId": "A", - "step": 4 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Traffic Out", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fill": 0, - "id": 20, - "isNew": true, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(etcd_network_peer_received_bytes_total{job=\"$cluster\"}[$__rate_interval])) by (instance)", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic In", - "metric": "etcd_network_peer_received_bytes_total", - "refId": "A", - "step": 4 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Peer Traffic In", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "decimals": null, - "editable": true, - "error": false, - "fill": 0, - "grid": {}, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(etcd_network_peer_sent_bytes_total{job=\"$cluster\"}[$__rate_interval])) by (instance)", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic Out", - "metric": "etcd_network_peer_sent_bytes_total", - "refId": "A", - "step": 4 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Peer Traffic Out", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "title": "New row" - }, - { - "collapse": false, - "editable": true, - "height": "250px", - "panels": [ - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fill": 0, - "id": 40, - "isNew": true, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(etcd_server_proposals_failed_total{job=\"$cluster\"}[$__rate_interval]))", - "intervalFactor": 2, - "legendFormat": "Proposal Failure Rate", - "metric": "etcd_server_proposals_failed_total", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(etcd_server_proposals_pending{job=\"$cluster\"})", - "intervalFactor": 2, - "legendFormat": "Proposal Pending Total", - "metric": "etcd_server_proposals_pending", - "refId": "B", - "step": 2 - }, - { - "expr": "sum(rate(etcd_server_proposals_committed_total{job=\"$cluster\"}[$__rate_interval]))", - "intervalFactor": 2, - "legendFormat": "Proposal Commit Rate", - "metric": "etcd_server_proposals_committed_total", - "refId": "C", - "step": 2 - }, - { - "expr": "sum(rate(etcd_server_proposals_applied_total{job=\"$cluster\"}[$__rate_interval]))", - "intervalFactor": 2, - "legendFormat": "Proposal Apply Rate", - "refId": "D", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Raft Proposals", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "decimals": 0, - "editable": true, - "error": false, - "fill": 0, - "id": 19, - "isNew": true, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "changes(etcd_server_leader_changes_seen_total{job=\"$cluster\"}[1d])", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Total Leader Elections Per Day", - "metric": "etcd_server_leader_changes_seen_total", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Total Leader Elections Per Day", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": 0, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 28 - }, - "hiddenSeries": false, - "id": 42, - "isNew": true, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.4.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum by (instance, le) (rate(etcd_network_peer_round_trip_time_seconds_bucket{job=\"$cluster\"}[$__rate_interval])))", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Peer round trip time", - "metric": "etcd_network_peer_round_trip_time_seconds_bucket", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Peer round trip time", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:925", - "decimals": null, - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:926", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "title": "New row" - } - ], - "schemaVersion": 13, - "sharedCrosshair": false, - "style": "dark", - "tags": [ - "etcd-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - "text": "prod", - "value": "prod" - }, - "datasource": "$datasource", - "hide": {{ if (or .Values.grafana.sidecar.dashboards.multicluster.global.enabled .Values.grafana.sidecar.dashboards.multicluster.etcd.enabled) }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": "cluster", - "multi": false, - "name": "cluster", - "options": [], - "query": "label_values(etcd_server_has_leader, job)", - "refresh": 2, - "regex": "", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-15m", - "to": "now" - }, - "timepicker": { - "now": true, - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "etcd", - "uid": "c2f4e12cdf69feb95caa41a5a1b423d9", - "version": 215 - } -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/grafana-overview.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/grafana-overview.yaml deleted file mode 100644 index d84a813..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/grafana-overview.yaml +++ /dev/null @@ -1,635 +0,0 @@ -{{- /* -Generated from 'grafana-overview' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "grafana-overview" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - grafana-overview.json: |- - { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [ - - ], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 3085, - "iteration": 1631554945276, - "links": [ - - ], - "panels": [ - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "mappings": [ - - ], - "noValue": "0", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [ - - ] - }, - "gridPos": { - "h": 5, - "w": 6, - "x": 0, - "y": 0 - }, - "id": 6, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "mean" - ], - "fields": "", - "values": false - }, - "text": { - - }, - "textMode": "auto" - }, - "pluginVersion": "8.1.3", - "targets": [ - { - "expr": "grafana_alerting_result_total{job=~\"$job\", instance=~\"$instance\", state=\"alerting\"}", - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "A" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Firing Alerts", - "type": "stat" - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "mappings": [ - - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [ - - ] - }, - "gridPos": { - "h": 5, - "w": 6, - "x": 6, - "y": 0 - }, - "id": 8, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "mean" - ], - "fields": "", - "values": false - }, - "text": { - - }, - "textMode": "auto" - }, - "pluginVersion": "8.1.3", - "targets": [ - { - "expr": "sum(grafana_stat_totals_dashboard{job=~\"$job\", instance=~\"$instance\"})", - "interval": "", - "legendFormat": "", - "refId": "A" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Dashboards", - "type": "stat" - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": { - "align": null, - "displayMode": "auto" - }, - "mappings": [ - - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [ - - ] - }, - "gridPos": { - "h": 5, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 10, - "options": { - "showHeader": true - }, - "pluginVersion": "8.1.3", - "targets": [ - { - "expr": "grafana_build_info{job=~\"$job\", instance=~\"$instance\"}", - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "A" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Build Info", - "transformations": [ - { - "id": "labelsToFields", - "options": { - - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - "Time": true, - "Value": true, - "branch": true, - "container": true, - "goversion": true, - "namespace": true, - "pod": true, - "revision": true - }, - "indexByName": { - "Time": 7, - "Value": 11, - "branch": 4, - "container": 8, - "edition": 2, - "goversion": 6, - "instance": 1, - "job": 0, - "namespace": 9, - "pod": 10, - "revision": 5, - "version": 3 - }, - "renameByName": { - - } - } - } - ], - "type": "table" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "links": [ - - ] - }, - "overrides": [ - - ] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 5 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "8.1.3", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (status_code) (irate(grafana_http_request_duration_seconds_count{job=~\"$job\", instance=~\"$instance\"}[1m])) ", - "interval": "", - "legendFormat": "{{`{{`}}status_code{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeRegions": [ - - ], - "timeShift": null, - "title": "RPS", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "$$hashKey": "object:157", - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:158", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "links": [ - - ] - }, - "overrides": [ - - ] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 5 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "8.1.3", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "histogram_quantile(0.99, sum(irate(grafana_http_request_duration_seconds_bucket{instance=~\"$instance\", job=~\"$job\"}[$__rate_interval])) by (le)) * 1", - "interval": "", - "legendFormat": "99th Percentile", - "refId": "A" - }, - { - "exemplar": true, - "expr": "histogram_quantile(0.50, sum(irate(grafana_http_request_duration_seconds_bucket{instance=~\"$instance\", job=~\"$job\"}[$__rate_interval])) by (le)) * 1", - "interval": "", - "legendFormat": "50th Percentile", - "refId": "B" - }, - { - "exemplar": true, - "expr": "sum(irate(grafana_http_request_duration_seconds_sum{instance=~\"$instance\", job=~\"$job\"}[$__rate_interval])) * 1 / sum(irate(grafana_http_request_duration_seconds_count{instance=~\"$instance\", job=~\"$job\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Average", - "refId": "C" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeRegions": [ - - ], - "timeShift": null, - "title": "Request Latency", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "$$hashKey": "object:210", - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:211", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 30, - "style": "dark", - "tags": [ - - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "description": null, - "error": null, - "hide": 0, - "includeAll": false, - "label": "Data Source", - "multi": false, - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "queryValue": "", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "allValue": ".*", - "current": { - "selected": false, - "text": [ - "default/grafana" - ], - "value": [ - "default/grafana" - ] - }, - "datasource": "$datasource", - "definition": "label_values(grafana_build_info, job)", - "description": null, - "error": null, - "hide": 0, - "includeAll": true, - "label": null, - "multi": true, - "name": "job", - "options": [ - - ], - "query": { - "query": "label_values(grafana_build_info, job)", - "refId": "Billing Admin-job-Variable-Query" - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".*", - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "definition": "label_values(grafana_build_info, instance)", - "description": null, - "error": null, - "hide": 0, - "includeAll": true, - "label": null, - "multi": true, - "name": "instance", - "options": [ - - ], - "query": { - "query": "label_values(grafana_build_info, instance)", - "refId": "Billing Admin-instance-Variable-Query" - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-6h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Grafana Overview", - "uid": "6be0s85Mk", - "version": 2 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-coredns.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-coredns.yaml deleted file mode 100644 index 7ecca76..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-coredns.yaml +++ /dev/null @@ -1,1534 +0,0 @@ -{{- /* -Generated from 'k8s-coredns' from ../files/dashboards/k8s-coredns.json -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.coreDns.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-coredns" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - k8s-coredns.json: |- - { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "A dashboard for the CoreDNS DNS server with updated metrics for version 1.7.0+. Based on the CoreDNS dashboard by buhay.", - "editable": true, - "gnetId": 12539, - "graphTooltip": 0, - "iteration": 1603798405693, - "links": [ - { - "icon": "external link", - "tags": [], - "targetBlank": true, - "title": "CoreDNS.io", - "type": "link", - "url": "https://coredns.io" - } - ], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "total", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(coredns_dns_request_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (proto) or\nsum(rate(coredns_dns_requests_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (proto)", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}", - "refId": "A", - "step": 60 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Requests (total)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "total", - "yaxis": 2 - }, - { - "alias": "other", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(coredns_dns_request_type_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (type) or \nsum(rate(coredns_dns_requests_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (type)", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{type}}"}}", - "refId": "A", - "step": 60 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Requests (by qtype)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "total", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(coredns_dns_request_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (zone) or\nsum(rate(coredns_dns_requests_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (zone)", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{zone}}"}}", - "refId": "A", - "step": 60 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Requests (by zone)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "total", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(coredns_dns_request_do_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_do_requests_total{job=\"coredns\",instance=~\"$instance\"}[5m]))", - "interval": "", - "intervalFactor": 2, - "legendFormat": "DO", - "refId": "A", - "step": 40 - }, - { - "expr": "sum(rate(coredns_dns_request_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_requests_total{job=\"coredns\",instance=~\"$instance\"}[5m]))", - "interval": "", - "intervalFactor": 2, - "legendFormat": "total", - "refId": "B", - "step": 40 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Requests (DO bit)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 7 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "tcp:90", - "yaxis": 2 - }, - { - "alias": "tcp:99 ", - "yaxis": 2 - }, - { - "alias": "tcp:50", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:99 ", - "refId": "A", - "step": 60 - }, - { - "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:90", - "refId": "B", - "step": 60 - }, - { - "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:50", - "refId": "C", - "step": 60 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Requests (size, udp)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 7 - }, - "hiddenSeries": false, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "tcp:90", - "yaxis": 1 - }, - { - "alias": "tcp:99 ", - "yaxis": 1 - }, - { - "alias": "tcp:50", - "yaxis": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:99 ", - "refId": "A", - "step": 60 - }, - { - "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:90", - "refId": "B", - "step": 60 - }, - { - "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:50", - "refId": "C", - "step": 60 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Requests (size,tcp)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 14 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(coredns_dns_response_rcode_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (rcode) or\nsum(rate(coredns_dns_responses_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (rcode)", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{rcode}}"}}", - "refId": "A", - "step": 40 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Responses (by rcode)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 14 - }, - "hiddenSeries": false, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_duration_seconds_bucket{job=\"coredns\",instance=~\"$instance\"}[5m])) by (le, job))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "99%", - "refId": "A", - "step": 40 - }, - { - "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_duration_seconds_bucket{job=\"coredns\",instance=~\"$instance\"}[5m])) by (le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "90%", - "refId": "B", - "step": 40 - }, - { - "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_duration_seconds_bucket{job=\"coredns\",instance=~\"$instance\"}[5m])) by (le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "50%", - "refId": "C", - "step": 40 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Responses (duration)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 21 - }, - "hiddenSeries": false, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "udp:50%", - "yaxis": 1 - }, - { - "alias": "tcp:50%", - "yaxis": 2 - }, - { - "alias": "tcp:90%", - "yaxis": 2 - }, - { - "alias": "tcp:99%", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:99%", - "refId": "A", - "step": 40 - }, - { - "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:90%", - "refId": "B", - "step": 40 - }, - { - "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:50%", - "metric": "", - "refId": "C", - "step": 40 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Responses (size, udp)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 21 - }, - "hiddenSeries": false, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "udp:50%", - "yaxis": 1 - }, - { - "alias": "tcp:50%", - "yaxis": 1 - }, - { - "alias": "tcp:90%", - "yaxis": 1 - }, - { - "alias": "tcp:99%", - "yaxis": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:99%", - "refId": "A", - "step": 40 - }, - { - "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:90%", - "refId": "B", - "step": 40 - }, - { - "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le, proto)) ", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:50%", - "metric": "", - "refId": "C", - "step": 40 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Responses (size, tcp)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 28 - }, - "hiddenSeries": false, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(coredns_cache_size{job=\"coredns\",instance=~\"$instance\"}) by (type) or\nsum(coredns_cache_entries{job=\"coredns\",instance=~\"$instance\"}) by (type)", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{type}}"}}", - "refId": "A", - "step": 40 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Cache (size)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 28 - }, - "hiddenSeries": false, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "misses", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(coredns_cache_hits_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (type)", - "hide": false, - "intervalFactor": 2, - "legendFormat": "hits:{{"{{type}}"}}", - "refId": "A", - "step": 40 - }, - { - "expr": "sum(rate(coredns_cache_misses_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (type)", - "hide": false, - "intervalFactor": 2, - "legendFormat": "misses", - "refId": "B", - "step": 40 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Cache (hitrate)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 26, - "style": "dark", - "tags": [ - "dns", - "coredns" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "includeAll": false, - "label": "Data Source", - "multi": false, - "name": "datasource", - "options": [], - "query": "prometheus", - "queryValue": "", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "allValue": ".*", - "current": { - "selected": true, - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "definition": "label_values(up{job=\"coredns\"}, instance)", - "hide": 0, - "includeAll": true, - "label": "Instance", - "multi": false, - "name": "instance", - "options": [], - "query": "label_values(up{job=\"coredns\"}, instance)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-3h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "CoreDNS", - "uid": "vkQ0UHxik", - "version": 2 - } -{{- end }} diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml deleted file mode 100644 index 2f3e3e2..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- /* -Generated from 'k8s-resources-cluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-cluster" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - k8s-resources-cluster.json: |- - {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"cluster:node_cpu:ratio_rate5m{cluster=\"$cluster\"}","instant":true}],"title":"CPU Utilisation","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":4,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\",cluster=\"$cluster\"})","instant":true}],"title":"CPU Requests Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":8,"y":0},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\",cluster=\"$cluster\"})","instant":true}],"title":"CPU Limits Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":12,"y":0},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(node_memory_MemTotal_bytes{job=\"node-exporter\",cluster=\"$cluster\"})","instant":true}],"title":"Memory Utilisation","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":16,"y":0},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"memory\",cluster=\"$cluster\"})","instant":true}],"title":"Memory Requests Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":20,"y":0},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"memory\",cluster=\"$cluster\"})","instant":true}],"title":"Memory Limits Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true}}},"gridPos":{"h":6,"w":24,"x":0,"y":6},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace)","legendFormat":"__auto"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Namespace"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?${datasource:queryparam}&var-cluster=$cluster&var-namespace=${__data.fields.Namespace}"}]}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":12},"id":8,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_owner{job=\"kube-state-metrics\", cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"namespace","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"Time 7":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Time 7":6,"Value #A":8,"Value #B":9,"Value #C":10,"Value #D":11,"Value #E":12,"Value #F":13,"Value #G":14,"namespace":7},"renameByName":{"Value #A":"Pods","Value #B":"Workloads","Value #C":"CPU Usage","Value #D":"CPU Requests","Value #E":"CPU Requests %","Value #F":"CPU Limits","Value #G":"CPU Limits %","namespace":"Namespace"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"}},"gridPos":{"h":6,"w":24,"x":0,"y":18},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace)","legendFormat":"__auto"}],"title":"Memory","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Memory Usage"},"properties":[{"id":"unit","value":"bytes"}]},{"matcher":{"id":"byName","options":"Memory Requests"},"properties":[{"id":"unit","value":"bytes"}]},{"matcher":{"id":"byName","options":"Memory Limits"},"properties":[{"id":"unit","value":"bytes"}]},{"matcher":{"id":"byName","options":"Namespace"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?${datasource:queryparam}&var-cluster=$cluster&var-namespace=${__data.fields.Namespace}"}]}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":24},"id":10,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_owner{job=\"kube-state-metrics\", cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)","format":"table","instant":true}],"title":"Memory Requests by Namespace","transformations":[{"id":"joinByField","options":{"byField":"namespace","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"Time 7":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Time 7":6,"Value #A":8,"Value #B":9,"Value #C":10,"Value #D":11,"Value #E":12,"Value #F":13,"Value #G":14,"namespace":7},"renameByName":{"Value #A":"Pods","Value #B":"Workloads","Value #C":"Memory Usage","Value #D":"Memory Requests","Value #E":"Memory Requests %","Value #F":"Memory Limits","Value #G":"Memory Limits %","namespace":"Namespace"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/Bandwidth/"},"properties":[{"id":"unit","value":"Bps"}]},{"matcher":{"id":"byRegexp","options":"/Packets/"},"properties":[{"id":"unit","value":"pps"}]},{"matcher":{"id":"byName","options":"Namespace"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?${datasource:queryparam}&var-cluster=$cluster&var-namespace=${__data.fields.Namespace}"}]}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":30},"id":11,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","format":"table","instant":true}],"title":"Current Network Usage","transformations":[{"id":"joinByField","options":{"byField":"namespace","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":7,"Value #B":8,"Value #C":9,"Value #D":10,"Value #E":11,"Value #F":12,"namespace":6},"renameByName":{"Value #A":"Current Receive Bandwidth","Value #B":"Current Transmit Bandwidth","Value #C":"Rate of Received Packets","Value #D":"Rate of Transmitted Packets","Value #E":"Rate of Received Packets Dropped","Value #F":"Rate of Transmitted Packets Dropped","namespace":"Namespace"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":6,"w":24,"x":0,"y":36},"id":12,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":6,"w":24,"x":0,"y":42},"id":13,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":6,"w":24,"x":0,"y":48},"id":14,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"avg(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","legendFormat":"__auto"}],"title":"Average Container Bandwidth by Namespace: Received","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":6,"w":24,"x":0,"y":54},"id":15,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"avg(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","legendFormat":"__auto"}],"title":"Average Container Bandwidth by Namespace: Transmitted","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":6,"w":24,"x":0,"y":60},"id":16,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":6,"w":24,"x":0,"y":66},"id":17,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":6,"w":24,"x":0,"y":72},"id":18,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":6,"w":24,"x":0,"y":78},"id":19,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"iops"}},"gridPos":{"h":6,"w":24,"x":0,"y":84},"id":20,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"ceil(sum by(namespace) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval])))","legendFormat":"__auto"}],"title":"IOPS(Reads+Writes)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":6,"w":24,"x":0,"y":90},"id":21,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","legendFormat":"__auto"}],"title":"ThroughPut(Read+Write)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/IOPS/"},"properties":[{"id":"unit","value":"iops"}]},{"matcher":{"id":"byRegexp","options":"/Throughput/"},"properties":[{"id":"unit","value":"Bps"}]},{"matcher":{"id":"byName","options":"Namespace"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?${datasource:queryparam}&var-cluster=$cluster&var-namespace=${__data.fields.Namespace}"}]}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":96},"id":22,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(namespace) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(namespace) (rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(namespace) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(namespace) (rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))","format":"table","instant":true}],"title":"Current Storage IO","transformations":[{"id":"joinByField","options":{"byField":"namespace","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":7,"Value #B":8,"Value #C":9,"Value #D":10,"Value #E":11,"Value #F":12,"namespace":6},"renameByName":{"Value #A":"IOPS(Reads)","Value #B":"IOPS(Writes)","Value #C":"IOPS(Reads + Writes)","Value #D":"Throughput(Read)","Value #E":"Throughput(Write)","Value #F":"Throughput(Read + Write)","namespace":"Namespace"}}}],"type":"table"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Cluster","uid":"efa86fd1d0c121a26444b636a3f509a8"}`}} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-multicluster.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-multicluster.yaml deleted file mode 100644 index 920f952..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-multicluster.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- /* -Generated from 'k8s-resources-multicluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-multicluster" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - k8s-resources-multicluster.json: |- - {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"none"}},"gridPos":{"h":3,"w":4,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(cluster:node_cpu:ratio_rate5m) / count(cluster:node_cpu:ratio_rate5m)","instant":true}],"title":"CPU Utilisation","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":4,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"cpu\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\", resource=\"cpu\"})","instant":true}],"title":"CPU Requests Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":8,"y":0},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"cpu\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\", resource=\"cpu\"})","instant":true}],"title":"CPU Limits Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":12,"y":0},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"1 - sum(:node_memory_MemAvailable_bytes:sum) / sum(node_memory_MemTotal_bytes{job=\"node-exporter\"})","instant":true}],"title":"Memory Utilisation","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":16,"y":0},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"memory\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\", resource=\"memory\"})","instant":true}],"title":"Memory Requests Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":4,"x":20,"y":0},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"memory\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\", resource=\"memory\"})","instant":true}],"title":"Memory Limits Commitment","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"}}},"gridPos":{"h":7,"w":24,"x":0,"y":1},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate) by (cluster)","legendFormat":"__auto"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Cluster"},"properties":[{"id":"links","value":[{"title":"Drill down","url":"/d/efa86fd1d0c121a26444b636a3f509a8/kubernetes-compute-resources-cluster?${datasource:queryparam}&var-cluster=${__data.fields.Cluster}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":2},"id":8,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate) by (cluster)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"cpu\"}) by (cluster)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate) by (cluster) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"cpu\"}) by (cluster)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"cpu\"}) by (cluster)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate) by (cluster) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"cpu\"}) by (cluster)","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"cluster","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"cluster":5},"renameByName":{"Value #A":"CPU Usage","Value #B":"CPU Requests","Value #C":"CPU Requests %","Value #D":"CPU Limits","Value #E":"CPU Limits %","cluster":"Cluster"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"bytes"}},"gridPos":{"h":7,"w":24,"x":0,"y":3},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\"}) by (cluster)","legendFormat":"__auto"}],"title":"Memory Usage (w/o cache)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Cluster"},"properties":[{"id":"links","value":[{"title":"Drill down","url":"/d/efa86fd1d0c121a26444b636a3f509a8/kubernetes-compute-resources-cluster?${datasource:queryparam}&var-cluster=${__data.fields.Cluster}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":4},"id":10,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\"}) by (cluster)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"memory\"}) by (cluster)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\"}) by (cluster) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", resource=\"memory\"}) by (cluster)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"memory\"}) by (cluster)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\"}) by (cluster) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", resource=\"memory\"}) by (cluster)","format":"table","instant":true}],"title":"Memory Requests by Cluster","transformations":[{"id":"joinByField","options":{"byField":"cluster","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"cluster":5},"renameByName":{"Value #A":"Memory Usage","Value #B":"Memory Requests","Value #C":"Memory Requests %","Value #D":"Memory Limits","Value #E":"Memory Limits %","cluster":"Cluster"}}}],"type":"table"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Multi-Cluster","uid":"b59e6c9f2fcbe2e16d77fc492374cc4f"}`}} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml deleted file mode 100644 index 95864a3..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- /* -Generated from 'k8s-resources-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-namespace" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - k8s-resources-namespace.json: |- - {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":6,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})","instant":true}],"title":"CPU Utilisation (from requests)","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":6,"x":6,"y":0},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})","instant":true}],"title":"CPU Utilisation (from limits)","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":6,"x":12,"y":0},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})","instant":true}],"title":"Memory Utilisation (from requests)","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"percentunit"}},"gridPos":{"h":3,"w":6,"x":18,"y":0},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"colorMode":"none"},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})","instant":true}],"title":"Memory Utilisation (from limits)","type":"stat"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true}},"overrides":[{"matcher":{"id":"byFrameRefID","options":"B"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"red","mode":"fixed"}}]},{"matcher":{"id":"byFrameRefID","options":"C"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"orange","mode":"fixed"}}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":7},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","legendFormat":"__auto"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"scalar(max(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"}))","legendFormat":"quota - requests"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"scalar(max(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"}))","legendFormat":"quota - limits"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":6,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"pod":5},"renameByName":{"Value #A":"CPU Usage","Value #B":"CPU Requests","Value #C":"CPU Requests %","Value #D":"CPU Limits","Value #E":"CPU Limits %","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"},"overrides":[{"matcher":{"id":"byFrameRefID","options":"B"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"red","mode":"fixed"}}]},{"matcher":{"id":"byFrameRefID","options":"C"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"orange","mode":"fixed"}}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":21},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}) by (pod)","legendFormat":"__auto"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"scalar(max(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"}))","legendFormat":"quota - requests"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"scalar(max(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"}))","legendFormat":"quota - limits"}],"title":"Memory Usage (w/o cache)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":28},"id":8,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_cache{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_swap{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)","format":"table","instant":true}],"title":"Memory Quota","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"Time 7":true,"Time 8":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Time 7":6,"Time 8":7,"Value #A":9,"Value #B":10,"Value #C":11,"Value #D":12,"Value #E":13,"Value #F":14,"Value #G":15,"Value #H":16,"pod":8},"renameByName":{"Value #A":"Memory Usage","Value #B":"Memory Requests","Value #C":"Memory Requests %","Value #D":"Memory Limits","Value #E":"Memory Limits %","Value #F":"Memory Usage (RSS)","Value #G":"Memory Usage (Cache)","Value #H":"Memory Usage (Swap)","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/Bandwidth/"},"properties":[{"id":"unit","value":"Bps"}]},{"matcher":{"id":"byRegexp","options":"/Packets/"},"properties":[{"id":"unit","value":"pps"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":35},"id":9,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","format":"table","instant":true}],"title":"Current Network Usage","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":7,"Value #B":8,"Value #C":9,"Value #D":10,"Value #E":11,"Value #F":12,"pod":6},"renameByName":{"Value #A":"Current Receive Bandwidth","Value #B":"Current Transmit Bandwidth","Value #C":"Rate of Received Packets","Value #D":"Rate of Transmitted Packets","Value #E":"Rate of Received Packets Dropped","Value #F":"Rate of Transmitted Packets Dropped","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":42},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":42},"id":11,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":0,"y":49},"id":12,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":12,"y":49},"id":13,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":0,"y":56},"id":14,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":12,"y":56},"id":15,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"iops"}},"gridPos":{"h":7,"w":12,"x":0,"y":63},"id":16,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"ceil(sum by(pod) (rate(container_fs_reads_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])))","legendFormat":"__auto"}],"title":"IOPS(Reads+Writes)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":63},"id":17,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","legendFormat":"__auto"}],"title":"ThroughPut(Read+Write)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/IOPS/"},"properties":[{"id":"unit","value":"iops"}]},{"matcher":{"id":"byRegexp","options":"/Throughput/"},"properties":[{"id":"unit","value":"Bps"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":70},"id":18,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))","format":"table","instant":true}],"title":"Current Storage IO","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":7,"Value #B":8,"Value #C":9,"Value #D":10,"Value #E":11,"Value #F":12,"pod":6},"renameByName":{"Value #A":"IOPS(Reads)","Value #B":"IOPS(Writes)","Value #C":"IOPS(Reads + Writes)","Value #D":"Throughput(Read)","Value #E":"Throughput(Write)","Value #F":"Throughput(Read + Write)","pod":"Pod"}}}],"type":"table"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"namespace","name":"namespace","query":"label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Namespace (Pods)","uid":"85a562078cdf77779eaa1add43ccec1e"}`}} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-node.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-node.yaml deleted file mode 100644 index 09e9b22..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-node.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- /* -Generated from 'k8s-resources-node' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-node" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - k8s-resources-node.json: |- - {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true,"stacking":{"mode":"normal"}}},"overrides":[{"matcher":{"id":"byName","options":"max capacity"},"properties":[{"id":"color","value":{"fixedColor":"red","mode":"fixed"}},{"id":"custom.stacking","value":{"mode":"none"}},{"id":"custom.hideFrom","value":{"legend":false,"tooltip":true,"viz":false}},{"id":"custom.lineStyle","value":{"dash":[10,10],"fill":"dash"}}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_node_status_capacity{cluster=\"$cluster\", job=\"kube-state-metrics\", node=~\"$node\", resource=\"cpu\"})","legendFormat":"max capacity"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","legendFormat":"{{pod}}"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":6},"id":2,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"renameByName":{"Value #A":"CPU Usage","Value #B":"CPU Requests","Value #C":"CPU Requests %","Value #D":"CPU Limits","Value #E":"CPU Limits %","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true,"stacking":{"mode":"normal"}},"unit":"bytes"},"overrides":[{"matcher":{"id":"byName","options":"max capacity"},"properties":[{"id":"color","value":{"fixedColor":"red","mode":"fixed"}},{"id":"custom.stacking","value":{"mode":"none"}},{"id":"custom.hideFrom","value":{"legend":false,"tooltip":true,"viz":false}},{"id":"custom.lineStyle","value":{"dash":[10,10],"fill":"dash"}}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":12},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_node_status_capacity{cluster=\"$cluster\", job=\"kube-state-metrics\", node=~\"$node\", resource=\"memory\"})","legendFormat":"max capacity"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\", container!=\"\"}) by (pod)","legendFormat":"{{pod}}"}],"title":"Memory Usage (w/cache)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true,"stacking":{"mode":"normal"}},"unit":"bytes"},"overrides":[{"matcher":{"id":"byName","options":"max capacity"},"properties":[{"id":"color","value":{"fixedColor":"red","mode":"fixed"}},{"id":"custom.stacking","value":{"mode":"none"}},{"id":"custom.hideFrom","value":{"legend":false,"tooltip":true,"viz":false}},{"id":"custom.lineStyle","value":{"dash":[10,10],"fill":"dash"}}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":18},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(kube_node_status_capacity{cluster=\"$cluster\", job=\"kube-state-metrics\", node=~\"$node\", resource=\"memory\"})","legendFormat":"max capacity"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_memory_rss{cluster=\"$cluster\", node=~\"$node\", container!=\"\"}) by (pod)","legendFormat":"{{pod}}"}],"title":"Memory Usage (w/o cache)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":6,"w":24,"x":0,"y":24},"id":5,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_memory_rss{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_memory_cache{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_memory_swap{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)","format":"table","instant":true}],"title":"Memory Quota","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"Time 7":true,"Time 8":true},"renameByName":{"Value #A":"Memory Usage","Value #B":"Memory Requests","Value #C":"Memory Requests %","Value #D":"Memory Limits","Value #E":"Memory Limits %","Value #F":"Memory Usage (RSS)","Value #G":"Memory Usage (Cache)","Value #H":"Memory Usage (Swap)","pod":"Pod"}}}],"type":"table"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"node","multi":true,"name":"node","query":"label_values(kube_node_info{cluster=\"$cluster\"}, node)","refresh":2,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Node (Pods)","uid":"200ac8fdbfbb74b39aff88118e4d1c2c"}`}} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml deleted file mode 100644 index 70b3bea..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- /* -Generated from 'k8s-resources-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-pod" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - k8s-resources-pod.json: |- - {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true}},"overrides":[{"matcher":{"id":"byFrameRefID","options":"B"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"red","mode":"fixed"}}]},{"matcher":{"id":"byFrameRefID","options":"C"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"orange","mode":"fixed"}}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\", container!=\"\"}) by (container)","legendFormat":"__auto"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n","legendFormat":"requests"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n","legendFormat":"limits"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"axisColorMode":"thresholds","axisSoftMax":1,"axisSoftMin":0,"fillOpacity":10,"showPoints":"never","spanNulls":true,"thresholdsStyle":{"mode":"dashed+area"}},"unit":"percentunit"},"overrides":[{"matcher":{"id":"byFrameRefID","options":"A"},"properties":[{"id":"thresholds","value":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":0.25}]}},{"id":"color","value":{"mode":"thresholds","seriesBy":"lastNotNull"}}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":7},"id":2,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(increase(container_cpu_cfs_throttled_periods_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container) /sum(increase(container_cpu_cfs_periods_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container)","legendFormat":"__auto"}],"title":"CPU Throttling","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":3,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"}) by (container) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"}) by (container) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"}) by (container)","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"container","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"container":5},"renameByName":{"Value #A":"CPU Usage","Value #B":"CPU Requests","Value #C":"CPU Requests %","Value #D":"CPU Limits","Value #E":"CPU Limits %","container":"Container"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"},"overrides":[{"matcher":{"id":"byFrameRefID","options":"B"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"red","mode":"fixed"}}]},{"matcher":{"id":"byFrameRefID","options":"C"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"orange","mode":"fixed"}}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":21},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)","legendFormat":"__auto"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n","legendFormat":"requests"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n","legendFormat":"limits"}],"title":"Memory Usage (WSS)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":28},"id":5,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) by (container) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_cache{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(container_memory_swap{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)","format":"table","instant":true}],"title":"Memory Quota","transformations":[{"id":"joinByField","options":{"byField":"container","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"Time 7":true,"Time 8":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Time 7":6,"Time 8":7,"Value #A":9,"Value #B":10,"Value #C":11,"Value #D":12,"Value #E":13,"Value #F":14,"Value #G":15,"Value #H":16,"container":8},"renameByName":{"Value #A":"Memory Usage","Value #B":"Memory Requests","Value #C":"Memory Requests %","Value #D":"Memory Limits","Value #E":"Memory Limits %","Value #F":"Memory Usage (RSS)","Value #G":"Memory Usage (Cache)","Value #H":"Memory Usage (Swap)","container":"Container"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":35},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":35},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":0,"y":42},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":12,"y":42},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":0,"y":49},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":12,"y":49},"id":11,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(rate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"iops"}},"gridPos":{"h":7,"w":12,"x":0,"y":56},"id":12,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"ceil(sum by(pod) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])))","legendFormat":"Reads"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"ceil(sum by(pod) (rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\",namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])))","legendFormat":"Writes"}],"title":"IOPS (Pod)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":56},"id":13,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval]))","legendFormat":"Reads"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(pod) (rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval]))","legendFormat":"Writes"}],"title":"ThroughPut (Pod)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"iops"}},"gridPos":{"h":7,"w":12,"x":0,"y":63},"id":14,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"ceil(sum by(container) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval])))","legendFormat":"__auto"}],"title":"IOPS (Containers)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":63},"id":15,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(container) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","legendFormat":"__auto"}],"title":"ThroughPut (Containers)","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/IOPS/"},"properties":[{"id":"unit","value":"iops"}]},{"matcher":{"id":"byRegexp","options":"/Throughput/"},"properties":[{"id":"unit","value":"Bps"}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":70},"id":16,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(container) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(container) (rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\",device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(container) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(container) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(container) (rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by(container) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))","format":"table","instant":true}],"title":"Current Storage IO","transformations":[{"id":"joinByField","options":{"byField":"container","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":7,"Value #B":8,"Value #C":9,"Value #D":10,"Value #E":11,"Value #F":12,"container":6},"renameByName":{"Value #A":"IOPS(Reads)","Value #B":"IOPS(Writes)","Value #C":"IOPS(Reads + Writes)","Value #D":"Throughput(Read)","Value #E":"Throughput(Write)","Value #F":"Throughput(Read + Write)","container":"Container"}}}],"type":"table"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"namespace","name":"namespace","query":"label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"pod","name":"pod","query":"label_values(kube_pod_info{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\"}, pod)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Pod","uid":"6581e46e4e5c7ba40a07646395ef7b23"}`}} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml deleted file mode 100644 index 38d339f..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- /* -Generated from 'k8s-resources-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workload" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - k8s-resources-workload.json: |- - {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true}}},"gridPos":{"h":7,"w":24,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","legendFormat":"__auto"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":7},"id":2,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":6,"Value #B":7,"Value #C":8,"Value #D":9,"Value #E":10,"pod":5},"renameByName":{"Value #A":"CPU Usage","Value #B":"CPU Requests","Value #C":"CPU Requests %","Value #D":"CPU Limits","Value #E":"CPU Limits %","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"}},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","legendFormat":"__auto"}],"title":"Memory Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":21},"id":4,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=~\"$type\"}\n) by (pod)\n","format":"table","instant":true}],"title":"Memory Quota","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Value #A":9,"Value #B":10,"Value #C":11,"Value #D":12,"Value #E":13,"pod":8},"renameByName":{"Value #A":"Memory Usage","Value #B":"Memory Requests","Value #C":"Memory Requests %","Value #D":"Memory Limits","Value #E":"Memory Limits %","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/Bandwidth/"},"properties":[{"id":"unit","value":"Bps"}]},{"matcher":{"id":"byRegexp","options":"/Packets/"},"properties":[{"id":"unit","value":"pps"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down to pods","url":"/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":28},"id":5,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","format":"table","instant":true}],"title":"Current Network Usage","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":7,"Value #B":8,"Value #C":9,"Value #D":10,"Value #E":11,"Value #F":12,"pod":6},"renameByName":{"Value #A":"Current Receive Bandwidth","Value #B":"Current Transmit Bandwidth","Value #C":"Rate of Received Packets","Value #D":"Rate of Transmitted Packets","Value #E":"Rate of Received Packets Dropped","Value #F":"Rate of Transmitted Packets Dropped","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":35},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":35},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":42},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(avg(rate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Average Container Bandwidth by Pod: Received","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":42},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(avg(rate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Average Container Bandwidth by Pod: Transmitted","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":0,"y":49},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":12,"y":49},"id":11,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":0,"y":56},"id":12,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":12,"y":56},"id":13,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=~\"$type\"}) by (pod))\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"namespace","name":"namespace","query":"label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"label":"workload_type","name":"type","query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\"}, workload_type)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"workload","name":"workload","query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}, workload)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Workload","uid":"a164a7f0339f99e89cea5cb47e9be617"}`}} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml deleted file mode 100644 index 7bd2f82..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- /* -Generated from 'k8s-resources-workloads-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workloads-namespace" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - k8s-resources-workloads-namespace.json: |- - {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true}},"overrides":[{"matcher":{"id":"byFrameRefID","options":"B"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"red","mode":"fixed"}}]},{"matcher":{"id":"byFrameRefID","options":"C"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"orange","mode":"fixed"}}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":0},"id":1,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","legendFormat":"{{workload}} - {{workload_type}}"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"scalar(max(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=~\"requests.cpu|cpu\"}))","legendFormat":"quota - requests"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"scalar(max(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=~\"limits.cpu\"}))","legendFormat":"quota - limits"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Workload"},"properties":[{"id":"links","value":[{"title":"Drill down to workloads","url":"/d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-type=${__data.fields.Type}&var-workload=${__data.fields.Workload}"}]}]},{"matcher":{"id":"byName","options":"Running Pods"},"properties":[{"id":"unit","value":"none"}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":7},"id":2,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload, workload_type)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true}],"title":"CPU Quota","transformations":[{"id":"joinByField","options":{"byField":"workload","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"workload_type 2":true,"workload_type 3":true,"workload_type 4":true,"workload_type 5":true,"workload_type 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":8,"Value #B":9,"Value #C":10,"Value #D":11,"Value #E":12,"Value #F":13,"workload":6,"workload_type 1":7,"workload_type 2":14,"workload_type 3":15,"workload_type 4":16,"workload_type 5":17,"workload_type 6":18},"renameByName":{"Value #A":"Running Pods","Value #B":"CPU Usage","Value #C":"CPU Requests","Value #D":"CPU Requests %","Value #E":"CPU Limits","Value #F":"CPU Limits %","workload":"Workload","workload_type 1":"Type"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"bytes"},"overrides":[{"matcher":{"id":"byFrameRefID","options":"B"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"red","mode":"fixed"}}]},{"matcher":{"id":"byFrameRefID","options":"C"},"properties":[{"id":"custom.lineStyle","value":{"fill":"dash"}},{"id":"custom.lineWidth","value":2},{"id":"color","value":{"fixedColor":"orange","mode":"fixed"}}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":14},"id":3,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","legendFormat":"{{workload}} - {{workload_type}}"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"scalar(max(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=~\"requests.memory|memory\"}))","legendFormat":"quota - requests"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"scalar(max(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=~\"limits.memory\"}))","legendFormat":"quota - limits"}],"title":"Memory Usage","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"unit":"bytes"},"overrides":[{"matcher":{"id":"byRegexp","options":"/%/"},"properties":[{"id":"unit","value":"percentunit"}]},{"matcher":{"id":"byName","options":"Workload"},"properties":[{"id":"links","value":[{"title":"Drill down to workloads","url":"/d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-type=${__data.fields.Type}&var-workload=${__data.fields.Workload}"}]}]},{"matcher":{"id":"byName","options":"Running Pods"},"properties":[{"id":"unit","value":"none"}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":21},"id":4,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload, workload_type)","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum(\n container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}\n) by (workload, workload_type)\n","format":"table","instant":true}],"title":"Memory Quota","transformations":[{"id":"joinByField","options":{"byField":"workload","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"workload_type 2":true,"workload_type 3":true,"workload_type 4":true,"workload_type 5":true,"workload_type 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":8,"Value #B":9,"Value #C":10,"Value #D":11,"Value #E":12,"Value #F":13,"workload":6,"workload_type 1":7,"workload_type 2":14,"workload_type 3":15,"workload_type 4":16,"workload_type 5":17,"workload_type 6":18},"renameByName":{"Value #A":"Running Pods","Value #B":"Memory Usage","Value #C":"Memory Requests","Value #D":"Memory Requests %","Value #E":"Memory Limits","Value #F":"Memory Limits %","workload":"Workload","workload_type 1":"Type"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/Bandwidth/"},"properties":[{"id":"unit","value":"Bps"}]},{"matcher":{"id":"byRegexp","options":"/Packets/"},"properties":[{"id":"unit","value":"pps"}]},{"matcher":{"id":"byName","options":"Workload"},"properties":[{"id":"links","value":[{"title":"Drill down to workloads","url":"/d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?${datasource:queryparam}&var-cluster=$cluster&var-namespace=$namespace&var-type=${__data.fields.Type}&var-workload=${__data.fields.Workload}"}]}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":28},"id":5,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=~\"$type\"}) by (workload))\n","format":"table","instant":true}],"title":"Current Network Usage","transformations":[{"id":"joinByField","options":{"byField":"workload","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":7,"Value #B":8,"Value #C":9,"Value #D":10,"Value #E":11,"Value #F":12,"workload":6},"renameByName":{"Value #A":"Current Receive Bandwidth","Value #B":"Current Transmit Bandwidth","Value #C":"Rate of Received Packets","Value #D":"Rate of Transmitted Packets","Value #E":"Rate of Received Packets Dropped","Value #F":"Rate of Transmitted Packets Dropped","workload":"Workload"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":35},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":35},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":42},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(avg(rate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Average Container Bandwidth by Workload: Received","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":42},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(avg(rate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Average Container Bandwidth by Workload: Transmitted","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":0,"y":49},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":12,"y":49},"id":11,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":0,"y":56},"id":12,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":7,"w":12,"x":12,"y":56},"id":13,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"(sum(rate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"kube-state-metrics\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"namespace","name":"namespace","query":"label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"label":"workload_type","name":"type","query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\"}, workload_type)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Compute Resources / Namespace (Workloads)","uid":"a87fb0d919ec0ea5f6543124e16c42a5"}`}} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/kubelet.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/kubelet.yaml deleted file mode 100644 index 6de25b1..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/kubelet.yaml +++ /dev/null @@ -1,2256 +0,0 @@ -{{- /* -Generated from 'kubelet' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (or .Values.alertmanager.enabled .Values.alertmanager.forceDeployDashboards) }} -{{- if (include "exporter.kubelet.enabled" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "kubelet" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - kubelet.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "panels": [ - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "links": [ - - ], - "mappings": [ - - ], - "thresholds": { - "mode": "absolute", - "steps": [ - - ] - }, - "unit": "none" - } - }, - "gridPos": { - "h": 7, - "w": 4, - "x": 0, - "y": 0 - }, - "id": 2, - "links": [ - - ], - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "7", - "targets": [ - { - "expr": "sum(kubelet_node_name{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "title": "Running Kubelets", - "transparent": false, - "type": "stat" - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "links": [ - - ], - "mappings": [ - - ], - "thresholds": { - "mode": "absolute", - "steps": [ - - ] - }, - "unit": "none" - } - }, - "gridPos": { - "h": 7, - "w": 4, - "x": 4, - "y": 0 - }, - "id": 3, - "links": [ - - ], - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "7", - "targets": [ - { - "expr": "sum(kubelet_running_pods{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_pod_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "title": "Running Pods", - "transparent": false, - "type": "stat" - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "links": [ - - ], - "mappings": [ - - ], - "thresholds": { - "mode": "absolute", - "steps": [ - - ] - }, - "unit": "none" - } - }, - "gridPos": { - "h": 7, - "w": 4, - "x": 8, - "y": 0 - }, - "id": 4, - "links": [ - - ], - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "7", - "targets": [ - { - "expr": "sum(kubelet_running_containers{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_container_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "title": "Running Containers", - "transparent": false, - "type": "stat" - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "links": [ - - ], - "mappings": [ - - ], - "thresholds": { - "mode": "absolute", - "steps": [ - - ] - }, - "unit": "none" - } - }, - "gridPos": { - "h": 7, - "w": 4, - "x": 12, - "y": 0 - }, - "id": 5, - "links": [ - - ], - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "7", - "targets": [ - { - "expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\", state=\"actual_state_of_world\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "title": "Actual Volume Count", - "transparent": false, - "type": "stat" - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "links": [ - - ], - "mappings": [ - - ], - "thresholds": { - "mode": "absolute", - "steps": [ - - ] - }, - "unit": "none" - } - }, - "gridPos": { - "h": 7, - "w": 4, - "x": 16, - "y": 0 - }, - "id": 6, - "links": [ - - ], - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "7", - "targets": [ - { - "expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\",state=\"desired_state_of_world\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "title": "Desired Volume Count", - "transparent": false, - "type": "stat" - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "links": [ - - ], - "mappings": [ - - ], - "thresholds": { - "mode": "absolute", - "steps": [ - - ] - }, - "unit": "none" - } - }, - "gridPos": { - "h": 7, - "w": 4, - "x": 20, - "y": 0 - }, - "id": 7, - "links": [ - - ], - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "7", - "targets": [ - { - "expr": "sum(rate(kubelet_node_config_error{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "title": "Config Error Count", - "transparent": false, - "type": "stat" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 8, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubelet_runtime_operations_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (operation_type, instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Operation Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 9, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubelet_runtime_operations_errors_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Operation Error Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_runtime_operations_duration_seconds_bucket{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Operation duration 99th quantile", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 21 - }, - "id": 11, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} pod", - "refId": "A" - }, - { - "expr": "sum(rate(kubelet_pod_worker_duration_seconds_count{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} worker", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Pod Start Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 21 - }, - "id": 12, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_start_duration_seconds_bucket{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} pod", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} worker", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Pod Start Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 28 - }, - "id": 13, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(storage_operation_duration_seconds_count{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Storage Operation Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 28 - }, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(storage_operation_errors_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Storage Operation Error Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 35 - }, - "id": 15, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(storage_operation_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Storage Operation Duration 99th quantile", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 42 - }, - "id": 16, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubelet_cgroup_manager_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}operation_type{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Cgroup manager operation rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 42 - }, - "id": 17, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_cgroup_manager_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Cgroup manager 99th quantile", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "Pod lifecycle event generator", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 49 - }, - "id": 18, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubelet_pleg_relist_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "PLEG relist rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 49 - }, - "id": 19, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_interval_seconds_bucket{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "PLEG relist interval", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 56 - }, - "id": 20, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "PLEG relist duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 63 - }, - "id": 21, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "2xx", - "refId": "A" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "3xx", - "refId": "B" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "4xx", - "refId": "C" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "5xx", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "RPC Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 70 - }, - "id": 22, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, verb, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}verb{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Request duration 99th quantile", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 77 - }, - "id": 23, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_resident_memory_bytes{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 77 - }, - "id": 24, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 77 - }, - "id": 25, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "10s", - "rows": [ - - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": "cluster", - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": "instance", - "multi": false, - "name": "instance", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",cluster=\"$cluster\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Kubelet", - "uid": "3138fa155d5915769fbded898ac09fd9", - "version": 0 - } -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/namespace-by-pod.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/namespace-by-pod.yaml deleted file mode 100644 index 29fa5c1..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/namespace-by-pod.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- /* -Generated from 'namespace-by-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-pod" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - namespace-by-pod.json: |- - {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"displayName":"$namespace","max":10000000000,"min":0,"thresholds":{"steps":[{"color":"dark-green","index":0,"value":null},{"color":"dark-yellow","index":1,"value":5000000000},{"color":"dark-red","index":2,"value":7000000000}]},"unit":"Bps"}},"gridPos":{"h":9,"w":12,"x":0,"y":0},"id":1,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum (\n rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Current Rate of Bytes Received","type":"gauge"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"displayName":"$namespace","max":10000000000,"min":0,"thresholds":{"steps":[{"color":"dark-green","index":0,"value":null},{"color":"dark-yellow","index":1,"value":5000000000},{"color":"dark-red","index":2,"value":7000000000}]},"unit":"Bps"}},"gridPos":{"h":9,"w":12,"x":12,"y":0},"id":2,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum (\n rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Current Rate of Bytes Transmitted","type":"gauge"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/Bandwidth/"},"properties":[{"id":"unit","value":"Bps"}]},{"matcher":{"id":"byRegexp","options":"/Packets/"},"properties":[{"id":"unit","value":"pps"}]},{"matcher":{"id":"byName","options":"Pod"},"properties":[{"id":"links","value":[{"title":"Drill down","url":"/d/7a18067ce943a40ae25454675c19ff5c/kubernetes-networking-pod?${datasource:queryparam}&var-cluster=${cluster}&var-namespace=${namespace}&var-pod=${__data.fields.Pod}"}]}]}]},"gridPos":{"h":9,"w":24,"x":0,"y":9},"id":3,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","format":"table","instant":true}],"title":"Current Network Usage","transformations":[{"id":"joinByField","options":{"byField":"pod","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Value #A":7,"Value #B":8,"Value #C":9,"Value #D":10,"Value #E":11,"Value #F":12,"pod":6},"renameByName":{"Value #A":"Current Receive Bandwidth","Value #B":"Current Transmit Bandwidth","Value #C":"Rate of Received Packets","Value #D":"Rate of Transmitted Packets","Value #E":"Rate of Received Packets Dropped","Value #F":"Rate of Transmitted Packets Dropped","pod":"Pod"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"binBps"}},"gridPos":{"h":9,"w":12,"x":0,"y":18},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"binBps"}},"gridPos":{"h":9,"w":12,"x":12,"y":18},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":0,"y":27},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":12,"y":27},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":0,"y":36},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace!=\"\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"showPoints":"never"},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":12,"y":36},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sum by (pod) (\n rate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$__rate_interval])\n * on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n)\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"allValue":".+","current":{"selected":false,"text":"kube-system","value":"kube-system"},"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"label":"namespace","name":"namespace","query":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Namespace (Pods)","uid":"8b7a8b326d7a6f1f04244066368c67af"}`}} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/namespace-by-workload.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/namespace-by-workload.yaml deleted file mode 100644 index 643b1c9..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/namespace-by-workload.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- /* -Generated from 'namespace-by-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-workload" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - namespace-by-workload.json: |- - {{`{"editable":`}}{{ .Values.grafana.defaultDashboardsEditable }}{{`,"links":[{"asDropdown":true,"includeVars":true,"keepTime":true,"tags":["kubernetes-mixin"],"targetBlank":false,"title":"Kubernetes","type":"dashboards"}],"panels":[{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"color":{"fixedColor":"green","mode":"fixed"},"unit":"Bps"}},"gridPos":{"h":9,"w":12,"x":0,"y":0},"id":1,"options":{"displayMode":"basic","showUnfilled":false},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Current Rate of Bytes Received","type":"bargauge"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"color":{"fixedColor":"green","mode":"fixed"},"unit":"Bps"}},"gridPos":{"h":9,"w":12,"x":12,"y":0},"id":2,"options":{"displayMode":"basic","showUnfilled":false},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Current Rate of Bytes Transmitted","type":"bargauge"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"overrides":[{"matcher":{"id":"byRegexp","options":"/Bytes/"},"properties":[{"id":"unit","value":"binBps"}]},{"matcher":{"id":"byRegexp","options":"/Packets/"},"properties":[{"id":"unit","value":"pps"}]},{"matcher":{"id":"byName","options":"Workload"},"properties":[{"id":"links","value":[{"title":"Drill down","url":"/d/728bf77cc1166d2f3133bf25846876cc/kubernetes-networking-workload?${datasource:queryparam}&var-cluster=${cluster}&var-namespace=${namespace}&var-type=${__data.fields.Type}&var-workload=${__data.fields.Workload}"}]}]}]},"gridPos":{"h":9,"w":24,"x":0,"y":9},"id":3,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod) kube_pod_info{cluster=\"$cluster\",namespace=\"$namespace\",host_network=\"false\"}\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload, workload_type))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod) kube_pod_info{cluster=\"$cluster\",namespace=\"$namespace\",host_network=\"false\"}\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload, workload_type))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(avg(rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod) kube_pod_info{cluster=\"$cluster\",namespace=\"$namespace\",host_network=\"false\"}\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload, workload_type))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(avg(rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod) kube_pod_info{cluster=\"$cluster\",namespace=\"$namespace\",host_network=\"false\"}\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload, workload_type))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod) kube_pod_info{cluster=\"$cluster\",namespace=\"$namespace\",host_network=\"false\"}\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload, workload_type))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod) kube_pod_info{cluster=\"$cluster\",namespace=\"$namespace\",host_network=\"false\"}\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload, workload_type))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod) kube_pod_info{cluster=\"$cluster\",namespace=\"$namespace\",host_network=\"false\"}\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload, workload_type))\n","format":"table","instant":true},{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod) kube_pod_info{cluster=\"$cluster\",namespace=\"$namespace\",host_network=\"false\"}\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload, workload_type))\n","format":"table","instant":true}],"title":"Current Status","transformations":[{"id":"joinByField","options":{"byField":"workload","mode":"outer"}},{"id":"organize","options":{"excludeByName":{"Time":true,"Time 1":true,"Time 2":true,"Time 3":true,"Time 4":true,"Time 5":true,"Time 6":true,"Time 7":true,"Time 8":true,"workload_type 2":true,"workload_type 3":true,"workload_type 4":true,"workload_type 5":true,"workload_type 6":true,"workload_type 7":true,"workload_type 8":true},"indexByName":{"Time 1":0,"Time 2":1,"Time 3":2,"Time 4":3,"Time 5":4,"Time 6":5,"Time 7":6,"Time 8":7,"Value #A":10,"Value #B":11,"Value #C":12,"Value #D":13,"Value #E":14,"Value #F":15,"Value #G":16,"Value #H":17,"workload":8,"workload_type 1":9,"workload_type 2":18,"workload_type 3":19,"workload_type 4":20,"workload_type 5":21,"workload_type 6":22,"workload_type 7":23,"workload_type 8":24},"renameByName":{"Value #A":"Rx Bytes","Value #B":"Tx Bytes","Value #C":"Rx Bytes (Avg)","Value #D":"Tx Bytes (Avg)","Value #E":"Rx Packets","Value #F":"Tx Packets","Value #G":"Rx Packets Dropped","Value #H":"Tx Packets Dropped","workload":"Workload","workload_type 1":"Type"}}}],"type":"table"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":9,"w":12,"x":0,"y":18},"id":4,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Receive Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":9,"w":12,"x":12,"y":18},"id":5,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Transmit Bandwidth","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":9,"w":12,"x":0,"y":27},"id":6,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(avg(rate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Average Container Bandwidth by Workload: Received","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"Bps"}},"gridPos":{"h":9,"w":12,"x":12,"y":27},"id":7,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(avg(rate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Average Container Bandwidth by Workload: Transmitted","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":0,"y":36},"id":8,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Rate of Received Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":12,"y":36},"id":9,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":0,"y":45},"id":10,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Rate of Received Packets Dropped","type":"timeseries"},{"datasource":{"type":"datasource","uid":"-- Mixed --"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","spanNulls":true},"unit":"pps"}},"gridPos":{"h":9,"w":12,"x":12,"y":45},"id":11,"interval":"`}}{{ .Values.grafana.defaultDashboardsInterval }}{{`","options":{"legend":{"asTable":true,"calcs":["lastNotNull"],"displayMode":"table","placement":"right","showLegend":true},"tooltip":{"mode":"single"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"sort_desc(sum(rate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$__rate_interval])\n* on (cluster,namespace,pod) group_left ()\n topk by (cluster,namespace,pod) (\n 1,\n max by (cluster,namespace,pod) (kube_pod_info{host_network=\"false\"})\n )\n* on (cluster,namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=~\"$type\"}) by (workload))\n","legendFormat":"__auto"}],"title":"Rate of Transmitted Packets Dropped","type":"timeseries"}],"refresh":"10s","schemaVersion":39,"tags":["kubernetes-mixin"],"templating":{"list":[{"current":{"selected":true,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","regex":"","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"cluster","name":"cluster","query":"label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)","refresh":2,"sort":1,"type":"query","allValue":".*"},{"current":{"selected":false,"text":"kube-system","value":"kube-system"},"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"label":"namespace","name":"namespace","query":"label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":0,"includeAll":true,"label":"workload_type","name":"type","query":"label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\"}, workload_type)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Kubernetes / Networking / Namespace (Workload)","uid":"bbb2a765a623ae38130206c7d94a160f"}`}} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml deleted file mode 100644 index 849b964..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml +++ /dev/null @@ -1,1063 +0,0 @@ -{{- /* -Generated from 'node-cluster-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-cluster-rsrc-use" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - node-cluster-rsrc-use.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "30s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 2, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "((\n instance:node_cpu_utilisation:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}\n *\n instance:node_num_cpu:sum{job=\"node-exporter\", cluster=\"$cluster\"}\n) != 0 )\n/ scalar(sum(instance:node_num_cpu:sum{job=\"node-exporter\", cluster=\"$cluster\"}))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}} instance {{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Utilisation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(\n instance:node_load1_per_cpu:ratio{job=\"node-exporter\", cluster=\"$cluster\"}\n / scalar(count(instance:node_load1_per_cpu:ratio{job=\"node-exporter\", cluster=\"$cluster\"}))\n) != 0\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Saturation (Load1 per CPU)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(\n instance:node_memory_utilisation:ratio{job=\"node-exporter\", cluster=\"$cluster\"}\n / scalar(count(instance:node_memory_utilisation:ratio{job=\"node-exporter\", cluster=\"$cluster\"}))\n) != 0\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Utilisation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 5, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Saturation (Major Page Faults)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "rds", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "rds", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 6, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - { - "alias": "/Receive/", - "stack": "A" - }, - { - "alias": "/Transmit/", - "stack": "B", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Receive", - "refId": "A" - }, - { - "expr": "instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Transmit", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Utilisation (Bytes Receive/Transmit)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 7, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - { - "alias": "/ Receive/", - "stack": "A" - }, - { - "alias": "/ Transmit/", - "stack": "B", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Receive", - "refId": "A" - }, - { - "expr": "instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Transmit", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Saturation (Drops Receive/Transmit)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(\n instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}\n / scalar(count(instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}))\n) != 0\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk IO Utilisation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(\n instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}\n / scalar(count(instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}))\n) != 0\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk IO Saturation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Disk IO", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum without (device) (\n max without (fstype, mountpoint) ((\n node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", mountpoint!=\"\", cluster=\"$cluster\"}\n -\n node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\", mountpoint!=\"\", cluster=\"$cluster\"}\n ) != 0)\n)\n/ scalar(sum(max without (fstype, mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", mountpoint!=\"\", cluster=\"$cluster\"})))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk Space Utilisation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Disk Space", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "node-exporter-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(node_time_seconds, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Node Exporter / USE Method / Cluster", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/node-rsrc-use.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/node-rsrc-use.yaml deleted file mode 100644 index 7f19c55..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/node-rsrc-use.yaml +++ /dev/null @@ -1,1089 +0,0 @@ -{{- /* -Generated from 'node-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-rsrc-use" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - node-rsrc-use.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "30s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 2, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_cpu_utilisation:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Utilisation", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Utilisation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_load1_per_cpu:ratio{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Saturation", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Saturation (Load1 per CPU)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_memory_utilisation:ratio{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Utilisation", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Utilisation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 5, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Major page Faults", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Saturation (Major Page Faults)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "rds", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "rds", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 6, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - { - "alias": "/Receive/", - "stack": "A" - }, - { - "alias": "/Transmit/", - "stack": "B", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Receive", - "refId": "A" - }, - { - "expr": "instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Transmit", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Utilisation (Bytes Receive/Transmit)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 7, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - { - "alias": "/ Receive/", - "stack": "A" - }, - { - "alias": "/ Transmit/", - "stack": "B", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Receive", - "refId": "A" - }, - { - "expr": "instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Transmit", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Saturation (Drops Receive/Transmit)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk IO Utilisation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk IO Saturation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Disk IO", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(1 -\n (\n max without (mountpoint, fstype) (node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\", cluster=\"$cluster\"})\n /\n max without (mountpoint, fstype) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\", cluster=\"$cluster\"})\n ) != 0\n)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk Space Utilisation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Disk Space", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "node-exporter-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(node_time_seconds, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "instance", - "options": [ - - ], - "query": "label_values(node_exporter_build_info{job=\"node-exporter\", cluster=\"$cluster\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Node Exporter / USE Method / Node", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes-aix.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes-aix.yaml deleted file mode 100644 index 8ad1c64..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes-aix.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- /* -Generated from 'nodes-aix' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (and (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) .Values.nodeExporter.operatingSystems.aix.enabled) }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes-aix" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - nodes-aix.json: |- - {{`{"graphTooltip":1,"panels":[{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":1,"panels":[],"title":"CPU","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","stacking":{"mode":"normal"}},"max":1,"min":0,"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":1},"id":2,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"(\n (1 - sum without (mode) (rate(node_cpu_seconds_total{job=\"node-exporter\", mode=~\"idle|iowait|steal\", instance=\"$instance\", cluster=\"$cluster\"}[$__rate_interval])))\n/ ignoring(cpu) group_left\n count without (cpu, mode) (node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\", cluster=\"$cluster\"})\n)\n","intervalFactor":5,"legendFormat":"{{cpu}}"}],"title":"CPU Usage","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"},"min":0,"unit":"short"}},"gridPos":{"h":7,"w":12,"x":12,"y":1},"id":3,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_load1{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}","legendFormat":"1m load average"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_load5{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}","legendFormat":"5m load average"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_load15{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}","legendFormat":"15m load average"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", mode=\"idle\"})","legendFormat":"logical cores"}],"title":"Load Average","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":8},"id":4,"title":"Memory","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never","stacking":{"mode":"none"}},"min":0,"unit":"bytes"}},"gridPos":{"h":7,"w":18,"x":0,"y":9},"id":5,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}","legendFormat":"Physical Memory"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"(\n node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} -\n node_memory_available_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}\n)\n","legendFormat":"Memory Used"}],"title":"Memory Usage","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"max":100,"min":0,"thresholds":{"steps":[{"color":"rgba(50, 172, 45, 0.97)"},{"color":"rgba(237, 129, 40, 0.89)","value":80},{"color":"rgba(245, 54, 54, 0.9)","value":90}]},"unit":"percent"}},"gridPos":{"h":7,"w":6,"x":18,"y":9},"id":6,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"100 -\n(\n avg(node_memory_available_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"}) /\n avg(node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"})\n * 100\n)\n"}],"title":"Memory Usage","type":"gauge"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":18},"id":7,"panels":[],"title":"Disk","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"},"min":0},"overrides":[{"matcher":{"id":"byRegexp","options":"/ read| written/"},"properties":[{"id":"unit","value":"Bps"}]},{"matcher":{"id":"byRegexp","options":"/ io time/"},"properties":[{"id":"unit","value":"percentunit"}]}]},"gridPos":{"h":7,"w":12,"x":0,"y":19},"id":8,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","intervalFactor":1,"legendFormat":"{{device}} read"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","intervalFactor":1,"legendFormat":"{{device}} written"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])","intervalFactor":1,"legendFormat":"{{device}} io time"}],"title":"Disk I/O","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"thresholds":{"steps":[{"color":"green"},{"color":"yellow","value":0.8},{"color":"red","value":0.9}]},"unit":"decbytes"},"overrides":[{"matcher":{"id":"byName","options":"Mounted on"},"properties":[{"id":"custom.width","value":260}]},{"matcher":{"id":"byName","options":"Size"},"properties":[{"id":"custom.width","value":93}]},{"matcher":{"id":"byName","options":"Used"},"properties":[{"id":"custom.width","value":72}]},{"matcher":{"id":"byName","options":"Available"},"properties":[{"id":"custom.width","value":88}]},{"matcher":{"id":"byName","options":"Used, %"},"properties":[{"id":"unit","value":"percentunit"},{"id":"custom.cellOptions","value":{"type":"gauge"}},{"id":"max","value":1},{"id":"min","value":0}]}]},"gridPos":{"h":7,"w":12,"x":12,"y":19},"id":9,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"max by (mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", fstype!=\"\", mountpoint!=\"\"})\n","format":"table","instant":true,"legendFormat":""},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"max by (mountpoint) (node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", fstype!=\"\", mountpoint!=\"\"})\n","format":"table","instant":true,"legendFormat":""}],"title":"Disk Space Usage","transformations":[{"id":"groupBy","options":{"fields":{"Value #A":{"aggregations":["lastNotNull"],"operation":"aggregate"},"Value #B":{"aggregations":["lastNotNull"],"operation":"aggregate"},"mountpoint":{"aggregations":[],"operation":"groupby"}}}},{"id":"merge"},{"id":"calculateField","options":{"alias":"Used","binary":{"left":"Value #A (lastNotNull)","operator":"-","reducer":"sum","right":"Value #B (lastNotNull)"},"mode":"binary","reduce":{"reducer":"sum"}}},{"id":"calculateField","options":{"alias":"Used, %","binary":{"left":"Used","operator":"/","reducer":"sum","right":"Value #A (lastNotNull)"},"mode":"binary","reduce":{"reducer":"sum"}}},{"id":"organize","options":{"excludeByName":{},"indexByName":{},"renameByName":{"Value #A (lastNotNull)":"Size","Value #B (lastNotNull)":"Available","mountpoint":"Mounted on"}}},{"id":"sortBy","options":{"fields":{},"sort":[{"field":"Mounted on"}]}}],"type":"table"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":26},"id":10,"panels":[],"title":"Network","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"description":"Network received (bits/s)","fieldConfig":{"defaults":{"custom":{"fillOpacity":0,"showPoints":"never"},"min":0,"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":0,"y":27},"id":11,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", device!=\"lo\"}[$__rate_interval]) * 8","intervalFactor":1,"legendFormat":"{{device}}"}],"title":"Network Received","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"description":"Network transmitted (bits/s)","fieldConfig":{"defaults":{"custom":{"fillOpacity":0},"min":0,"unit":"bps"}},"gridPos":{"h":7,"w":12,"x":12,"y":27},"id":12,"options":{"tooltip":{"mode":"multi"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\", device!=\"lo\"}[$__rate_interval]) * 8","intervalFactor":1,"legendFormat":"{{device}}"}],"title":"Network Transmitted","type":"timeseries"}],"refresh":"30s","schemaVersion":39,"tags":["node-exporter-mixin"],"templating":{"list":[{"name":"datasource","query":"prometheus","type":"datasource"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"label":"Cluster","name":"cluster","query":"label_values(node_uname_info{job=\"node-exporter\", sysname!=\"Darwin\"}, cluster)","refresh":2,"type":"query","allValue":".*"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"label":"Instance","name":"instance","query":"label_values(node_uname_info{job=\"node-exporter\", cluster=\"$cluster\", sysname!=\"Darwin\"}, instance)","refresh":2,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Node Exporter / AIX","uid":"7e0a61e486f727d763fb1d86fdd629c2"}`}} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes-darwin.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes-darwin.yaml deleted file mode 100644 index 3ac94f8..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes-darwin.yaml +++ /dev/null @@ -1,1073 +0,0 @@ -{{- /* -Generated from 'nodes-darwin' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (and (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) .Values.nodeExporter.operatingSystems.darwin.enabled) }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes-darwin" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - nodes-darwin.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "30s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 2, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(\n (1 - sum without (mode) (rate(node_cpu_seconds_total{job=\"node-exporter\", mode=~\"idle|iowait|steal\", instance=\"$instance\"}[$__rate_interval])))\n/ ignoring(cpu) group_left\n count without (cpu, mode) (node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"})\n)\n", - "format": "time_series", - "intervalFactor": 5, - "legendFormat": "{{`{{`}}cpu{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": 1, - "min": 0, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": 1, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 0, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_load1{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "1m load average", - "refId": "A" - }, - { - "expr": "node_load5{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "5m load average", - "refId": "B" - }, - { - "expr": "node_load15{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "15m load average", - "refId": "C" - }, - { - "expr": "count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", mode=\"idle\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "logical cores", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Load Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 9, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Physical Memory", - "refId": "A" - }, - { - "expr": "(\n node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\"} -\n node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\"} +\n node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\"} +\n node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\"}\n)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Memory Used", - "refId": "B" - }, - { - "expr": "(\n node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\"} -\n node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\"}\n)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "App Memory", - "refId": "C" - }, - { - "expr": "node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Wired Memory", - "refId": "D" - }, - { - "expr": "node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Compressed", - "refId": "E" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "max": 100, - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)" - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 80 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 90 - } - ] - }, - "unit": "percent" - } - }, - "gridPos": { - - }, - "id": 5, - "span": 3, - "targets": [ - { - "expr": "(\n (\n avg(node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\"}) -\n avg(node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\"}) +\n avg(node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\"}) +\n avg(node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\"})\n ) /\n avg(node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\"})\n)\n*\n100\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "" - } - ], - "title": "Memory Usage", - "transparent": false, - "type": "gauge" - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 0, - "fillGradient": 0, - "gridPos": { - - }, - "id": 6, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - { - "alias": "/ read| written/", - "yaxis": 1 - }, - { - "alias": "/ io time/", - "yaxis": 2 - } - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}} read", - "refId": "A" - }, - { - "expr": "rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}} written", - "refId": "B" - }, - { - "expr": "rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}} io time", - "refId": "C" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": { - - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "yellow", - "value": 0.8 - }, - { - "color": "red", - "value": 0.9 - } - ] - }, - "unit": "decbytes" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Mounted on" - }, - "properties": [ - { - "id": "custom.width", - "value": 260 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Size" - }, - "properties": [ - { - "id": "custom.width", - "value": 93 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Used" - }, - "properties": [ - { - "id": "custom.width", - "value": 72 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Available" - }, - "properties": [ - { - "id": "custom.width", - "value": 88 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Used, %" - }, - "properties": [ - { - "id": "unit", - "value": "percentunit" - }, - { - "id": "custom.displayMode", - "value": "gradient-gauge" - }, - { - "id": "max", - "value": 1 - }, - { - "id": "min", - "value": 0 - } - ] - } - ] - }, - "gridPos": { - - }, - "id": 7, - "span": 6, - "targets": [ - { - "expr": "max by (mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\", mountpoint!=\"\"})\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "" - }, - { - "expr": "max by (mountpoint) (node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\", mountpoint!=\"\"})\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "" - } - ], - "title": "Disk Space Usage", - "transformations": [ - { - "id": "groupBy", - "options": { - "fields": { - "Value #A": { - "aggregations": [ - "lastNotNull" - ], - "operation": "aggregate" - }, - "Value #B": { - "aggregations": [ - "lastNotNull" - ], - "operation": "aggregate" - }, - "mountpoint": { - "aggregations": [ - - ], - "operation": "groupby" - } - } - } - }, - { - "id": "merge", - "options": { - - } - }, - { - "id": "calculateField", - "options": { - "alias": "Used", - "binary": { - "left": "Value #A (lastNotNull)", - "operator": "-", - "reducer": "sum", - "right": "Value #B (lastNotNull)" - }, - "mode": "binary", - "reduce": { - "reducer": "sum" - } - } - }, - { - "id": "calculateField", - "options": { - "alias": "Used, %", - "binary": { - "left": "Used", - "operator": "/", - "reducer": "sum", - "right": "Value #A (lastNotNull)" - }, - "mode": "binary", - "reduce": { - "reducer": "sum" - } - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - - }, - "indexByName": { - - }, - "renameByName": { - "Value #A (lastNotNull)": "Size", - "Value #B (lastNotNull)": "Available", - "mountpoint": "Mounted on" - } - } - }, - { - "id": "sortBy", - "options": { - "fields": { - - }, - "sort": [ - { - "field": "Mounted on" - } - ] - } - } - ], - "transparent": false, - "type": "table" - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Disk", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "Network received (bits/s)", - "fill": 0, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval]) * 8", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Received", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "Network transmitted (bits/s)", - "fill": 0, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval]) * 8", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Transmitted", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "node-exporter-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": "Instance", - "multi": false, - "name": "instance", - "options": [ - - ], - "query": "label_values(node_uname_info{job=\"node-exporter\", sysname=\"Darwin\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Node Exporter / MacOS", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes.yaml deleted file mode 100644 index 605ab6c..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes.yaml +++ /dev/null @@ -1,1066 +0,0 @@ -{{- /* -Generated from 'nodes' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (and (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) .Values.nodeExporter.operatingSystems.linux.enabled) }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - nodes.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "30s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 2, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(\n (1 - sum without (mode) (rate(node_cpu_seconds_total{job=\"node-exporter\", mode=~\"idle|iowait|steal\", instance=\"$instance\"}[$__rate_interval])))\n/ ignoring(cpu) group_left\n count without (cpu, mode) (node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"})\n)\n", - "format": "time_series", - "intervalFactor": 5, - "legendFormat": "{{`{{`}}cpu{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": 1, - "min": 0, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": 1, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 0, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_load1{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "1m load average", - "refId": "A" - }, - { - "expr": "node_load5{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "5m load average", - "refId": "B" - }, - { - "expr": "node_load15{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "15m load average", - "refId": "C" - }, - { - "expr": "count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", mode=\"idle\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "logical cores", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Load Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 9, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(\n node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\"}\n)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "memory used", - "refId": "A" - }, - { - "expr": "node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "memory buffers", - "refId": "B" - }, - { - "expr": "node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "memory cached", - "refId": "C" - }, - { - "expr": "node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "memory free", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "max": 100, - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)" - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 80 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 90 - } - ] - }, - "unit": "percent" - } - }, - "gridPos": { - - }, - "id": 5, - "span": 3, - "targets": [ - { - "expr": "100 -\n(\n avg(node_memory_MemAvailable_bytes{job=\"node-exporter\", instance=\"$instance\"}) /\n avg(node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\"})\n* 100\n)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "" - } - ], - "title": "Memory Usage", - "transparent": false, - "type": "gauge" - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 0, - "fillGradient": 0, - "gridPos": { - - }, - "id": 6, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - { - "alias": "/ read| written/", - "yaxis": 1 - }, - { - "alias": "/ io time/", - "yaxis": 2 - } - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}} read", - "refId": "A" - }, - { - "expr": "rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}} written", - "refId": "B" - }, - { - "expr": "rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|md.+|dasd.+)\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}} io time", - "refId": "C" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": { - - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "yellow", - "value": 0.8 - }, - { - "color": "red", - "value": 0.9 - } - ] - }, - "unit": "decbytes" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Mounted on" - }, - "properties": [ - { - "id": "custom.width", - "value": 260 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Size" - }, - "properties": [ - { - "id": "custom.width", - "value": 93 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Used" - }, - "properties": [ - { - "id": "custom.width", - "value": 72 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Available" - }, - "properties": [ - { - "id": "custom.width", - "value": 88 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Used, %" - }, - "properties": [ - { - "id": "unit", - "value": "percentunit" - }, - { - "id": "custom.displayMode", - "value": "gradient-gauge" - }, - { - "id": "max", - "value": 1 - }, - { - "id": "min", - "value": 0 - } - ] - } - ] - }, - "gridPos": { - - }, - "id": 7, - "span": 6, - "targets": [ - { - "expr": "max by (mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\", mountpoint!=\"\"})\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "" - }, - { - "expr": "max by (mountpoint) (node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\", mountpoint!=\"\"})\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "" - } - ], - "title": "Disk Space Usage", - "transformations": [ - { - "id": "groupBy", - "options": { - "fields": { - "Value #A": { - "aggregations": [ - "lastNotNull" - ], - "operation": "aggregate" - }, - "Value #B": { - "aggregations": [ - "lastNotNull" - ], - "operation": "aggregate" - }, - "mountpoint": { - "aggregations": [ - - ], - "operation": "groupby" - } - } - } - }, - { - "id": "merge", - "options": { - - } - }, - { - "id": "calculateField", - "options": { - "alias": "Used", - "binary": { - "left": "Value #A (lastNotNull)", - "operator": "-", - "reducer": "sum", - "right": "Value #B (lastNotNull)" - }, - "mode": "binary", - "reduce": { - "reducer": "sum" - } - } - }, - { - "id": "calculateField", - "options": { - "alias": "Used, %", - "binary": { - "left": "Used", - "operator": "/", - "reducer": "sum", - "right": "Value #A (lastNotNull)" - }, - "mode": "binary", - "reduce": { - "reducer": "sum" - } - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - - }, - "indexByName": { - - }, - "renameByName": { - "Value #A (lastNotNull)": "Size", - "Value #B (lastNotNull)": "Available", - "mountpoint": "Mounted on" - } - } - }, - { - "id": "sortBy", - "options": { - "fields": { - - }, - "sort": [ - { - "field": "Mounted on" - } - ] - } - } - ], - "transparent": false, - "type": "table" - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Disk", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "Network received (bits/s)", - "fill": 0, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval]) * 8", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Received", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "Network transmitted (bits/s)", - "fill": 0, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval]) * 8", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Transmitted", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "node-exporter-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": "Instance", - "multi": false, - "name": "instance", - "options": [ - - ], - "query": "label_values(node_uname_info{job=\"node-exporter\", sysname!=\"Darwin\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Node Exporter / Nodes", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml deleted file mode 100644 index 656b977..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml +++ /dev/null @@ -1,587 +0,0 @@ -{{- /* -Generated from 'persistentvolumesusage' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "persistentvolumesusage" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - persistentvolumesusage.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 2, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 9, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Used Space", - "refId": "A" - }, - { - "expr": "sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Free Space", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Volume Space Usage", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "$datasource", - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 3, - "interval": "1m", - "legend": { - "alignAsTable": true, - "rightSide": true - }, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 3, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "max without(instance,node) (\n(\n topk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n topk(1, kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n/\ntopk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "80, 90", - "title": "Volume Space Usage", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 9, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Used inodes", - "refId": "A" - }, - { - "expr": "(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": " Free inodes", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Volume inodes Usage", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "$datasource", - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 5, - "interval": "1m", - "legend": { - "alignAsTable": true, - "rightSide": true - }, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 3, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "max without(instance,node) (\ntopk(1, kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n/\ntopk(1, kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "80, 90", - "title": "Volume inodes Usage", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": "cluster", - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(kubelet_volume_stats_capacity_bytes{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [ - - ], - "query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\"}, namespace)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": "PersistentVolumeClaim", - "multi": false, - "name": "volume", - "options": [ - - ], - "query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\"}, persistentvolumeclaim)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-7d", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Persistent Volumes", - "uid": "919b92a8e8041bd567af9edab12c840c", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/pod-total.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/pod-total.yaml deleted file mode 100644 index 6f8481d..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/pod-total.yaml +++ /dev/null @@ -1,1228 +0,0 @@ -{{- /* -Generated from 'pod-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "pod-total" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - pod-total.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "panels": [ - { - "collapse": false, - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 2, - "panels": [ - - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Current Bandwidth", - "titleSize": "h6", - "type": "row" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "decimals": 0, - "format": "time_series", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 1 - }, - "height": 9, - "id": 3, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": 12, - "nullPointMode": "connected", - "nullText": null, - "options": { - "fieldOptions": { - "calcs": [ - "last" - ], - "defaults": { - "max": 10000000000, - "min": 0, - "title": "$namespace: $pod", - "unit": "Bps" - }, - "mappings": [ - - ], - "override": { - - }, - "thresholds": [ - { - "color": "dark-green", - "index": 0, - "value": null - }, - { - "color": "dark-yellow", - "index": 1, - "value": 5000000000 - }, - { - "color": "dark-red", - "index": 2, - "value": 7000000000 - } - ], - "values": false - } - }, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 12, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))", - "format": "time_series", - "instant": null, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Current Rate of Bytes Received", - "type": "gauge", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "decimals": 0, - "format": "time_series", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 1 - }, - "height": 9, - "id": 4, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": 12, - "nullPointMode": "connected", - "nullText": null, - "options": { - "fieldOptions": { - "calcs": [ - "last" - ], - "defaults": { - "max": 10000000000, - "min": 0, - "title": "$namespace: $pod", - "unit": "Bps" - }, - "mappings": [ - - ], - "override": { - - }, - "thresholds": [ - { - "color": "dark-green", - "index": 0, - "value": null - }, - { - "color": "dark-yellow", - "index": 1, - "value": 5000000000 - }, - { - "color": "dark-red", - "index": 2, - "value": 7000000000 - } - ], - "values": false - } - }, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 12, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))", - "format": "time_series", - "instant": null, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Current Rate of Bytes Transmitted", - "type": "gauge", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "collapse": false, - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 5, - "panels": [ - - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Bandwidth", - "titleSize": "h6", - "type": "row" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 6, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Receive Bandwidth", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 7, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Transmit Bandwidth", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 20 - }, - "id": 8, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 21 - }, - "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 21 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Packets", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 21 - }, - "id": 11, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 32 - }, - "id": 12, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets Dropped", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 32 - }, - "id": 13, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets Dropped", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Errors", - "titleSize": "h6", - "type": "row" - } - ], - "refresh": "10s", - "rows": [ - - ], - "schemaVersion": 18, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".+", - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "kube-system", - "value": "kube-system" - }, - "datasource": "$datasource", - "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "namespace", - "options": [ - - ], - "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".+", - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "pod", - "options": [ - - ], - "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "5m", - "value": "5m" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "resolution", - "options": [ - { - "selected": false, - "text": "30s", - "value": "30s" - }, - { - "selected": true, - "text": "5m", - "value": "5m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - } - ], - "query": "30s,5m,1h", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "interval", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "5m", - "value": "5m" - }, - "datasource": "$datasource", - "hide": 2, - "includeAll": false, - "label": null, - "multi": false, - "name": "interval", - "options": [ - { - "selected": true, - "text": "4h", - "value": "4h" - } - ], - "query": "4h", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "interval", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Networking / Pod", - "uid": "7a18067ce943a40ae25454675c19ff5c", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml deleted file mode 100644 index 25fc18b..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml +++ /dev/null @@ -1,1674 +0,0 @@ -{{- /* -Generated from 'prometheus-remote-write' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.prometheus.prometheusSpec.remoteWriteDashboards }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus-remote-write" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - prometheus-remote-write.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "60s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 2, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(\n prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} \n- \n ignoring(remote_name, url) group_right(instance) (prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} != 0)\n)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Highest Timestamp In vs. Highest Timestamp Sent", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "clamp_min(\n rate(prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) \n- \n ignoring (remote_name, url) group_right(instance) rate(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n, 0)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate[5m]", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Timestamps", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(\n prometheus_remote_storage_samples_in_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n- \n ignoring(remote_name, url) group_right(instance) (rate(prometheus_remote_storage_succeeded_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n- \n (rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate, in vs. succeeded or dropped [5m]", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Samples", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 5, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "minSpan": 6, - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_remote_storage_shards{cluster=~\"$cluster\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Shards", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 6, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_remote_storage_shards_max{cluster=~\"$cluster\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Max Shards", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 7, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_remote_storage_shards_min{cluster=~\"$cluster\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Min Shards", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_remote_storage_shards_desired{cluster=~\"$cluster\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Desired Shards", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Shards", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_remote_storage_shard_capacity{cluster=~\"$cluster\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Shard Capacity", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_remote_storage_pending_samples{cluster=~\"$cluster\", instance=~\"$instance\"} or prometheus_remote_storage_samples_pending{cluster=~\"$cluster\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Pending Samples", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Shard Details", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 11, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_wal_segment_current{cluster=~\"$cluster\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "TSDB Current Segment", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 12, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_wal_watcher_current_segment{cluster=~\"$cluster\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}consumer{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Remote Write Current Segment", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Segments", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 13, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Dropped Samples", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 14, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_remote_storage_failed_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Failed Samples", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 15, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_remote_storage_retried_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_retried_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Retried Samples", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 16, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_remote_storage_enqueue_retries_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Enqueue Retries", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Misc. Rates", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "prometheus-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - "text": { - "selected": true, - "text": "All", - "value": "$__all" - }, - "value": { - "selected": true, - "text": "All", - "value": "$__all" - } - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": true, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(kube_pod_container_info{image=~\".*prometheus.*\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": { - "selected": true, - "text": "All", - "value": "$__all" - }, - "value": { - "selected": true, - "text": "All", - "value": "$__all" - } - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "instance", - "options": [ - - ], - "query": "label_values(prometheus_build_info{cluster=~\"$cluster\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "url", - "options": [ - - ], - "query": "label_values(prometheus_remote_storage_shards{cluster=~\"$cluster\", instance=~\"$instance\"}, url)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-6h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Prometheus / Remote Write", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/prometheus.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/prometheus.yaml deleted file mode 100644 index 50a731a..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/prometheus.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- /* -Generated from 'prometheus' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - prometheus.json: |- - {{`{"panels":[{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":1,"panels":[],"title":"Prometheus Stats","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"decimals":2,"displayName":"","unit":"short"},"overrides":[{"matcher":{"id":"byName","options":"Time"},"properties":[{"id":"displayName","value":"Time"},{"id":"custom.align","value":null},{"id":"custom.hidden","value":"true"}]},{"matcher":{"id":"byName","options":"cluster"},"properties":[{"id":"custom.align","value":null},{"id":"unit","value":"short"},{"id":"decimals","value":2},{"id":"displayName","value":"Cluster"}]},{"matcher":{"id":"byName","options":"job"},"properties":[{"id":"custom.align","value":null},{"id":"unit","value":"short"},{"id":"decimals","value":2},{"id":"displayName","value":"Job"}]},{"matcher":{"id":"byName","options":"instance"},"properties":[{"id":"displayName","value":"Instance"},{"id":"custom.align","value":null},{"id":"unit","value":"short"},{"id":"decimals","value":2}]},{"matcher":{"id":"byName","options":"version"},"properties":[{"id":"displayName","value":"Version"},{"id":"custom.align","value":null},{"id":"unit","value":"short"},{"id":"decimals","value":2}]},{"matcher":{"id":"byName","options":"Value #A"},"properties":[{"id":"displayName","value":"Count"},{"id":"custom.align","value":null},{"id":"unit","value":"short"},{"id":"decimals","value":2},{"id":"custom.hidden","value":"true"}]},{"matcher":{"id":"byName","options":"Value #B"},"properties":[{"id":"displayName","value":"Uptime"},{"id":"custom.align","value":null},{"id":"unit","value":"s"}]}]},"gridPos":{"h":7,"w":24,"x":0,"y":1},"id":2,"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"count by (cluster, job, instance, version) (prometheus_build_info{cluster=~\"$cluster\", job=~\"$job\", instance=~\"$instance\"})","format":"table","instant":true,"legendFormat":""},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"max by (cluster, job, instance) (time() - process_start_time_seconds{cluster=~\"$cluster\", job=~\"$job\", instance=~\"$instance\"})","format":"table","instant":true,"legendFormat":""}],"title":"Prometheus Stats","type":"table"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":8},"id":3,"panels":[],"title":"Discovery","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never"},"min":0,"unit":"ms"}},"gridPos":{"h":7,"w":12,"x":0,"y":9},"id":4,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum(rate(prometheus_target_sync_length_seconds_sum{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[5m])) by (cluster, job, scrape_job, instance) * 1e3","format":"time_series","legendFormat":"{{cluster}}:{{job}}:{{instance}}:{{scrape_job}}"}],"title":"Target Sync","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"lineWidth":0,"showPoints":"never","stacking":{"mode":"normal"}},"min":0,"unit":"short"}},"gridPos":{"h":7,"w":12,"x":12,"y":9},"id":5,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum by (cluster, job, instance) (prometheus_sd_discovered_targets{cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"})","format":"time_series","legendFormat":"{{cluster}}:{{job}}:{{instance}}"}],"title":"Targets","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":16},"id":6,"panels":[],"title":"Retrieval","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":10,"showPoints":"never"},"min":0,"unit":"ms"}},"gridPos":{"h":7,"w":8,"x":0,"y":17},"id":7,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(prometheus_target_interval_length_seconds_sum{cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"}[5m]) / rate(prometheus_target_interval_length_seconds_count{cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"}[5m]) * 1e3","format":"time_series","legendFormat":"{{cluster}}:{{job}}:{{instance}} {{interval}} configured"}],"title":"Average Scrape Interval Duration","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"lineWidth":0,"showPoints":"never","stacking":{"mode":"normal"}},"min":0,"unit":"ms"}},"gridPos":{"h":7,"w":8,"x":8,"y":17},"id":8,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_exceeded_body_size_limit_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"exceeded body size limit: {{cluster}} {{job}} {{instance}}"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_exceeded_sample_limit_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"exceeded sample limit: {{cluster}} {{job}} {{instance}}"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"duplicate timestamp: {{cluster}} {{job}} {{instance}}"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_sample_out_of_bounds_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"out of bounds: {{cluster}} {{job}} {{instance}}"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sum by (cluster, job, instance) (rate(prometheus_target_scrapes_sample_out_of_order_total{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}[1m]))","format":"time_series","legendFormat":"out of order: {{cluster}} {{job}} {{instance}}"}],"title":"Scrape failures","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"lineWidth":0,"showPoints":"never","stacking":{"mode":"normal"}},"min":0,"unit":"short"}},"gridPos":{"h":7,"w":8,"x":16,"y":17},"id":9,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(prometheus_tsdb_head_samples_appended_total{cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"}[5m])","format":"time_series","legendFormat":"{{cluster}} {{job}} {{instance}}"}],"title":"Appended Samples","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":24},"id":10,"panels":[],"title":"Storage","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"lineWidth":0,"showPoints":"never","stacking":{"mode":"normal"}},"min":0,"unit":"short"}},"gridPos":{"h":7,"w":12,"x":0,"y":25},"id":11,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"prometheus_tsdb_head_series{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}","format":"time_series","legendFormat":"{{cluster}} {{job}} {{instance}} head series"}],"title":"Head Series","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"lineWidth":0,"showPoints":"never","stacking":{"mode":"normal"}},"min":0,"unit":"short"}},"gridPos":{"h":7,"w":12,"x":12,"y":25},"id":12,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"prometheus_tsdb_head_chunks{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\"}","format":"time_series","legendFormat":"{{cluster}} {{job}} {{instance}} head chunks"}],"title":"Head Chunks","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":32},"id":13,"panels":[],"title":"Query","type":"row"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"lineWidth":0,"showPoints":"never","stacking":{"mode":"normal"}},"min":0,"unit":"short"}},"gridPos":{"h":7,"w":12,"x":0,"y":33},"id":14,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"rate(prometheus_engine_query_duration_seconds_count{cluster=~\"$cluster\",job=~\"$job\",instance=~\"$instance\",slice=\"inner_eval\"}[5m])","format":"time_series","legendFormat":"{{cluster}} {{job}} {{instance}}"}],"title":"Query Rate","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"$datasource"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"lineWidth":0,"showPoints":"never","stacking":{"mode":"normal"}},"min":0,"unit":"ms"}},"gridPos":{"h":7,"w":12,"x":12,"y":33},"id":15,"options":{"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"max by (slice) (prometheus_engine_query_duration_seconds{quantile=\"0.9\",cluster=~\"$cluster\", job=~\"$job\",instance=~\"$instance\"}) * 1e3","format":"time_series","legendFormat":"{{slice}}"}],"title":"Stage Duration","type":"timeseries"}],"schemaVersion":39,"tags":["prometheus-mixin"],"templating":{"list":[{"current":{"selected":false,"text":"default","value":"default"},"hide":0,"label":"Data source","name":"datasource","query":"prometheus","type":"datasource"},{"allValue":".*","current":{"selected":false,"text":["$__all"],"value":["$__all"]},"datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":true,"label":"cluster","multi":true,"name":"cluster","query":"label_values(prometheus_build_info{}, cluster)","refresh":2,"sort":2,"type":"query"},{"allValue":".+","datasource":{"type":"prometheus","uid":"${datasource}"},"includeAll":true,"label":"job","multi":true,"name":"job","query":"label_values(prometheus_build_info{cluster=~\"$cluster\"}, job)","refresh":2,"sort":2,"type":"query"},{"allValue":".+","datasource":{"type":"prometheus","uid":"${datasource}"},"includeAll":true,"label":"instance","multi":true,"name":"instance","query":"label_values(prometheus_build_info{cluster=~\"$cluster\", job=~\"$job\"}, instance)","refresh":2,"sort":2,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timepicker":{"refresh_intervals":["60s"]},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Prometheus / Overview"}`}} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/proxy.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/proxy.yaml deleted file mode 100644 index e53558d..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/proxy.yaml +++ /dev/null @@ -1,1276 +0,0 @@ -{{- /* -Generated from 'proxy' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (or .Values.alertmanager.enabled .Values.alertmanager.forceDeployDashboards) }} -{{- if (include "exporter.kubeProxy.enabled" .)}} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "proxy" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - proxy.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 2, - "interval": "1m", - "legend": { - "alignAsTable": true, - "rightSide": true - }, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 2, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - {{- if .Values.k3sServer.enabled }} - "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", metrics_path=\"/metrics\"})", - {{- else }} - "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\"})", - {{- end }} - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Up", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "min" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 5, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubeproxy_sync_proxy_rules_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "rate", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rules Sync Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 5, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99,rate(kubeproxy_sync_proxy_rules_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rule Sync Latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 5, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubeproxy_network_programming_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "rate", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Programming Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 6, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(kubeproxy_network_programming_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])) by (instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Programming Latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 7, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "2xx", - "refId": "A" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "3xx", - "refId": "B" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "4xx", - "refId": "C" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "5xx", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Kube API Request Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 8, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\",verb=\"POST\"}[$__rate_interval])) by (verb, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}verb{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Post Request Latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}verb{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Get Request Latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 10, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 11, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU usage", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 12, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": "cluster", - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubeProxy.jobName" . }}\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "instance", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Proxy", - "uid": "632e265de029684c40b21cb76bca4f94", - "version": 0 - } -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/scheduler.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/scheduler.yaml deleted file mode 100644 index 80fe5f6..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/scheduler.yaml +++ /dev/null @@ -1,1118 +0,0 @@ -{{- /* -Generated from 'scheduler' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (or .Values.alertmanager.enabled .Values.alertmanager.forceDeployDashboards) }} -{{- if (include "exporter.kubeScheduler.enabled" .)}} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "scheduler" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - scheduler.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 2, - "interval": "1m", - "legend": { - "alignAsTable": true, - "rightSide": true - }, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 2, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - {{- if .Values.k3sServer.enabled }} - "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", metrics_path=\"/metrics\"})", - {{- else }} - "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\"})", - {{- end }} - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Up", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "min" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 5, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(scheduler_e2e_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} e2e", - "refId": "A" - }, - { - "expr": "sum(rate(scheduler_binding_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} binding", - "refId": "B" - }, - { - "expr": "sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} scheduling algorithm", - "refId": "C" - }, - { - "expr": "sum(rate(scheduler_volume_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} volume", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Scheduling Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 5, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} e2e", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} binding", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} scheduling algorithm", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} volume", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Scheduling latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 5, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "2xx", - "refId": "A" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "3xx", - "refId": "B" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "4xx", - "refId": "C" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "5xx", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Kube API Request Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 6, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 8, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\", verb=\"POST\"}[$__rate_interval])) by (verb, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}verb{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Post Request Latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 7, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}verb{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Get Request Latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU usage", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 10, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": "cluster", - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "instance", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", cluster=\"$cluster\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Scheduler", - "uid": "2e6b6a3b4bddf1427b3a55aa1311c656", - "version": 0 - } -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/workload-total.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/workload-total.yaml deleted file mode 100644 index 352c6b4..0000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/workload-total.yaml +++ /dev/null @@ -1,1438 +0,0 @@ -{{- /* -Generated from 'workload-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/baf3c7a71ec9f889644231f677f8708791d38293/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "workload-total" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - workload-total.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "panels": [ - { - "collapse": false, - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 2, - "panels": [ - - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Current Bandwidth", - "titleSize": "h6", - "type": "row" - }, - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 1 - }, - "id": 3, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}} pod {{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Rate of Bytes Received", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": false, - "values": [ - "current" - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 1 - }, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}} pod {{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Rate of Bytes Transmitted", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": false, - "values": [ - "current" - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 5, - "panels": [ - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}} pod {{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Average Rate of Bytes Received", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": false, - "values": [ - "current" - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 7, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}} pod {{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Average Rate of Bytes Transmitted", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": false, - "values": [ - "current" - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Average Bandwidth", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 8, - "panels": [ - - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Bandwidth HIstory", - "titleSize": "h6", - "type": "row" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 12 - }, - "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Receive Bandwidth", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 12 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Transmit Bandwidth", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 21 - }, - "id": 11, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 22 - }, - "id": 12, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 22 - }, - "id": 13, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Packets", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 22 - }, - "id": 14, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 23 - }, - "id": 15, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets Dropped", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 23 - }, - "id": 16, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets Dropped", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Errors", - "titleSize": "h6", - "type": "row" - } - ], - "refresh": "10s", - "rows": [ - - ], - "schemaVersion": 18, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(kube_pod_info{job=\"kube-state-metrics\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".+", - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "kube-system", - "value": "kube-system" - }, - "datasource": "$datasource", - "definition": "label_values(container_network_receive_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\"}, namespace)", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "namespace", - "options": [ - - ], - "query": "label_values(container_network_receive_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\"}, namespace)", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "workload", - "options": [ - - ], - "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "deployment", - "value": "deployment" - }, - "datasource": "$datasource", - "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "type", - "options": [ - - ], - "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "5m", - "value": "5m" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "resolution", - "options": [ - { - "selected": false, - "text": "30s", - "value": "30s" - }, - { - "selected": true, - "text": "5m", - "value": "5m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - } - ], - "query": "30s,5m,1h", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "interval", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "5m", - "value": "5m" - }, - "datasource": "$datasource", - "hide": 2, - "includeAll": false, - "label": null, - "multi": false, - "name": "interval", - "options": [ - { - "selected": true, - "text": "4h", - "value": "4h" - } - ], - "query": "4h", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "interval", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Networking / Workload", - "uid": "728bf77cc1166d2f3133bf25846876cc", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/namespaces.yaml b/charts/rancher-monitoring/templates/grafana/namespaces.yaml deleted file mode 100644 index 39ed210..0000000 --- a/charts/rancher-monitoring/templates/grafana/namespaces.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled (not .Values.grafana.defaultDashboards.useExistingNamespace) }} -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Values.grafana.defaultDashboards.namespace }} - labels: - name: {{ .Values.grafana.defaultDashboards.namespace }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} - annotations: -{{- if not .Values.grafana.defaultDashboards.cleanupOnUninstall }} - helm.sh/resource-policy: "keep" -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml b/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml deleted file mode 100644 index 92c6240..0000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-admission - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{- if .Values.global.rbac.pspAnnotations }} -{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} -{{- end }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-admission - {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 4 }} -spec: - privileged: false - # Allow core volume types. - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/psp-clusterrole.yaml b/charts/rancher-monitoring/templates/prometheus-operator/psp-clusterrole.yaml deleted file mode 100644 index 9766238..0000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/psp-clusterrole.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "kube-prometheus-stack.operator.fullname" . }}-psp - labels: - {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} -rules: -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-prometheus-stack.operator.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/psp-clusterrolebinding.yaml b/charts/rancher-monitoring/templates/prometheus-operator/psp-clusterrolebinding.yaml deleted file mode 100644 index 01f5f3d..0000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "kube-prometheus-stack.operator.fullname" . }}-psp - labels: - {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-prometheus-stack.operator.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/psp.yaml b/charts/rancher-monitoring/templates/prometheus-operator/psp.yaml deleted file mode 100644 index 0943b5f..0000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/psp.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-prometheus-stack.operator.fullname" . }} - labels: - {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} -{{- if .Values.global.rbac.pspAnnotations }} - annotations: -{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} -{{- end }} -spec: - privileged: false - # Allow core volume types. - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: {{ .Values.prometheusOperator.hostNetwork }} - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/additionalPrometheusRules.yaml b/charts/rancher-monitoring/templates/prometheus/additionalPrometheusRules.yaml deleted file mode 100644 index cb4aaba..0000000 --- a/charts/rancher-monitoring/templates/prometheus/additionalPrometheusRules.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if or .Values.additionalPrometheusRules .Values.additionalPrometheusRulesMap}} -apiVersion: v1 -kind: List -metadata: - name: {{ include "kube-prometheus-stack.fullname" $ }}-additional-prometheus-rules - namespace: {{ template "kube-prometheus-stack.namespace" . }} -items: -{{- if .Values.additionalPrometheusRulesMap }} -{{- range $prometheusRuleName, $prometheusRule := .Values.additionalPrometheusRulesMap }} - - apiVersion: monitoring.coreos.com/v1 - kind: PrometheusRule - metadata: - name: {{ template "kube-prometheus-stack.name" $ }}-{{ $prometheusRuleName }} - namespace: {{ template "kube-prometheus-stack.namespace" $ }} - labels: - app: {{ template "kube-prometheus-stack.name" $ }} -{{ include "kube-prometheus-stack.labels" $ | indent 8 }} - {{- if $prometheusRule.additionalLabels }} -{{ toYaml $prometheusRule.additionalLabels | indent 8 }} - {{- end }} - spec: - groups: -{{ toYaml $prometheusRule.groups| indent 8 }} -{{- end }} -{{- else }} -{{- range .Values.additionalPrometheusRules }} - - apiVersion: monitoring.coreos.com/v1 - kind: PrometheusRule - metadata: - name: {{ template "kube-prometheus-stack.name" $ }}-{{ .name }} - namespace: {{ template "kube-prometheus-stack.namespace" $ }} - labels: - app: {{ template "kube-prometheus-stack.name" $ }} -{{ include "kube-prometheus-stack.labels" $ | indent 8 }} - {{- if .additionalLabels }} -{{ toYaml .additionalLabels | indent 8 }} - {{- end }} - spec: - groups: -{{ toYaml .groups| indent 8 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/nginx-config.yaml b/charts/rancher-monitoring/templates/prometheus/nginx-config.yaml deleted file mode 100644 index e4d91f9..0000000 --- a/charts/rancher-monitoring/templates/prometheus/nginx-config.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: prometheus-nginx-proxy-config - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.prometheus.annotations }} - annotations: -{{ toYaml .Values.prometheus.annotations | indent 4 }} -{{- end }} -data: - nginx.conf: |- - worker_processes auto; - error_log /dev/stdout warn; - pid /var/cache/nginx/nginx.pid; - - events { - worker_connections 1024; - } - - http { - include /etc/nginx/mime.types; - log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; - - proxy_connect_timeout 10; - proxy_read_timeout 180; - proxy_send_timeout 5; - proxy_buffering off; - proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; - - server { - listen 8081; - access_log off; - - gzip on; - gzip_min_length 1k; - gzip_comp_level 2; - gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; - gzip_vary on; - gzip_disable "MSIE [1-6]\."; - - proxy_set_header Host $host; - - location / { - proxy_cache my_zone; - proxy_cache_valid 200 302 1d; - proxy_cache_valid 301 30d; - proxy_cache_valid any 5m; - proxy_cache_bypass $http_cache_control; - add_header X-Proxy-Cache $upstream_cache_status; - add_header Cache-Control "public"; - - proxy_pass http://localhost:9090/; - - sub_filter_once off; - sub_filter 'var PATH_PREFIX = "";' 'var PATH_PREFIX = ".";'; - - if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { - expires 90d; - } - - rewrite ^/k8s/clusters/.*/proxy(.*) /$1 break; - - } - } - } diff --git a/charts/rancher-monitoring/templates/prometheus/psp-clusterrole.yaml b/charts/rancher-monitoring/templates/prometheus/psp-clusterrole.yaml deleted file mode 100644 index 872feb6..0000000 --- a/charts/rancher-monitoring/templates/prometheus/psp-clusterrole.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -rules: -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-prometheus-stack.fullname" . }}-prometheus -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/psp-clusterrolebinding.yaml b/charts/rancher-monitoring/templates/prometheus/psp-clusterrolebinding.yaml deleted file mode 100644 index 50e3617..0000000 --- a/charts/rancher-monitoring/templates/prometheus/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp -subjects: - - kind: ServiceAccount - name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/psp.yaml b/charts/rancher-monitoring/templates/prometheus/psp.yaml deleted file mode 100644 index b53808d..0000000 --- a/charts/rancher-monitoring/templates/prometheus/psp.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus -{{- if .Values.global.rbac.pspAnnotations }} - annotations: -{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} -{{- end }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - privileged: false - # Allow core volume types. - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' -{{- if .Values.prometheus.podSecurityPolicy.volumes }} -{{ toYaml .Values.prometheus.podSecurityPolicy.volumes | indent 4 }} -{{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false -{{- if .Values.prometheus.podSecurityPolicy.allowedCapabilities }} - allowedCapabilities: -{{ toYaml .Values.prometheus.podSecurityPolicy.allowedCapabilities | indent 4 }} -{{- end }} -{{- if .Values.prometheus.podSecurityPolicy.allowedHostPaths }} - allowedHostPaths: -{{ toYaml .Values.prometheus.podSecurityPolicy.allowedHostPaths | indent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.pod_owner.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.pod_owner.yaml deleted file mode 100644 index 43207a7..0000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.pod_owner.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{- /* -Generated from 'k8s.rules.pod-owner' group from https://github.com/prometheus-operator/kube-prometheus.git -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.k8sPodOwner }} -{{- $kubeStateMetricsJob := include "kube-prometheus-stack-kube-state-metrics.name" . }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "k8s.rules.pod-owner" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: k8s.rules.pod_owner - rules: - - expr: |- - max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, workload, pod) ( - label_replace( - label_replace( - kube_pod_owner{job="{{ $kubeStateMetricsJob }}", owner_kind="ReplicaSet"}, - "replicaset", "$1", "owner_name", "(.*)" - ) * on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}replicaset, namespace) group_left(owner_name) topk by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}replicaset, namespace) ( - 1, max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}replicaset, namespace, owner_name) ( - kube_replicaset_owner{job="{{ $kubeStateMetricsJob }}"} - ) - ), - "workload", "$1", "owner_name", "(.*)" - ) - ) - labels: - workload_type: deployment - {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} - {{- with .Values.defaultRules.additionalRuleLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - record: namespace_workload_pod:kube_pod_owner:relabel - - expr: |- - max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, workload, pod) ( - label_replace( - kube_pod_owner{job="{{ $kubeStateMetricsJob }}", owner_kind="DaemonSet"}, - "workload", "$1", "owner_name", "(.*)" - ) - ) - labels: - workload_type: daemonset - {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} - {{- with .Values.defaultRules.additionalRuleLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - record: namespace_workload_pod:kube_pod_owner:relabel - - expr: |- - max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, workload, pod) ( - label_replace( - kube_pod_owner{job="{{ $kubeStateMetricsJob }}", owner_kind="StatefulSet"}, - "workload", "$1", "owner_name", "(.*)" - ) - ) - labels: - workload_type: statefulset - {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} - {{- with .Values.defaultRules.additionalRuleLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - record: namespace_workload_pod:kube_pod_owner:relabel - - expr: |- - max by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster, namespace, workload, pod) ( - label_replace( - kube_pod_owner{job="{{ $kubeStateMetricsJob }}", owner_kind="Job"}, - "workload", "$1", "owner_name", "(.*)" - ) - ) - labels: - workload_type: job - {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} - {{- with .Values.defaultRules.additionalRuleLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.defaultRules.additionalRuleGroupLabels.k8sPodOwner }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - record: namespace_workload_pod:kube_pod_owner:relabel -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.yaml deleted file mode 100644 index c61bd22..0000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.yaml +++ /dev/null @@ -1,237 +0,0 @@ -{{- /* -Generated from 'k8s.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.k8s }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "k8s.rules" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: k8s.rules - rules: - - expr: |- - sum by (cluster, namespace, pod, container) ( - irate(container_cpu_usage_seconds_total{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics/cadvisor", image!=""}[5m]) - ) * on (cluster, namespace, pod) group_left(node) topk by (cluster, namespace, pod) ( - 1, max by(cluster, namespace, pod, node) (kube_pod_info{node!=""}) - ) - record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate - {{- if .Values.defaultRules.additionalRuleLabels }} - labels: - {{ toYaml .Values.defaultRules.additionalRuleLabels | nindent 8 }} - {{- end }} - - expr: |- - container_memory_working_set_bytes{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} - * on (cluster, namespace, pod) group_left(node) topk by(cluster, namespace, pod) (1, - max by(cluster, namespace, pod, node) (kube_pod_info{node!=""}) - ) - record: node_namespace_pod_container:container_memory_working_set_bytes - {{- if .Values.defaultRules.additionalRuleLabels }} - labels: - {{ toYaml .Values.defaultRules.additionalRuleLabels | nindent 8 }} - {{- end }} - - expr: |- - container_memory_rss{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} - * on (cluster, namespace, pod) group_left(node) topk by(cluster, namespace, pod) (1, - max by(cluster, namespace, pod, node) (kube_pod_info{node!=""}) - ) - record: node_namespace_pod_container:container_memory_rss - {{- if .Values.defaultRules.additionalRuleLabels }} - labels: - {{ toYaml .Values.defaultRules.additionalRuleLabels | nindent 8 }} - {{- end }} - - expr: |- - container_memory_cache{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} - * on (cluster, namespace, pod) group_left(node) topk by(cluster, namespace, pod) (1, - max by(cluster, namespace, pod, node) (kube_pod_info{node!=""}) - ) - record: node_namespace_pod_container:container_memory_cache - {{- if .Values.defaultRules.additionalRuleLabels }} - labels: - {{ toYaml .Values.defaultRules.additionalRuleLabels | nindent 8 }} - {{- end }} - - expr: |- - container_memory_swap{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} - * on (cluster, namespace, pod) group_left(node) topk by(cluster, namespace, pod) (1, - max by(cluster, namespace, pod, node) (kube_pod_info{node!=""}) - ) - record: node_namespace_pod_container:container_memory_swap - {{- if .Values.defaultRules.additionalRuleLabels }} - labels: - {{ toYaml .Values.defaultRules.additionalRuleLabels | nindent 8 }} - {{- end }} - - expr: |- - kube_pod_container_resource_requests{resource="memory",job="kube-state-metrics"} * on (namespace, pod, cluster) - group_left() max by (namespace, pod, cluster) ( - (kube_pod_status_phase{phase=~"Pending|Running"} == 1) - ) - record: cluster:namespace:pod_memory:active:kube_pod_container_resource_requests - {{- if .Values.defaultRules.additionalRuleLabels }} - labels: - {{ toYaml .Values.defaultRules.additionalRuleLabels | nindent 8 }} - {{- end }} - - expr: |- - sum by (namespace, cluster) ( - sum by (namespace, pod, cluster) ( - max by (namespace, pod, container, cluster) ( - kube_pod_container_resource_requests{resource="memory",job="kube-state-metrics"} - ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) ( - kube_pod_status_phase{phase=~"Pending|Running"} == 1 - ) - ) - ) - record: namespace_memory:kube_pod_container_resource_requests:sum - {{- if .Values.defaultRules.additionalRuleLabels }} - labels: - {{ toYaml .Values.defaultRules.additionalRuleLabels | nindent 8 }} - {{- end }} - - expr: |- - kube_pod_container_resource_requests{resource="cpu",job="kube-state-metrics"} * on (namespace, pod, cluster) - group_left() max by (namespace, pod, cluster) ( - (kube_pod_status_phase{phase=~"Pending|Running"} == 1) - ) - record: cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests - {{- if .Values.defaultRules.additionalRuleLabels }} - labels: - {{ toYaml .Values.defaultRules.additionalRuleLabels | nindent 8 }} - {{- end }} - - expr: |- - sum by (namespace, cluster) ( - sum by (namespace, pod, cluster) ( - max by (namespace, pod, container, cluster) ( - kube_pod_container_resource_requests{resource="cpu",job="kube-state-metrics"} - ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) ( - kube_pod_status_phase{phase=~"Pending|Running"} == 1 - ) - ) - ) - record: namespace_cpu:kube_pod_container_resource_requests:sum - {{- if .Values.defaultRules.additionalRuleLabels }} - labels: - {{ toYaml .Values.defaultRules.additionalRuleLabels | nindent 8 }} - {{- end }} - - expr: |- - kube_pod_container_resource_limits{resource="memory",job="kube-state-metrics"} * on (namespace, pod, cluster) - group_left() max by (namespace, pod, cluster) ( - (kube_pod_status_phase{phase=~"Pending|Running"} == 1) - ) - record: cluster:namespace:pod_memory:active:kube_pod_container_resource_limits - {{- if .Values.defaultRules.additionalRuleLabels }} - labels: - {{ toYaml .Values.defaultRules.additionalRuleLabels | nindent 8 }} - {{- end }} - - expr: |- - sum by (namespace, cluster) ( - sum by (namespace, pod, cluster) ( - max by (namespace, pod, container, cluster) ( - kube_pod_container_resource_limits{resource="memory",job="kube-state-metrics"} - ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) ( - kube_pod_status_phase{phase=~"Pending|Running"} == 1 - ) - ) - ) - record: namespace_memory:kube_pod_container_resource_limits:sum - {{- if .Values.defaultRules.additionalRuleLabels }} - labels: - {{ toYaml .Values.defaultRules.additionalRuleLabels | nindent 8 }} - {{- end }} - - expr: |- - kube_pod_container_resource_limits{resource="cpu",job="kube-state-metrics"} * on (namespace, pod, cluster) - group_left() max by (namespace, pod, cluster) ( - (kube_pod_status_phase{phase=~"Pending|Running"} == 1) - ) - record: cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits - {{- if .Values.defaultRules.additionalRuleLabels }} - labels: - {{ toYaml .Values.defaultRules.additionalRuleLabels | nindent 8 }} - {{- end }} - - expr: |- - sum by (namespace, cluster) ( - sum by (namespace, pod, cluster) ( - max by (namespace, pod, container, cluster) ( - kube_pod_container_resource_limits{resource="cpu",job="kube-state-metrics"} - ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) ( - kube_pod_status_phase{phase=~"Pending|Running"} == 1 - ) - ) - ) - record: namespace_cpu:kube_pod_container_resource_limits:sum - {{- if .Values.defaultRules.additionalRuleLabels }} - labels: - {{ toYaml .Values.defaultRules.additionalRuleLabels | nindent 8 }} - {{- end }} - - expr: |- - max by (cluster, namespace, workload, pod) ( - label_replace( - label_replace( - kube_pod_owner{job="kube-state-metrics", owner_kind="ReplicaSet"}, - "replicaset", "$1", "owner_name", "(.*)" - ) * on(replicaset, namespace) group_left(owner_name) topk by(replicaset, namespace) ( - 1, max by (replicaset, namespace, owner_name) ( - kube_replicaset_owner{job="kube-state-metrics"} - ) - ), - "workload", "$1", "owner_name", "(.*)" - ) - ) - labels: - workload_type: deployment - {{- if .Values.defaultRules.additionalRuleLabels }} - {{ toYaml .Values.defaultRules.additionalRuleLabels | nindent 8 }} - {{- end }} - record: namespace_workload_pod:kube_pod_owner:relabel - - expr: |- - max by (cluster, namespace, workload, pod) ( - label_replace( - kube_pod_owner{job="kube-state-metrics", owner_kind="DaemonSet"}, - "workload", "$1", "owner_name", "(.*)" - ) - ) - labels: - workload_type: daemonset - {{- if .Values.defaultRules.additionalRuleLabels }} - {{ toYaml .Values.defaultRules.additionalRuleLabels | nindent 8 }} - {{- end }} - record: namespace_workload_pod:kube_pod_owner:relabel - - expr: |- - max by (cluster, namespace, workload, pod) ( - label_replace( - kube_pod_owner{job="kube-state-metrics", owner_kind="StatefulSet"}, - "workload", "$1", "owner_name", "(.*)" - ) - ) - labels: - workload_type: statefulset - {{- if .Values.defaultRules.additionalRuleLabels }} - {{ toYaml .Values.defaultRules.additionalRuleLabels | nindent 8 }} - {{- end }} - record: namespace_workload_pod:kube_pod_owner:relabel - - expr: |- - max by (cluster, namespace, workload, pod) ( - label_replace( - kube_pod_owner{job="kube-state-metrics", owner_kind="Job"}, - "workload", "$1", "owner_name", "(.*)" - ) - ) - labels: - workload_type: job - {{- if .Values.defaultRules.additionalRuleLabels }} - {{ toYaml .Values.defaultRules.additionalRuleLabels | nindent 8 }} - {{- end }} - record: namespace_workload_pod:kube_pod_owner:relabel -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/clusterrole.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/clusterrole.yaml deleted file mode 100644 index 56ca9f5..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/clusterrole.yaml +++ /dev/null @@ -1,135 +0,0 @@ -{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: monitoring-admin - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} - {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} - rbac.authorization.k8s.io/aggregate-to-admin: "true" - {{- end }} -rules: -- apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - prometheuses/finalizers - - alertmanagers/finalizers - verbs: - - 'get' - - 'list' - - 'watch' -- apiGroups: - - monitoring.coreos.com - resources: - - thanosrulers - - thanosrulers/finalizers - - servicemonitors - - podmonitors - - prometheusrules - - podmonitors - - probes - - probes/finalizers - - alertmanagerconfigs - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: monitoring-edit - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} - {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} - rbac.authorization.k8s.io/aggregate-to-edit: "true" - {{- end }} -rules: -- apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - prometheuses/finalizers - - alertmanagers/finalizers - verbs: - - 'get' - - 'list' - - 'watch' -- apiGroups: - - monitoring.coreos.com - resources: - - thanosrulers - - thanosrulers/finalizers - - servicemonitors - - podmonitors - - prometheusrules - - podmonitors - - probes - - alertmanagerconfigs - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: monitoring-view - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} - {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} - rbac.authorization.k8s.io/aggregate-to-view: "true" - {{- end }} -rules: -- apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - prometheuses/finalizers - - alertmanagers/finalizers - - thanosrulers - - thanosrulers/finalizers - - servicemonitors - - podmonitors - - prometheusrules - - podmonitors - - probes - - probes/finalizers - - alertmanagerconfigs - verbs: - - 'get' - - 'list' - - 'watch' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: monitoring-ui-view - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - services/proxy - resourceNames: - - "http:{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}" - - "https:{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}" - - "http:{{ template "kube-prometheus-stack.fullname" . }}-alertmanager:{{ .Values.alertmanager.service.port }}" - - "https:{{ template "kube-prometheus-stack.fullname" . }}-alertmanager:{{ .Values.alertmanager.service.port }}" -{{- if .Values.grafana.enabled }} - - "http:{{ include "call-nested" (list . "grafana" "grafana.fullname") }}:{{ .Values.grafana.service.port }}" - - "https:{{ include "call-nested" (list . "grafana" "grafana.fullname") }}:{{ .Values.grafana.service.port }}" -{{- end }} - verbs: - - 'get' - - 'create' -- apiGroups: - - "" - resourceNames: - - {{ template "kube-prometheus-stack.fullname" . }}-prometheus - - {{ template "kube-prometheus-stack.fullname" . }}-alertmanager -{{- if .Values.grafana.enabled }} - - {{ include "call-nested" (list . "grafana" "grafana.fullname") }} -{{- end }} - resources: - - endpoints - verbs: - - list -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/config-role.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/config-role.yaml deleted file mode 100644 index f48ffc8..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/config-role.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: monitoring-config-admin - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: monitoring-config-edit - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: monitoring-config-view - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - 'get' - - 'list' - - 'watch' -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboard-role.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboard-role.yaml deleted file mode 100644 index d2f8197..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboard-role.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create .Values.grafana.enabled }} -{{- if .Values.grafana.defaultDashboardsEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: monitoring-dashboard-admin - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: monitoring-dashboard-edit - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: monitoring-dashboard-view - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - 'get' - - 'list' - - 'watch' -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml deleted file mode 100644 index 7b51a0b..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.ingressNginx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "ingress-nginx" | trunc 63 | trimSuffix "-" }} - {{- if .Values.grafana.sidecar.dashboards.annotations }} - annotations: {{ toYaml .Values.grafana.sidecar.dashboards.annotations | nindent 4 }} - {{- end }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ (.Files.Glob "files/ingress-nginx/*").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml deleted file mode 100644 index d73b257..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: rancher-default-dashboards-cluster - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ (.Files.Glob "files/rancher/cluster/*").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml deleted file mode 100644 index 8865efa..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: rancher-default-dashboards-home - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ (.Files.Glob "files/rancher/home/*").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/fleet-dashboards.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/fleet-dashboards.yaml deleted file mode 100644 index 9b05cea..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/fleet-dashboards.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: rancher-fleet-dashboards - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ (.Files.Glob "files/rancher/fleet/*").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/fluentbit-dashboard.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/fluentbit-dashboard.yaml deleted file mode 100644 index b2d1bfc..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/fluentbit-dashboard.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.loggingMonitors.fluentbit.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: rancher-fluentbit-dashboard - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ (.Files.Glob "files/rancher/logging/fluentbit.json").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/fluentd-dashboard.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/fluentd-dashboard.yaml deleted file mode 100644 index 66c9cb8..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/fluentd-dashboard.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.loggingMonitors.fluentd.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: rancher-fluentd-dashboard - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ (.Files.Glob "files/rancher/logging/fluentd.json").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml deleted file mode 100644 index 2afae10..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- $files := (.Files.Glob "files/rancher/k8s/*").AsConfig }} -{{- $filesDict := (fromYaml $files) }} -{{- if not (include "exporter.kubeEtcd.enabled" .) }} -{{- $filesDict = (unset $filesDict "rancher-etcd-nodes.json") -}} -{{- $filesDict = (unset $filesDict "rancher-etcd.json") -}} -{{- end }} -{{- if not (include "exporter.kubeControllerManager.enabled" .) }} -{{- $filesDict = (unset $filesDict "rancher-k8s-components-nodes.json") -}} -{{- $filesDict = (unset $filesDict "rancher-k8s-components.json") -}} -{{- else }} -{{- $_ := (set $filesDict "rancher-k8s-components-nodes.json" (get $filesDict "rancher-k8s-components-nodes.json" | replace "kube-controller-manager" (include "exporter.kubeControllerManager.jobName" .))) -}} -{{- $_ := (set $filesDict "rancher-k8s-components.json" (get $filesDict "rancher-k8s-components.json" | replace "kube-controller-manager" (include "exporter.kubeControllerManager.jobName" .))) -}} -{{- end }} -{{ $files = (toYaml $filesDict) }} -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: rancher-default-dashboards-k8s - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ $files | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml deleted file mode 100644 index 172c36e..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: rancher-default-dashboards-nodes - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ (.Files.Glob "files/rancher/nodes/*").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/performance-dashboards.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/performance-dashboards.yaml deleted file mode 100644 index 19836ec..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/performance-dashboards.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $selector := (include "rancher.serviceMonitor.selector" .) -}} -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.rancherMonitoring.enabled $selector }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: rancher-default-dashboards-performance-debugging - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ (.Files.Glob "files/rancher/performance/*").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml deleted file mode 100644 index 940f188..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: rancher-default-dashboards-pods - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ (.Files.Glob "files/rancher/pods/*").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml deleted file mode 100644 index d146dac..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: rancher-default-dashboards-workloads - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ (.Files.Glob "files/rancher/workloads/*").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/exporters/fleet/servicemonitor.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/exporters/fleet/servicemonitor.yaml deleted file mode 100644 index 90d24c2..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/exporters/fleet/servicemonitor.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if .Values.rancherMonitoring.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} - name: monitoring-fleet-controller - namespace: cattle-fleet-system -spec: - endpoints: - - port: metrics - metricRelabelings: - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} - jobLabel: fleet - selector: - matchLabels: - app: fleet-controller -{{- end }} ---- -{{- if .Values.rancherMonitoring.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} - name: monitoring-gitops-controller - namespace: cattle-fleet-system -spec: - endpoints: - - port: metrics - metricRelabelings: - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} - jobLabel: gitops - selector: - matchLabels: - app: gitjob -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/network-policy.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/network-policy.yaml deleted file mode 100644 index 07d3c03..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/network-policy.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rke2IngressNginx.networkPolicy.enabled }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - annotations: - np.rke2.io/ingress: resolved - name: rke2-ingress-network-policy - namespace: {{ include "rke2-ingress-nginx.namespace" . }} -spec: - ingress: - - ports: - - port: {{ .Values.rke2IngressNginx.metricsPort }} - protocol: TCP - podSelector: - matchLabels: - app.kubernetes.io/name: rke2-ingress-nginx - policyTypes: - - Ingress - {{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml deleted file mode 100644 index 53a9ad6..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and (not .Values.ingressNginx.enabled) (.Values.rkeIngressNginx.enabled) }} -{{- fail "Cannot set .Values.rkeIngressNginx.enabled=true when .Values.ingressNginx.enabled=false" }} -{{- end }} -{{- if and .Values.ingressNginx.enabled (not .Values.rkeIngressNginx.enabled) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-ingress-nginx - labels: - app: {{ template "kube-prometheus-stack.name" . }}-ingress-nginx - jobLabel: ingress-nginx -{{ include "kube-prometheus-stack.labels" . | indent 4 }} - namespace: {{ .Values.ingressNginx.namespace }} -spec: - clusterIP: None - ports: - - name: http-metrics - port: {{ .Values.ingressNginx.service.port }} - protocol: TCP - targetPort: {{ .Values.ingressNginx.service.targetPort }} - selector: - {{- if .Values.ingressNginx.service.selector }} -{{ toYaml .Values.ingressNginx.service.selector | indent 4 }} - {{- else }} - app: ingress-nginx - {{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml deleted file mode 100644 index b0f92e6..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if and (not .Values.ingressNginx.enabled) (.Values.rkeIngressNginx.enabled) }} -{{- fail "Cannot set .Values.rkeIngressNginx.enabled=true when .Values.ingressNginx.enabled=false" }} -{{- end }} -{{- if and .Values.ingressNginx.enabled (not .Values.rkeIngressNginx.enabled) }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-ingress-nginx - namespace: {{ .Values.ingressNginx.namespace }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-ingress-nginx -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - jobLabel: jobLabel - selector: - matchLabels: - app: {{ template "kube-prometheus-stack.name" . }}-ingress-nginx - release: {{ $.Release.Name | quote }} - namespaceSelector: - matchNames: - - {{ .Values.ingressNginx.namespace }} - endpoints: - - port: http-metrics - {{- if .Values.ingressNginx.serviceMonitor.interval}} - interval: {{ .Values.ingressNginx.serviceMonitor.interval }} - {{- end }} - {{- if .Values.ingressNginx.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.ingressNginx.serviceMonitor.proxyUrl}} - {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - metricRelabelings: - {{- if .Values.ingressNginx.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.ingressNginx.serviceMonitor.metricRelabelings | indent 4) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} -{{- if .Values.ingressNginx.serviceMonitor.relabelings }} - relabelings: -{{ toYaml .Values.ingressNginx.serviceMonitor.relabelings | indent 4 }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/exporters/rancher/servicemonitor.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/exporters/rancher/servicemonitor.yaml deleted file mode 100644 index 1fba8f2..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/exporters/rancher/servicemonitor.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- $selector := (include "rancher.serviceMonitor.selector" .) -}} -{{- if and .Values.rancherMonitoring.enabled $selector }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} - name: rancher - namespace: cattle-system -spec: - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - port: http - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecureSkipVerify: true - serverName: rancher - metricRelabelings: - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} - jobLabel: rancher -{{- if .Values.rancherMonitoring.namespaceSelector }} - namespaceSelector: {{ .Values.rancherMonitoring.namespaceSelector | toYaml | nindent 4 }} -{{- end }} - selector: {{ include "rancher.serviceMonitor.selector" . | nindent 4 }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-rancher-metrics -rules: -- apiGroups: - - management.cattle.io - resources: - - ranchermetrics - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-rancher-metrics -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-prometheus-stack.fullname" . }}-rancher-metrics -subjects: - - kind: ServiceAccount - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/hardened.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/hardened.yaml deleted file mode 100644 index 63bac7f..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/hardened.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- $namespaces := dict "_0" .Release.Namespace -}} -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled (not .Values.grafana.defaultDashboards.useExistingNamespace) -}} -{{- $_ := set $namespaces "_1" .Values.grafana.defaultDashboards.namespace -}} -{{- end -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Chart.Name }}-patch-sa - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Chart.Name }}-patch-sa - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation -spec: - template: - metadata: - name: {{ .Chart.Name }}-patch-sa - labels: - app: {{ .Chart.Name }}-patch-sa - spec: - serviceAccountName: {{ .Chart.Name }}-patch-sa - securityContext: - runAsNonRoot: true - runAsUser: 1000 - restartPolicy: Never - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} - containers: - {{- range $_, $ns := $namespaces }} - - name: patch-sa-{{ $ns }} - image: {{ template "system_default_registry" $ }}{{ $.Values.global.kubectl.repository }}:{{ $.Values.global.kubectl.tag }} - imagePullPolicy: {{ $.Values.global.kubectl.pullPolicy }} - command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] - args: ["-n", "{{ $ns }}"] - {{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Chart.Name }}-patch-sa - labels: - app: {{ .Chart.Name }}-patch-sa -rules: -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: ['get', 'patch'] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Chart.Name }}-patch-sa - labels: - app: {{ .Chart.Name }}-patch-sa -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Chart.Name }}-patch-sa -subjects: -- kind: ServiceAccount - name: {{ .Chart.Name }}-patch-sa - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Chart.Name }}-patch-sa - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Chart.Name }}-patch-sa ---- -{{- if .Values.hardened.k3s.networkPolicy.enabled }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: rancher-monitoring-coredns-allow-all - namespace: kube-system -spec: - ingress: - - {} - egress: - - {} - policyTypes: - - Ingress - - Egress - podSelector: - matchLabels: - k8s-app: kube-dns -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/configmap.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/configmap.yaml deleted file mode 100644 index 53cb898..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.upgrade.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - namespace: {{ template "kube-prometheus-stack.namespace" . }} - annotations: - "helm.sh/hook": pre-upgrade, pre-rollback - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed - "helm.sh/hook-weight": "0" -data: -{{ (.Files.Glob "files/upgrade/scripts/*").AsConfig | indent 2 }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/job.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/job.yaml deleted file mode 100644 index 8f27717..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/job.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.upgrade.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - annotations: - "helm.sh/hook": pre-upgrade, pre-rollback - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed - "helm.sh/hook-weight": "2" -spec: - template: - metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - labels: - app: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - spec: - serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - securityContext: - runAsNonRoot: false - runAsUser: 0 - restartPolicy: Never - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} - containers: - - name: run-scripts - image: {{ template "system_default_registry" . }}{{ .Values.upgrade.image.repository }}:{{ .Values.upgrade.image.tag }} - imagePullPolicy: {{ $.Values.global.kubectl.pullPolicy }} - command: - - /bin/sh - - -c - - > - for s in $(find /etc/scripts -type f); do - echo "Running $s..."; - cat $s | bash - done; - volumeMounts: - - name: upgrade - mountPath: /etc/scripts - volumes: - - name: upgrade - configMap: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/rbac.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/rbac.yaml deleted file mode 100644 index 46bdd3a..0000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/rbac.yaml +++ /dev/null @@ -1,86 +0,0 @@ -{{- if .Values.upgrade.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - annotations: - "helm.sh/hook": pre-upgrade, pre-rollback - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded - "helm.sh/hook-weight": "1" -rules: -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - statefulsets - verbs: - - 'list' - - 'delete' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - annotations: - "helm.sh/hook": pre-upgrade, pre-rollback - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed - "helm.sh/hook-weight": "1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade -subjects: -- kind: ServiceAccount - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - namespace: {{ template "kube-prometheus-stack.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - labels: - app: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - annotations: - "helm.sh/hook": pre-upgrade, pre-rollback - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed - "helm.sh/hook-weight": "1" -rules: ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - labels: - app: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - annotations: - "helm.sh/hook": pre-upgrade, pre-rollback - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed - "helm.sh/hook-weight": "1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade -subjects: -- kind: ServiceAccount - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - namespace: {{ template "kube-prometheus-stack.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - annotations: - "helm.sh/hook": pre-upgrade, pre-rollback - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed - "helm.sh/hook-weight": "1" -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/validate-install-crd.yaml b/charts/rancher-monitoring/templates/validate-install-crd.yaml deleted file mode 100644 index 6fcb8b3..0000000 --- a/charts/rancher-monitoring/templates/validate-install-crd.yaml +++ /dev/null @@ -1,23 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1alpha1/AlertmanagerConfig" false -}} -# {{- set $found "monitoring.coreos.com/v1/Alertmanager" false -}} -# {{- set $found "monitoring.coreos.com/v1/PodMonitor" false -}} -# {{- set $found "monitoring.coreos.com/v1/Probe" false -}} -# {{- set $found "monitoring.coreos.com/v1alpha1/PrometheusAgent" false -}} -# {{- set $found "monitoring.coreos.com/v1/Prometheus" false -}} -# {{- set $found "monitoring.coreos.com/v1/PrometheusRule" false -}} -# {{- set $found "monitoring.coreos.com/v1alpha1/ScrapeConfig" false -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- set $found "monitoring.coreos.com/v1/ThanosRuler" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/validate-psp-install.yaml b/charts/rancher-monitoring/templates/validate-psp-install.yaml deleted file mode 100644 index b115feb..0000000 --- a/charts/rancher-monitoring/templates/validate-psp-install.yaml +++ /dev/null @@ -1,2 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- end }} diff --git a/charts/uptime-kuma/.helmignore b/charts/uptime-kuma/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/uptime-kuma/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/uptime-kuma/Chart.yaml b/charts/uptime-kuma/Chart.yaml deleted file mode 100644 index 19acc77..0000000 --- a/charts/uptime-kuma/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v2 -appVersion: 1.11.1 -description: A self-hosted Monitoring tool like "Uptime-Robot". -home: https://github.com/dirsigler/uptime-kuma-helm -icon: https://raw.githubusercontent.com/louislam/uptime-kuma/master/public/icon.png -maintainers: -- email: dennis@irsigler.dev - name: dirsigler -name: uptime-kuma -sources: -- https://github.com/louislam/uptime-kuma -type: application -version: 2.1.0 diff --git a/charts/uptime-kuma/my-values/values-prod.yaml b/charts/uptime-kuma/my-values/values-prod.yaml deleted file mode 100644 index a7b980a..0000000 --- a/charts/uptime-kuma/my-values/values-prod.yaml +++ /dev/null @@ -1,20 +0,0 @@ -enabled: true - -image: - tag: "2.0.2" - - -volume: - enabled: true - storageClassName: nfs-client - accessMode: ReadWriteOnce - size: 5Gi - -service: - type: ClusterIP - port: 3001 - -ingress: - enabled: false - -replicaCount: 1 \ No newline at end of file diff --git a/charts/uptime-kuma/templates/NOTES.txt b/charts/uptime-kuma/templates/NOTES.txt deleted file mode 100644 index b193641..0000000 --- a/charts/uptime-kuma/templates/NOTES.txt +++ /dev/null @@ -1,23 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "uptime-kuma.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "uptime-kuma.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "uptime-kuma.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "uptime-kuma.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:3001 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 3001:$CONTAINER_PORT -{{- end }} - \ No newline at end of file diff --git a/charts/uptime-kuma/templates/_helpers.tpl b/charts/uptime-kuma/templates/_helpers.tpl deleted file mode 100644 index 1c0fa87..0000000 --- a/charts/uptime-kuma/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "uptime-kuma.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "uptime-kuma.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "uptime-kuma.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "uptime-kuma.labels" -}} -helm.sh/chart: {{ include "uptime-kuma.chart" . }} -{{ include "uptime-kuma.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "uptime-kuma.selectorLabels" -}} -app.kubernetes.io/name: {{ include "uptime-kuma.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "uptime-kuma.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "uptime-kuma.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/uptime-kuma/templates/deployment.yaml b/charts/uptime-kuma/templates/deployment.yaml deleted file mode 100644 index 1e612f2..0000000 --- a/charts/uptime-kuma/templates/deployment.yaml +++ /dev/null @@ -1,76 +0,0 @@ -{{- if .Values.useDeploy -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "uptime-kuma.fullname" . }} - labels: - {{- include "uptime-kuma.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "uptime-kuma.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "uptime-kuma.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "uptime-kuma.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: 3001 - protocol: TCP - {{ if .Values.volume.enabled -}} - volumeMounts: - - mountPath: /app/data - name: storage - {{ end }} - livenessProbe: - exec: - command: - - node - - extra/healthcheck.js - readinessProbe: - httpGet: - path: / - port: 3001 - scheme: HTTP - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{ if .Values.volume.enabled -}} - volumes: - - name: storage - persistentVolumeClaim: - claimName: {{ include "uptime-kuma.fullname" . }}-pvc - {{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/uptime-kuma/templates/ingress.yaml b/charts/uptime-kuma/templates/ingress.yaml deleted file mode 100644 index 4fd4a66..0000000 --- a/charts/uptime-kuma/templates/ingress.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "uptime-kuma.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "uptime-kuma.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/uptime-kuma/templates/pvc.yaml b/charts/uptime-kuma/templates/pvc.yaml deleted file mode 100644 index 6669e4c..0000000 --- a/charts/uptime-kuma/templates/pvc.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.useDeploy -}} -{{- if .Values.volume.enabled -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "uptime-kuma.fullname" . }}-pvc - labels: - {{- include "uptime-kuma.labels" . | nindent 4 }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.volume.size | quote }} - storageClassName: {{ .Values.volume.storageClassName | default "standard"}} - volumeMode: Filesystem -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/uptime-kuma/templates/service.yaml b/charts/uptime-kuma/templates/service.yaml deleted file mode 100644 index 47d120b..0000000 --- a/charts/uptime-kuma/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "uptime-kuma.fullname" . }} - labels: - {{- include "uptime-kuma.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: 3001 - protocol: TCP - name: http - selector: - {{- include "uptime-kuma.selectorLabels" . | nindent 4 }} diff --git a/charts/uptime-kuma/templates/serviceaccount.yaml b/charts/uptime-kuma/templates/serviceaccount.yaml deleted file mode 100644 index 77a13d3..0000000 --- a/charts/uptime-kuma/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "uptime-kuma.serviceAccountName" . }} - labels: - {{- include "uptime-kuma.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/uptime-kuma/templates/statefulset.yaml b/charts/uptime-kuma/templates/statefulset.yaml deleted file mode 100644 index 3a079d8..0000000 --- a/charts/uptime-kuma/templates/statefulset.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if not .Values.useDeploy -}} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "uptime-kuma.fullname" . }} - labels: - {{- include "uptime-kuma.labels" . | nindent 4 }} -spec: - serviceName: {{ include "uptime-kuma.fullname" . }} - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "uptime-kuma.selectorLabels" . | nindent 6 }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 6 }} - {{- end }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "uptime-kuma.selectorLabels" . | nindent 8 }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - enableServiceLinks: false - serviceAccountName: {{ include "uptime-kuma.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: 3001 - protocol: TCP - {{ if .Values.volume.enabled -}} - volumeMounts: - - mountPath: /app/data - name: storage - {{ end }} - livenessProbe: - exec: - command: - - node - - extra/healthcheck.js - readinessProbe: - httpGet: - path: / - port: 3001 - scheme: HTTP - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{ if .Values.volume.enabled -}} - volumeClaimTemplates: - - metadata: - name: storage - spec: - accessModes: - - {{ .Values.volume.accessMode }} - resources: - requests: - storage: {{ .Values.volume.size }} - storageClassName: {{ .Values.volume.storageClassName | default "standard" }} - volumeMode: Filesystem - {{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/uptime-kuma/templates/tests/test-connection.yaml b/charts/uptime-kuma/templates/tests/test-connection.yaml deleted file mode 100644 index af42e7b..0000000 --- a/charts/uptime-kuma/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "uptime-kuma.fullname" . }}-test-connection" - labels: - {{- include "uptime-kuma.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "uptime-kuma.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/charts/uptime-kuma/values.yaml b/charts/uptime-kuma/values.yaml deleted file mode 100644 index 3814e43..0000000 --- a/charts/uptime-kuma/values.yaml +++ /dev/null @@ -1,118 +0,0 @@ -# Default values for uptime-kuma. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: louislam/uptime-kuma - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "1.11.1-alpine" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -# If this option is set to false a StateFulset instead of a Deployment is used -useDeploy: true - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} -podLabels: - {} - # app: uptime-kuma - -podSecurityContext: - {} - # fsGroup: 2000 - -securityContext: - {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 3001 - -ingress: - enabled: false - className: "" - extraLabels: - {} - # vhost: uptime-kuma.company.corp - annotations: - nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" - nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" - nginx.ingress.kubernetes.io/server-snippets: | - location / { - proxy_set_header Upgrade $http_upgrade; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Upgrade $http_upgrade; - proxy_cache_bypass $http_upgrade; - } - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - - tls: - [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: - {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 10 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -volume: - enabled: true - accessMode: ReadWriteOnce - size: 4Gi - # If you want to use a storage class other than the default, uncomment this - # line and define the storage class name - # storageClassName: diff --git a/manifests/alertmanager/monitoring.yaml b/manifests/alertmanager/monitoring.yaml deleted file mode 100644 index b537325..0000000 --- a/manifests/alertmanager/monitoring.yaml +++ /dev/null @@ -1,15 +0,0 @@ -enabled: true -app: alertmanager -uptime_kuma: - enabled: true - url: https://alertmanager.dvirlabs.com - tag: observability-stack -external_check: - url: https://alertmanager.dvirlabs.com - expected_codes: - '502': critical - '404': warning - '1033': critical -# targets: -# - : -# scheme: http diff --git a/manifests/external-secrets/grafana/external-secret.yaml b/manifests/external-secrets/grafana/external-secret.yaml deleted file mode 100644 index 49423f4..0000000 --- a/manifests/external-secrets/grafana/external-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: grafana-oidc - namespace: monitoring -spec: - refreshInterval: 1h - secretStoreRef: - name: vault-oidc - kind: ClusterSecretStore - target: - name: grafana-oidc-secret - creationPolicy: Owner - data: - - secretKey: client_secret - remoteRef: - key: grafana-oidc - property: client_secret \ No newline at end of file diff --git a/manifests/grafana/monitoring.yaml b/manifests/grafana/monitoring.yaml deleted file mode 100644 index 4c6edd8..0000000 --- a/manifests/grafana/monitoring.yaml +++ /dev/null @@ -1,15 +0,0 @@ -enabled: true -app: grafana -uptime_kuma: - enabled: true - url: https://grafana.dvirlabs.com - tag: observability-stack -external_check: - url: https://grafana.dvirlabs.com - expected_codes: - '502': critical - '404': warning - '1033': critical -# targets: -# - : -# scheme: http diff --git a/manifests/kibana-int/monitoring.yaml b/manifests/kibana-int/monitoring.yaml deleted file mode 100644 index 2df027f..0000000 --- a/manifests/kibana-int/monitoring.yaml +++ /dev/null @@ -1,15 +0,0 @@ -enabled: true -app: kibana-int -uptime_kuma: - enabled: true - url: https://kibana-int.dvirlabs.com - tag: observability-stack -external_check: - url: https://kibana-int.dvirlabs.com - expected_codes: - '502': critical - '404': warning - '1033': critical -# targets: -# - : -# scheme: http diff --git a/manifests/kibana/monitoring.yaml b/manifests/kibana/monitoring.yaml deleted file mode 100644 index 4b4727e..0000000 --- a/manifests/kibana/monitoring.yaml +++ /dev/null @@ -1,15 +0,0 @@ -enabled: true -app: kibana -uptime_kuma: - enabled: true - url: https://kibana.dvirlabs.com - tag: observability-stack -external_check: - url: https://kibana.dvirlabs.com - expected_codes: - '502': critical - '404': warning - '1033': critical -# targets: -# - : -# scheme: http diff --git a/manifests/kube-prometheus-stack/values.yaml b/manifests/kube-prometheus-stack/values.yaml new file mode 100644 index 0000000..e69de29 diff --git a/manifests/kuma/monitoring.yaml b/manifests/kuma/monitoring.yaml deleted file mode 100644 index 98dd111..0000000 --- a/manifests/kuma/monitoring.yaml +++ /dev/null @@ -1,15 +0,0 @@ -enabled: true -app: kuma -uptime_kuma: - enabled: true - url: https://kuma.dvirlabs.com - tag: observability-stack -external_check: - url: https://kuma.dvirlabs.com - expected_codes: - '502': critical - '404': warning - '1033': critical -# targets: -# - : -# scheme: http diff --git a/manifests/prometheus-scrape-secret/additional-scrape-configs.yaml b/manifests/prometheus-scrape-secret/additional-scrape-configs.yaml deleted file mode 100644 index 2e41a85..0000000 --- a/manifests/prometheus-scrape-secret/additional-scrape-configs.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: prometheus-additional-scrape-configs - namespace: monitoring - labels: - app.kubernetes.io/name: prometheus -type: Opaque -stringData: - additional-scrape-configs.yaml: |+ - # This content will be auto-updated by the pipeline - - job_name: harbor - static_configs: - - targets: - - harbor-core.dev-tools.svc.cluster.local:8001 - - - job_name: gitea - static_configs: - - targets: - - gitea-http.dev-tools.svc.cluster.local:3000 - bearer_token: prometheusmetricstoken - - job_name: minio-bitnami - static_configs: - - targets: - - minio.infra.svc.cluster.local:9000 - -... diff --git a/manifests/prometheus/monitoring.yaml b/manifests/prometheus/monitoring.yaml deleted file mode 100644 index 145b3d7..0000000 --- a/manifests/prometheus/monitoring.yaml +++ /dev/null @@ -1,15 +0,0 @@ -enabled: true -app: prometheus -uptime_kuma: - enabled: true - url: https://prometheus.dvirlabs.com - tag: observability-stack -external_check: - url: https://prometheus.dvirlabs.com - expected_codes: - '502': critical - '404': warning - '1033': critical -# targets: -# - : -# scheme: http diff --git a/manifests/rancher-monitoring/grafana/monitoring.yaml b/manifests/rancher-monitoring/grafana/monitoring.yaml deleted file mode 100644 index ff6e85d..0000000 --- a/manifests/rancher-monitoring/grafana/monitoring.yaml +++ /dev/null @@ -1,10 +0,0 @@ -enabled: true -app: grafana - -# External HTTP check: -external_check: - url: https://grafana.dvirlabs.com - expected_codes: - "502": critical - "404": warning - "1033": critical diff --git a/manifests/rancher-monitoring/prometheus/monitoring.yaml b/manifests/rancher-monitoring/prometheus/monitoring.yaml deleted file mode 100644 index 2d87947..0000000 --- a/manifests/rancher-monitoring/prometheus/monitoring.yaml +++ /dev/null @@ -1,10 +0,0 @@ -enabled: true -app: prometheus - -# External HTTP check: -external_check: - url: https://prometheus.dvirlabs.com - expected_codes: - "502": critical - "404": warning - "1033": critical diff --git a/manifests/uptime-kuma/cname.yaml b/manifests/uptime-kuma/cname.yaml deleted file mode 100644 index 7ee448a..0000000 --- a/manifests/uptime-kuma/cname.yaml +++ /dev/null @@ -1,2 +0,0 @@ -enabled: true -hostname: kuma.dvirlabs.com \ No newline at end of file