dvirlabs/observability-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'refactor' (#1) from refactor into master

Browse Source 
Reviewed-on: #1
This commit is contained in:
dvirlabs 2026-04-15 12:07:55 +00:00
commit c312761eee
679 changed files with 80895 additions and 62874 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
applicationsets/eck-resources.yaml
View File

@ -1,38 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: eck-resources
namespace: argocd
spec:
generators:
- list:
elements:
- env: prod
valuesFile: values-prod.yaml
nameSuffix: eck-prod
host: kibana.dvirlabs.com
- env: int
valuesFile: values-int.yaml
nameSuffix: eck-int
host: kibana-int.dvirlabs.com
template:
metadata:
name: '{{nameSuffix}}'
spec:
project: observability
source:
repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
targetRevision: master
path: charts/eck-resources
helm:
valueFiles:
- my-values/{{valuesFile}}
destination:
server: https://kubernetes.default.svc
namespace: monitoring
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

30
applicationsets/external-secrets-appset.yaml
View File

@ -1,30 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: external-secrets-appset
namespace: argocd
spec:
generators:
- git:
repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
revision: master
directories:
- path: manifests/external-secrets
template:
metadata:
name: 'external-secret-{{path.basename}}'
spec:
project: observability
source:
repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
targetRevision: master
path: '{{path}}'
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: monitoring
syncPolicy:
automated:
prune: true
selfHeal: true

28
applicationsets/prometheus-scrape-secret.yaml
View File

@ -1,28 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: prometheus-scrape-secret
namespace: argocd
spec:
generators:
- list:
elements:
- name: prometheus-scrape-secret
template:
metadata:
name: '{{name}}'
spec:
project: observability
source:
repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
targetRevision: HEAD
path: manifests/prometheus-scrape-secret
destination:
server: https://kubernetes.default.svc
namespace: monitoring
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

34
applicationsets/rancher-monitoring-appset.yaml
View File

@ -1,34 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: rancher-monitoring-appset
namespace: argocd
spec:
generators:
- list:
elements:
- env: prod
valuesFile: values-prod.yaml
nameSuffix: rancher-monitoring-prod
host: grafana.dvirlabs.com
template:
metadata:
name: '{{nameSuffix}}'
spec:
project: observability
source:
repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
targetRevision: HEAD
path: charts/rancher-monitoring
helm:
valueFiles:
- my-values/{{valuesFile}}
destination:
server: https://kubernetes.default.svc
namespace: monitoring
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

34
applicationsets/uptime-kuma.yaml
View File

@ -1,34 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: uptime-kuma
namespace: argocd
spec:
generators:
- list:
elements:
- env: prod
valuesFile: values-prod.yaml
nameSuffix: uptime-kuma-prod
host: kuma.dvirlabs.com
template:
metadata:
name: '{{nameSuffix}}'
spec:
project: observability
source:
repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
targetRevision: master
path: charts/uptime-kuma
helm:
valueFiles:
- my-values/{{valuesFile}}
destination:
server: https://kubernetes.default.svc
namespace: monitoring
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

23
argocd-apps/kube-prometheus-stack.yaml Normal file
View File

@ -0,0 +1,23 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kube-prometheus-stack
namespace: argocd
spec:
project: observability
source:
repoURL: ssh://git@gitea-ssh.dev-tools.svc.cluster.local.:2222/dvirlabs/observability-stack.git
targetRevision: HEAD
path: charts/kube-prometheus-stack
helm:
valueFiles:
- ../../manifests/kube-prometheus-stack/values.yaml
destination:
server: https://kubernetes.default.svc
namespace: observability
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

5
charts/eck-resources/Chart.yaml
View File

@ -1,5 +0,0 @@
apiVersion: v2
name: eck-resources
description: Deploy ECK Elasticsearch and Kibana CRs
version: 0.1.0
appVersion: "8.12.0"

3
charts/eck-resources/my-values/values-int.yaml
View File

@ -1,3 +0,0 @@
enabled: false
env: int
host: kibana-int.dvirlabs.com

3
charts/eck-resources/my-values/values-prod.yaml
View File

@ -1,3 +0,0 @@
enabled: true
env: prod
host: kibana.dvirlabs.com

22
charts/eck-resources/templates/elasticsearch.yaml
View File

@ -1,22 +0,0 @@
# elasticsearch.yaml
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: elasticsearch-{{ .Values.env }}
namespace: monitoring
spec:
version: 8.12.0
nodeSets:
- name: default
count: 1
config:
node.store.allow_mmap: false
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: nfs-client
resources:
requests:
storage: 100Gi

25
charts/eck-resources/templates/kibana-ingress.yaml
View File

@ -1,25 +0,0 @@
# ingress.yaml (Kibana)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kibana-{{ .Values.env }}
namespace: monitoring
annotations:
kubernetes.io/ingress.class: traefik
# if behind Cloudflare, strongly recommended to disable cache for bundles:
traefik.ingress.kubernetes.io/browser-xss-filter: "true"
spec:
tls:
- hosts: [kibana.dvirlabs.com]
secretName: kibana-tls
rules:
- host: kibana.dvirlabs.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kibana-{{ .Values.env }}-kb-http
port:
number: 5601

27
charts/eck-resources/templates/kibana.yaml
View File

@ -1,27 +0,0 @@
# kibana.yaml
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: kibana-{{ .Values.env }}
namespace: monitoring
spec:
version: 8.12.0
count: 1
elasticsearchRef:
name: elasticsearch-{{ .Values.env }} # same ns: monitoring
config:
# set correct external URL for Ingress
server.publicBaseUrl: "https://kibana.dvirlabs.com"
# if you use a path like /kibana, also set:
# server.basePath: "/kibana"
# server.rewriteBasePath: true
xpack.security.authc.providers:
basic.basic1:
order: 0
http:
tls:
selfSignedCertificate:
disabled: true # Ingress terminates TLS
service:
spec:
type: ClusterIP

12
charts/rancher-monitoring/charts/grafana/.helmignore → charts/kube-prometheus-stack/.helmignore
View File

@ -16,8 +16,18 @@
*.tmp
*~
# Various IDEs
.vscode
.project
.idea/
*.tmproj
# helm/charts
OWNERS
hack/
ci/
kube-prometheus-*.tgz
unittests/
files/dashboards/
UPGRADE.md
CONTRIBUTING.md
.editorconfig

18
charts/kube-prometheus-stack/Chart.lock Normal file
View File

@ -0,0 +1,18 @@
dependencies:
- name: crds
repository: ""
version: 0.0.0
- name: kube-state-metrics
repository: https://prometheus-community.github.io/helm-charts
version: 7.2.2
- name: prometheus-node-exporter
repository: https://prometheus-community.github.io/helm-charts
version: 4.53.1
- name: grafana
repository: https://grafana-community.github.io/helm-charts
version: 11.6.1
- name: prometheus-windows-exporter
repository: https://prometheus-community.github.io/helm-charts
version: 0.12.6
digest: sha256:e21304bc9748d1449437449b6e8819afeed2f1f68c473efb775f712790bdff40
generated: "2026-04-14T18:06:28.207180094Z"

72
charts/kube-prometheus-stack/Chart.yaml Normal file
View File

@ -0,0 +1,72 @@
annotations:
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
- name: Chart Source
url: https://github.com/prometheus-community/helm-charts
- name: Upstream Project
url: https://github.com/prometheus-operator/kube-prometheus
- name: Upgrade Process
url: https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/README.md#upgrading-chart
artifacthub.io/operator: "true"
apiVersion: v2
appVersion: v0.90.1
dependencies:
- condition: crds.enabled
name: crds
repository: ""
version: 0.0.0
- condition: kubeStateMetrics.enabled
name: kube-state-metrics
repository: https://prometheus-community.github.io/helm-charts
version: 7.2.2
- condition: nodeExporter.enabled
name: prometheus-node-exporter
repository: https://prometheus-community.github.io/helm-charts
version: 4.53.1
- condition: grafana.enabled
name: grafana
repository: https://grafana-community.github.io/helm-charts
version: 11.6.1
- condition: windowsMonitoring.enabled
name: prometheus-windows-exporter
repository: https://prometheus-community.github.io/helm-charts
version: 0.12.*
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards,
and Prometheus rules combined with documentation and scripts to provide easy to
operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus
Operator.
home: https://github.com/prometheus-operator/kube-prometheus
icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
keywords:
- operator
- prometheus
- kube-prometheus
kubeVersion: '>=1.25.0-0'
maintainers:
- email: andrew@quadcorps.co.uk
name: andrewgkew
url: https://github.com/andrewgkew
- email: gianrubio@gmail.com
name: gianrubio
url: https://github.com/gianrubio
- email: github.gkarthiks@gmail.com
name: gkarthiks
url: https://github.com/gkarthiks
- email: kube-prometheus-stack@sisti.pt
name: GMartinez-Sisti
url: https://github.com/GMartinez-Sisti
- email: github@jkroepke.de
name: jkroepke
url: https://github.com/jkroepke
- email: miroslav.hadzhiev@gmail.com
name: Xtigyro
url: https://github.com/Xtigyro
- email: quentin.bisson@gmail.com
name: QuentinBisson
url: https://github.com/QuentinBisson
name: kube-prometheus-stack
sources:
- https://github.com/prometheus-community/helm-charts
- https://github.com/prometheus-operator/kube-prometheus
type: application
version: 83.4.2

95
charts/rancher-monitoring/README.md → charts/kube-prometheus-stack/README.md
View File

@ -11,26 +11,26 @@ _Note: This chart was formerly named `prometheus-operator` chart, now renamed to
- Kubernetes 1.19+
- Helm 3+
## Get Helm Repository Info
## Usage
The chart is distributed as an [OCI Artifact](https://helm.sh/docs/topics/registries/) as well as via a traditional [Helm Repository](https://helm.sh/docs/topics/chart_repository/).
- OCI Artifact: `oci://ghcr.io/prometheus-community/charts/kube-prometheus-stack`
- Helm Repository: `https://prometheus-community.github.io/helm-charts` with chart `kube-prometheus-stack`
The installation instructions use the OCI registry. Refer to the [`helm repo`]([`helm repo`](https://helm.sh/docs/helm/helm_repo/)) command documentation for information on installing charts via the traditional repository.
### Install Helm Chart
```console
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
```
_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._
## Install Helm Chart
```console
helm install [RELEASE_NAME] prometheus-community/kube-prometheus-stack
helm install [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/kube-prometheus-stack
```
_See [configuration](#configuration) below._
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
## Dependencies
### Dependencies
By default this chart installs additional, dependent charts:
@ -42,7 +42,17 @@ To disable dependencies during installation, see [multiple releases](#multiple-r
_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._
## Uninstall Helm Chart
#### Grafana Dashboards
This chart provisions a collection of curated Grafana dashboards that are automatically loaded into Grafana via ConfigMaps. These dashboards are rendered into the Helm chart under [`templates/grafana/`](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/templates/grafana/), but **this is not their source of truth**.
The dashboards originate from various upstream projects and are gathered and processed using scripts in the [`hack/`](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack) directory. For details on how these dashboards are sourced and kept up to date, refer to the [hack/README.md](https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/hack/README.md).
> **Note:** The dashboards referenced in the `hack` scripts are usually **not the original source** either. Most originate from separate **Prometheus mixin repositories** (e.g., [kubernetes-mixin](https://github.com/kubernetes-monitoring/kubernetes-mixin)) and are processed through `jsonnet` tooling before being included here. To find the original source in case you want to modify it you may have to search even further upstream.
If you wish to contribute or modify dashboards, please follow the guidance in the `hack/README.md` to ensure consistency and reproducibility.
### Uninstall Helm Chart
```console
helm uninstall [RELEASE_NAME]
@ -67,10 +77,10 @@ kubectl delete crd servicemonitors.monitoring.coreos.com
kubectl delete crd thanosrulers.monitoring.coreos.com
```
## Upgrading Chart
### Upgrading Chart
```console
helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack
helm upgrade [RELEASE_NAME] [CHART]
```
With Helm v3, CRDs created by this chart are not updated by default and should be manually updated.
@ -81,7 +91,7 @@ The Chart's [appVersion](https://github.com/prometheus-community/helm-charts/blo
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### Upgrading an existing Release to a new major version
#### Upgrading an existing Release to a new major version
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions.
@ -93,41 +103,36 @@ for breaking changes between versions.
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
```console
helm show values prometheus-community/kube-prometheus-stack
helm show values oci://ghcr.io/prometheus-community/charts/kube-prometheus-stack
```
You may also run `helm show values` on this chart's [dependencies](#dependencies) for additional options.
You may also `helm show values` on this chart's [dependencies](#dependencies) for additional options.
### Rancher Monitoring Configuration
For templated Grafana datasource definitions (e.g. when using Helm flow control), use `grafana.additionalDataSourcesString`, which is rendered via `tpl`.
The following table shows values exposed by Rancher Monitoring's additions to the chart:
### Prometheus High Availability (HA)
| Parameter | Description | Default |
| ----- | ----------- | ------ |
| `nameOverride` | Provide a name that should be used instead of the chart name when naming all resources deployed by this chart |`"rancher-monitoring"`|
| `namespaceOverride` | Override the deployment namespace | `"cattle-monitoring-system"` |
| `global.rbac.userRoles.create` | Create default user ClusterRoles to allow users to interact with Prometheus CRs, ConfigMaps, and Secrets | `true` |
| `global.rbac.userRoles.aggregateToDefaultRoles` | Aggregate default user ClusterRoles into default k8s ClusterRoles | `true` |
| `prometheus-adapter.enabled` | Whether to install [prometheus-adapter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-adapter) within the cluster | `true` |
| `prometheus-adapter.prometheus.url` | A URL pointing to the Prometheus deployment within your cluster. The default value is set based on the assumption that you plan to deploy the default Prometheus instance from this chart where `.Values.namespaceOverride=cattle-monitoring-system` and `.Values.nameOverride=rancher-monitoring` | `http://rancher-monitoring-prometheus.cattle-monitoring-system.svc` |
| `prometheus-adapter.prometheus.port` | The port on the Prometheus deployment that Prometheus Adapter can make requests to | `9090` |
| `prometheus.prometheusSpec.ignoreNamespaceSelectors` | Ignore NamespaceSelector settings from the PodMonitor and ServiceMonitor configs. If true, PodMonitors and ServiceMonitors can only discover Pods and Services within the namespace they are deployed into | `false` |
For a basic HA setup, run multiple Prometheus replicas:
The following values are enabled for different distributions via [rancher-pushprox](https://github.com/rancher/dev-charts/tree/master/packages/rancher-pushprox). See the rancher-pushprox `README.md` for more information on what all values can be configured for the PushProxy chart.
```yaml
prometheus:
prometheusSpec:
replicas: 2
podAntiAffinity: "hard"
externalLabels:
cluster: prod-eu1
```
| Parameter | Description | Default |
| ----- | ----------- | ------ |
| `rkeControllerManager.enabled` | Create a PushProx installation for monitoring kube-controller-manager metrics in RKE clusters | `false` |
| `rkeScheduler.enabled` | Create a PushProx installation for monitoring kube-scheduler metrics in RKE clusters | `false` |
| `rkeProxy.enabled` | Create a PushProx installation for monitoring kube-proxy metrics in RKE clusters | `false` |
| `rkeIngressNginx.enabled` | Create a PushProx installation for monitoring ingress-nginx metrics in RKE clusters | `false` |
| `rkeEtcd.enabled` | Create a PushProx installation for monitoring etcd metrics in RKE clusters | `false` |
| `rke2IngressNginx.enabled` | Create a PushProx installation for monitoring ingress-nginx metrics in RKE2 clusters | `false` |
| `k3sServer.enabled` | Create a PushProx installation for monitoring k3s-server metrics (accounts for kube-controller-manager, kube-scheduler, and kube-proxy metrics) in k3s clusters | `false` |
| `kubeAdmControllerManager.enabled` | Create a PushProx installation for monitoring kube-controller-manager metrics in kubeAdm clusters | `false` |
| `kubeAdmScheduler.enabled` | Create a PushProx installation for monitoring kube-scheduler metrics in kubeAdm clusters | `false` |
| `kubeAdmProxy.enabled` | Create a PushProx installation for monitoring kube-proxy metrics in kubeAdm clusters | `false` |
| `kubeAdmEtcd.enabled` | Create a PushProx installation for monitoring etcd metrics in kubeAdm clusters | `false` |
Important notes:
1. `replicas` controls how many Prometheus pods are deployed for each shard.
2. Keep anti-affinity enabled (or hardened) to avoid scheduling all replicas on one node.
3. Do not clear replica/instance external labels in HA setups (`replicaExternalLabelNameClear` / `prometheusExternalLabelNameClear`), otherwise deduplication and alert/source identification become harder.
4. Querying replicas through a Kubernetes Service provides availability, but not sample deduplication across replicas by itself. For global/deduplicated querying, use a Thanos Query layer (or another backend that performs deduplication).
See also Prometheus Operator HA guidance:
- [Prometheus Operator HA docs](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/high-availability.md#prometheus)
### Multiple releases
@ -283,7 +288,7 @@ There is no simple and direct migration path between the charts as the changes a
The capabilities of the old chart are all available in the new chart, including the ability to run multiple prometheus instances on a single cluster - you will need to disable the parts of the chart you do not wish to deploy.
You can check out the tickets for this change [here](https://github.com/prometheus-operator/prometheus-operator/issues/592) and [here](https://github.com/helm/charts/pull/6765).
You can check out the tickets for this change at [prometheus-operator/prometheus-operator #592](https://github.com/prometheus-operator/prometheus-operator/issues/592) and [helm/charts #6765](https://github.com/helm/charts/pull/6765).
### High-level overview of Changes

3
charts/kube-prometheus-stack/charts/crds/Chart.yaml Normal file
View File

@ -0,0 +1,3 @@
apiVersion: v2
name: crds
version: 0.0.0

3
charts/kube-prometheus-stack/charts/crds/README.md Normal file
View File

@ -0,0 +1,3 @@
# crds subchart
See: [https://github.com/prometheus-community/helm-charts/issues/3548](https://github.com/prometheus-community/helm-charts/issues/3548)

12334
charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

9983
charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

1399
charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

1416
charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

11449
charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

13720
charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

267
charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml Normal file
View File

@ -0,0 +1,267 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
operator.prometheus.io/version: 0.90.1
name: prometheusrules.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
categories:
- prometheus-operator
kind: PrometheusRule
listKind: PrometheusRuleList
plural: prometheusrules
shortNames:
- promrule
singular: prometheusrule
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: |-
The `PrometheusRule` custom resource definition (CRD) defines [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) and [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules to be evaluated by `Prometheus` or `ThanosRuler` objects.
`Prometheus` and `ThanosRuler` objects select `PrometheusRule` objects using label and namespace selectors.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec defines the specification of desired alerting rule definitions
for Prometheus.
properties:
groups:
description: groups defines the content of Prometheus rule file
items:
description: RuleGroup is a list of sequentially evaluated recording
and alerting rules.
properties:
interval:
description: interval defines how often rules in the group are
evaluated.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
labels:
additionalProperties:
type: string
description: |-
labels define the labels to add or overwrite before storing the result for its rules.
The labels defined at the rule level take precedence.
It requires Prometheus >= 3.0.0.
The field is ignored for Thanos Ruler.
type: object
limit:
description: |-
limit defines the number of alerts an alerting rule and series a recording
rule can produce.
Limit is supported starting with Prometheus >= 2.31 and Thanos Ruler >= 0.24.
type: integer
name:
description: name defines the name of the rule group.
minLength: 1
type: string
partial_response_strategy:
description: |-
partial_response_strategy is only used by ThanosRuler and will
be ignored by Prometheus instances.
More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response
pattern: ^(?i)(abort|warn)?$
type: string
query_offset:
description: |-
query_offset defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past.
It requires Prometheus >= v2.53.0.
It is not supported for ThanosRuler.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
rules:
description: rules defines the list of alerting and recording
rules.
items:
description: |-
Rule describes an alerting or recording rule
See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules) rule
properties:
alert:
description: |-
alert defines the name of the alert. Must be a valid label value.
Only one of `record` and `alert` must be set.
type: string
annotations:
additionalProperties:
type: string
description: |-
annotations defines annotations to add to each alert.
Only valid for alerting rules.
type: object
expr:
anyOf:
- type: integer
- type: string
description: expr defines the PromQL expression to evaluate.
x-kubernetes-int-or-string: true
for:
description: for defines how alerts are considered firing
once they have been returned for this long.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
keep_firing_for:
description: keep_firing_for defines how long an alert
will continue firing after the condition that triggered
it has cleared.
minLength: 1
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
labels:
additionalProperties:
type: string
description: labels defines labels to add or overwrite.
type: object
record:
description: |-
record defines the name of the time series to output to. Must be a valid metric name.
Only one of `record` and `alert` must be set.
type: string
required:
- expr
type: object
type: array
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
status:
description: |-
status defines the status subresource. It is under active development and is updated only when the
"StatusForConfigurationResources" feature gate is enabled.
Most recent observed status of the PrometheusRule. Read-only.
More info:
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
properties:
bindings:
description: bindings defines the list of workload resources (Prometheus,
PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration
resource.
items:
description: WorkloadBinding is a link between a configuration resource
and a workload resource.
properties:
conditions:
description: conditions defines the current state of the configuration
resource when bound to the referenced Workload object.
items:
description: ConfigResourceCondition describes the status
of configuration resources linked to Prometheus, PrometheusAgent,
Alertmanager or ThanosRuler.
properties:
lastTransitionTime:
description: lastTransitionTime defines the time of the
last update to the current status property.
format: date-time
type: string
message:
description: message defines the human-readable message
indicating details for the condition's last transition.
type: string
observedGeneration:
description: |-
observedGeneration defines the .metadata.generation that the
condition was set based upon. For instance, if `.metadata.generation` is
currently 12, but the `.status.conditions[].observedGeneration` is 9, the
condition is out of date with respect to the current state of the object.
format: int64
type: integer
reason:
description: reason for the condition's last transition.
type: string
status:
description: status of the condition.
minLength: 1
type: string
type:
description: |-
type of the condition being reported.
Currently, only "Accepted" is supported.
enum:
- Accepted
minLength: 1
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
group:
description: group defines the group of the referenced resource.
enum:
- monitoring.coreos.com
type: string
name:
description: name defines the name of the referenced object.
minLength: 1
type: string
namespace:
description: namespace defines the namespace of the referenced
object.
minLength: 1
type: string
resource:
description: resource defines the type of resource being referenced
(e.g. Prometheus, PrometheusAgent, ThanosRuler or Alertmanager).
enum:
- prometheuses
- prometheusagents
- thanosrulers
- alertmanagers
type: string
required:
- group
- name
- namespace
- resource
type: object
type: array
x-kubernetes-list-map-keys:
- group
- resource
- name
- namespace
x-kubernetes-list-type: map
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}

12909
charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

1413
charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

9754
charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
charts/kube-prometheus-stack/charts/crds/files/crds.bz2 Normal file
View File

Binary file not shown.

20
charts/kube-prometheus-stack/charts/crds/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,20 @@
{{/* Shortened name suffixed with upgrade-crd */}}
{{- define "kube-prometheus-stack.crd.upgradeJob.name" -}}
{{- print (include "kube-prometheus-stack.fullname" .) "-upgrade" -}}
{{- end -}}
{{- define "kube-prometheus-stack.crd.upgradeJob.labels" -}}
{{- include "kube-prometheus-stack.labels" . }}
app: {{ template "kube-prometheus-stack.name" . }}-operator
app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator
app.kubernetes.io/component: crds-upgrade
{{- end -}}
{{/* Create the name of crd.upgradeJob service account to use */}}
{{- define "kube-prometheus-stack.crd.upgradeJob.serviceAccountName" -}}
{{- if .Values.upgradeJob.serviceAccount.create -}}
{{ default (include "kube-prometheus-stack.crd.upgradeJob.name" .) .Values.upgradeJob.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.upgradeJob.serviceAccount.name }}
{{- end -}}
{{- end -}}

28
charts/kube-prometheus-stack/charts/crds/templates/upgrade/clusterrole.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- if .Values.upgradeJob.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "kube-prometheus-stack.crd.upgradeJob.name" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "kube-prometheus-stack.crd.upgradeJob.labels" . | nindent 4 }}
rules:
- apiGroups:
- "apiextensions.k8s.io"
resources:
- "customresourcedefinitions"
verbs:
- create
- patch
- update
- get
- list
resourceNames:
{{- range $path, $_ := $.Files.Glob "crds/*.yaml" }}
- {{ ($.Files.Get $path | fromYaml ).metadata.name }}
{{- end }}
{{- end }}

21
charts/kube-prometheus-stack/charts/crds/templates/upgrade/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if .Values.upgradeJob.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "kube-prometheus-stack.crd.upgradeJob.name" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
"helm.sh/hook-weight": "-3"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "kube-prometheus-stack.crd.upgradeJob.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ template "kube-prometheus-stack.crd.upgradeJob.serviceAccountName" . }}
roleRef:
kind: ClusterRole
name: {{ template "kube-prometheus-stack.crd.upgradeJob.name" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}

15
charts/kube-prometheus-stack/charts/crds/templates/upgrade/crds.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.upgradeJob.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "kube-prometheus-stack.crd.upgradeJob.serviceAccountName" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
"helm.sh/hook-weight": "-2"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "kube-prometheus-stack.crd.upgradeJob.labels" . | nindent 4 }}
binaryData:
crds.bz2: {{ .Files.Get "files/crds.bz2" | b64enc }}
{{- end }}

147
charts/kube-prometheus-stack/charts/crds/templates/upgrade/job.yaml Normal file
View File

@ -0,0 +1,147 @@
{{- if .Values.upgradeJob.enabled }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "kube-prometheus-stack.crd.upgradeJob.name" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
"helm.sh/hook-weight": "5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- with .Values.upgradeJob.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "kube-prometheus-stack.crd.upgradeJob.labels" . | nindent 4 }}
{{- with .Values.upgradeJob.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
backoffLimit: 3
template:
metadata:
{{- with .Values.upgradeJob.podLabels }}
labels:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.upgradeJob.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- include "kube-prometheus-stack.imagePullSecrets" . | indent 8 }}
{{- end }}
automountServiceAccountToken: {{ .Values.upgradeJob.automountServiceAccountToken }}
serviceAccountName: {{ include "kube-prometheus-stack.crd.upgradeJob.serviceAccountName" . }}
initContainers:
- name: busybox
{{- $busyboxRegistry := .Values.global.imageRegistry | default .Values.upgradeJob.image.busybox.registry -}}
{{- if .Values.upgradeJob.image.sha }}
image: "{{ $busyboxRegistry }}/{{ .Values.upgradeJob.image.busybox.repository }}:{{ .Values.upgradeJob.image.busybox.tag }}@sha256:{{ .Values.upgradeJob.image.busybox.sha }}"
{{- else }}
image: "{{ $busyboxRegistry }}/{{ .Values.upgradeJob.image.busybox.repository }}:{{ .Values.upgradeJob.image.busybox.tag }}"
{{- end }}
imagePullPolicy: "{{ .Values.upgradeJob.image.busybox.pullPolicy }}"
workingDir: /tmp/
command:
- sh
args:
- -c
- bzcat /crds/crds.bz2 > /tmp/crds.yaml
{{- with .Values.upgradeJob.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.upgradeJob.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- mountPath: /crds/
name: crds
- mountPath: /tmp/
name: tmp
{{- with .Values.upgradeJob.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.upgradeJob.env }}
env:
{{- range $key, $value := . }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
containers:
- name: kubectl
{{- $kubectlRegistry := .Values.global.imageRegistry | default .Values.upgradeJob.image.kubectl.registry -}}
{{- $defaultKubernetesVersion := (ternary (printf "%s.0" .Capabilities.KubeVersion.Version) (regexFind "v\\d+\\.\\d+\\.\\d+" .Capabilities.KubeVersion.Version) (regexMatch "^v\\d+\\.\\d+$" .Capabilities.KubeVersion.Version)) -}}
{{- if .Values.upgradeJob.image.kubectl.sha }}
image: "{{ $kubectlRegistry }}/{{ .Values.upgradeJob.image.kubectl.repository }}:{{ .Values.upgradeJob.image.kubectl.tag | default $defaultKubernetesVersion }}@sha256:{{ .Values.upgradeJob.image.kubectl.sha }}"
{{- else }}
image: "{{ $kubectlRegistry }}/{{ .Values.upgradeJob.image.kubectl.repository }}:{{ .Values.upgradeJob.image.kubectl.tag | default $defaultKubernetesVersion }}"
{{- end }}
imagePullPolicy: "{{ .Values.upgradeJob.image.kubectl.pullPolicy }}"
command:
- kubectl
args:
- apply
- --server-side
{{- if .Values.upgradeJob.forceConflicts }}
- --force-conflicts
{{- end }}
- --filename
- /tmp/crds.yaml
{{- with .Values.upgradeJob.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.upgradeJob.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- mountPath: /tmp/
name: tmp
{{- with .Values.upgradeJob.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.upgradeJob.env }}
env:
{{- range $key, $value := . }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
volumes:
- name: tmp
emptyDir: {}
- name: crds
configMap:
name: {{ template "kube-prometheus-stack.crd.upgradeJob.name" . }}
{{- with .Values.upgradeJob.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
restartPolicy: OnFailure
{{- with .Values.upgradeJob.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.upgradeJob.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.upgradeJob.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.upgradeJob.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.upgradeJob.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

20
charts/kube-prometheus-stack/charts/crds/templates/upgrade/serviceaccount.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- if and .Values.upgradeJob.enabled .Values.upgradeJob.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.upgradeJob.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ include "kube-prometheus-stack.crd.upgradeJob.serviceAccountName" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
"helm.sh/hook-weight": "-4"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- with .Values.upgradeJob.serviceAccount.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "kube-prometheus-stack.crd.upgradeJob.labels" . | nindent 4 }}
{{- with .Values.upgradeJob.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

4
charts/kube-prometheus-stack/charts/crds/values.yaml Normal file
View File

@ -0,0 +1,4 @@
## Check out kube-prometheus-stack/values.yaml for more information
## on this parameter
upgradeJob:
enabled: false

4
charts/rancher-monitoring/charts/kubeAdmControllerManager/.helmignore → charts/kube-prometheus-stack/charts/grafana/.helmignore
View File

@ -21,3 +21,7 @@
.idea/
*.tmproj
.vscode/
# Helm plugin tooling
ci/
tests/
*.gotmpl

26
charts/rancher-monitoring/charts/grafana/Chart.yaml → charts/kube-prometheus-stack/charts/grafana/Chart.yaml
View File

@ -2,34 +2,28 @@ annotations:
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
- name: Chart Source
url: https://github.com/grafana/helm-charts
url: https://github.com/grafana-community/helm-charts
- name: Upstream Project
url: https://github.com/grafana/grafana
apiVersion: v2
appVersion: 11.5.2
appVersion: 12.4.3
description: The leading tool for querying and visualizing time series and metrics.
home: https://grafana.com
icon: https://artifacthub.io/image/b4fed1a7-6c8f-4945-b99d-096efa3e4116
keywords:
- monitoring
- metric
kubeVersion: ^1.8.0-0
kubeVersion: ^1.25.0-0
maintainers:
- email: zanhsieh@gmail.com
name: zanhsieh
- email: rluckie@cisco.com
name: rtluckie
- email: maor.friedman@redhat.com
name: maorfr
- email: miroslav.hadzhiev@gmail.com
name: Xtigyro
- email: mail@torstenwalter.de
name: torstenwalter
- email: github@jkroepke.de
name: jkroepke
name: Jan-Otto Kröpke
url: https://github.com/jkroepke
- email: quentin.bisson@gmail.com
name: Quentin Bisson
url: https://github.com/QuentinBisson
name: grafana
sources:
- https://github.com/grafana/grafana
- https://github.com/grafana/helm-charts
- https://github.com/grafana-community/helm-charts
type: application
version: 8.10.4
version: 11.6.1

583
charts/kube-prometheus-stack/charts/grafana/README.md Normal file
View File

@ -0,0 +1,583 @@
# Grafana Helm Chart
The leading tool for querying and visualizing time series and metrics.
## Source Code
* <https://github.com/grafana/grafana>
## Requirements
Kubernetes: `^1.25.0-0`
## Installing the Chart
### OCI Registry
OCI registries are preferred in Helm as they implement unified storage, distribution, and improved security.
```console
helm install RELEASE-NAME oci://ghcr.io/grafana-community/helm-charts/grafana
```
### HTTP Registry
```console
helm repo add grafana-community https://grafana-community.github.io/helm-charts
helm repo update
helm install RELEASE-NAME grafana-community/grafana
```
## Uninstalling the Chart
To remove all of the Kubernetes objects associated with the Helm chart release:
```console
helm delete RELEASE-NAME
```
## Changelog
See the [changelog](https://grafana-community.github.io/helm-charts/changelog/?chart=grafana).
---
## Upgrading
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
incompatible breaking change needing manual actions.
### To 4.0.0 (And 3.12.1)
This version requires Helm >= 2.12.0.
### To 5.0.0
You have to add --force to your helm upgrade command as the labels of the chart have changed.
### To 6.0.0
This version requires Helm >= 3.1.0.
### To 7.0.0
For consistency with other Helm charts, the `global.image.registry` parameter was renamed
to `global.imageRegistry`. If you were not previously setting `global.image.registry`, no action
is required on upgrade. If you were previously setting `global.image.registry`, you will
need to instead set `global.imageRegistry`.
### To 10.0.0
Static alerting resources now support Helm templating. This means that alerting resources loaded from external files (`alerting.*.files`) are now processed by the Helm template engine.
If you already use template expressions intended for Alertmanager (for example, `{{ $labels.instance }}`), these must now be escaped to avoid unintended Helm or Go template evaluation. To escape them, wrap the braces with an extra layer like this:
`{{ "{{" }} $labels.instance {{ "}}" }}`
This ensures the expressions are preserved for Alertmanager instead of being rendered by Helm.
### To 11.0.0
The minimum required Kubernetes version is now 1.25. All references to deprecated APIs have been removed.
## Configuration
### Example ingress with path
With grafana 6.3 and above
```yaml
grafana.ini:
server:
domain: monitoring.example.com
root_url: "%(protocol)s://%(domain)s/grafana"
serve_from_sub_path: true
ingress:
enabled: true
hosts:
- "monitoring.example.com"
path: "/grafana"
```
### Example of extraVolumeMounts and extraVolumes
Configure additional volumes with `extraVolumes` and volume mounts with `extraVolumeMounts`.
Example for `extraVolumeMounts` and corresponding `extraVolumes`:
```yaml
extraVolumeMounts:
- name: plugins
mountPath: /var/lib/grafana/plugins
subPath: configs/grafana/plugins
readOnly: false
- name: dashboards
mountPath: /var/lib/grafana/dashboards
hostPath: /usr/shared/grafana/dashboards
readOnly: false
extraVolumes:
- name: plugins
existingClaim: existing-grafana-claim
- name: dashboards
hostPath: /usr/shared/grafana/dashboards
```
Volumes default to `emptyDir`. Set to `persistentVolumeClaim`,
`hostPath`, `csi`, or `configMap` for other types. For a
`persistentVolumeClaim`, specify an existing claim name with
`existingClaim`.
## Import dashboards
There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method:
```yaml
dashboards:
default:
some-dashboard:
json: |
{
"annotations":
...
# Complete json file here
...
"title": "Some Dashboard",
"uid": "abcd1234",
"version": 1
}
custom-dashboard:
# This is a path to a file inside the dashboards directory inside the chart directory
file: dashboards/custom-dashboard.json
prometheus-stats:
# Ref: https://grafana.com/dashboards/2
# title: My Custom Title # optional; when set for a downloaded dashboard (gnetId or url), overrides the title displayed in Grafana
gnetId: 2
revision: 2
datasource: Prometheus
loki-dashboard-quick-search:
gnetId: 12019
revision: 2
datasource:
- name: DS_PROMETHEUS
value: Prometheus
- name: DS_LOKI
value: Loki
local-dashboard:
url: https://github.com/cloudnative-pg/grafana-dashboards/blob/main/charts/cluster/grafana-dashboard.json
# redirects to:
# https://raw.githubusercontent.com/cloudnative-pg/grafana-dashboards/refs/heads/main/charts/cluster/grafana-dashboard.json
# default: -skf
# -s - silent mode
# -k - allow insecure (eg: non-TLS) connections
# -f - fail fast
# -L - follow HTTP redirects
curlOptions: -Lf
```
## BASE64 dashboards
Dashboards could be stored on a server that does not return JSON directly and instead of it returns a base64 encoded file (e.g. Gerrit)
A new parameter has been added to the URL use case so if you specify a b64content value equals to true after the URL entry a base64 decoding is applied before save the file to disk.
If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk.
### Gerrit use case
Gerrit API for download files has the following schema: <https://yourgerritserver/a/{project-name}/branches/{branch-id}/files/{file-id}/content> where {project-name} and
{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repository, branch-id is master and file-id is equals to dir1/dir2/dashboard
the URL value is <https://yourgerritserver/a/user%2Frepo/branches/master/files/dir1%2Fdir2%2Fdashboard/content>
## Sidecar for dashboards
If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana
pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with
a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written
to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported
dashboards are deleted/updated.
A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside
one configmap is currently not properly mirrored in grafana.
Example dashboard config:
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: sample-grafana-dashboard
labels:
grafana_dashboard: "1"
data:
k8s-dashboard.json: |-
[...]
```
## Sidecar for datasources
If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana
pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and
filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in
those secrets are written to a folder and accessed by grafana on startup. Using these YAML files,
the data sources in grafana can be imported.
Should you aim for reloading datasources in Grafana each time the config is changed, set `sidecar.datasources.skipReload: false` and adjust `sidecar.datasources.reloadURL` to `http://<svc-name>.<namespace>.svc.cluster.local/api/admin/provisioning/datasources/reload`.
Secrets are recommended over configmaps for this usecase because datasources usually contain private
data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those.
Example values to add a postgres datasource as a kubernetes secret:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: grafana-datasources
labels:
grafana_datasource: 'true' # default value for: sidecar.datasources.label
stringData:
pg-db.yaml: |-
apiVersion: 1
datasources:
- name: My pg db datasource
type: postgres
url: my-postgresql-db:5432
user: db-readonly-user
secureJsonData:
password: 'SUperSEcretPa$$word'
jsonData:
database: my_datase
sslmode: 'disable' # disable/require/verify-ca/verify-full
maxOpenConns: 0 # Grafana v5.4+
maxIdleConns: 2 # Grafana v5.4+
connMaxLifetime: 14400 # Grafana v5.4+
postgresVersion: 1000 # 903=9.3, 904=9.4, 905=9.5, 906=9.6, 1000=10
timescaledb: false
# <bool> allow users to edit datasources from the UI.
editable: false
```
Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file):
```yaml
datasources:
datasources.yaml:
apiVersion: 1
datasources:
# <string, required> name of the datasource. Required
- name: Graphite
# <string, required> datasource type. Required
type: graphite
# <string, required> access mode. proxy or direct (Server or Browser in the UI). Required
access: proxy
# <int> org id. will default to orgId 1 if not specified
orgId: 1
# <string> url
url: http://localhost:8080
# <string> database password, if used
password:
# <string> database user, if used
user:
# <string> database name, if used
database:
# <bool> enable/disable basic auth
basicAuth:
# <string> basic auth username
basicAuthUser:
# <string> basic auth password
basicAuthPassword:
# <bool> enable/disable with credentials headers
withCredentials:
# <bool> mark as default datasource. Max one per org
isDefault:
# <map> fields that will be converted to json and stored in json_data
jsonData:
graphiteVersion: "1.1"
tlsAuth: true
tlsAuthWithCACert: true
# <string> json object of data that will be encrypted.
secureJsonData:
tlsCACert: "..."
tlsClientCert: "..."
tlsClientKey: "..."
version: 1
# <bool> allow users to edit datasources from the UI.
editable: false
```
## Sidecar for notifiers
If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana
pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and
filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in
those secrets are written to a folder and accessed by grafana on startup. Using these YAML files,
the notification channels in grafana can be imported. The secrets must be created before
`helm install` so that the notifiers init container can list the secrets.
Secrets are recommended over configmaps for this usecase because alert notification channels usually contain
private data like SMTP usernames and passwords. Secrets are the more appropriate cluster resource to manage those.
Example datasource config adapted from [Grafana](https://grafana.com/docs/grafana/latest/administration/provisioning/#alert-notification-channels):
```yaml
notifiers:
- name: notification-channel-1
type: slack
uid: notifier1
# either
org_id: 2
# or
org_name: Main Org.
is_default: true
send_reminder: true
frequency: 1h
disable_resolve_message: false
# See `Supported Settings` section for settings supporter for each
# alert notification type.
settings:
recipient: 'XXX'
token: 'xoxb'
uploadImage: true
url: https://slack.com
delete_notifiers:
- name: notification-channel-1
uid: notifier1
org_id: 2
- name: notification-channel-2
# default org_id: 1
```
## Sidecar for alerting resources
If the parameter `sidecar.alerts.enabled` is set, a sidecar container is deployed in the grafana
pod. This container watches all configmaps (or secrets) in the cluster (namespace defined by `sidecar.alerts.searchNamespace`) and filters out the ones with
a label as defined in `sidecar.alerts.label` (default is `grafana_alert`). The files defined in those configmaps are written
to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported alerting resources are updated, however, deletions are a little more complicated (see below).
This sidecar can be used to provision alert rules, contact points, notification policies, notification templates and mute timings as shown in [Grafana Documentation](https://grafana.com/docs/grafana/next/alerting/set-up/provision-alerting-resources/file-provisioning/).
To fetch the alert config which will be provisioned, use the alert provisioning API ([Grafana Documentation](https://grafana.com/docs/grafana/next/developers/http_api/alerting_provisioning/)).
You can use either JSON or YAML format.
Example config for an alert rule:
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: sample-grafana-alert
labels:
grafana_alert: "1"
data:
k8s-alert.yml: |-
apiVersion: 1
groups:
- orgId: 1
name: k8s-alert
[...]
```
To delete provisioned alert rules is a two step process, you need to delete the configmap which defined the alert rule
and then create a configuration which deletes the alert rule.
Example deletion configuration:
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: delete-sample-grafana-alert
namespace: monitoring
labels:
grafana_alert: "1"
data:
delete-k8s-alert.yml: |-
apiVersion: 1
deleteRules:
- orgId: 1
uid: 16624780-6564-45dc-825c-8bded4ad92d3
```
## Statically provision alerting resources
If you don't need to change alerting resources (alert rules, contact points, notification policies and notification templates) regularly you could use the `alerting` config option instead of the sidecar option above.
This will grab the alerting config and apply it statically at build time for the helm file.
There are two methods to statically provision alerting configuration in Grafana. Below are some examples and explanations as to how to use each method:
```yaml
alerting:
team1-alert-rules.yaml:
file: alerting/team1/rules.yaml
team2-alert-rules.yaml:
file: alerting/team2/rules.yaml
team3-alert-rules.yaml:
file: alerting/team3/rules.yaml
notification-policies.yaml:
file: alerting/shared/notification-policies.yaml
notification-templates.yaml:
file: alerting/shared/notification-templates.yaml
contactpoints.yaml:
apiVersion: 1
contactPoints:
- orgId: 1
name: Slack channel
receivers:
- uid: default-receiver
type: slack
settings:
# Webhook URL to be filled in
url: ""
# We need to escape double curly braces for the tpl function.
text: '{{ `{{ template "default.message" . }}` }}'
title: '{{ `{{ template "default.title" . }}` }}'
```
The two possibilities for static alerting resource provisioning are:
* Inlining the file contents as shown for contact points in the above example.
* Importing a file using a relative path starting from the chart root directory as shown for the alert rules in the above example.
### Important notes on file provisioning
* The format of the files is defined in the [Grafana documentation](https://grafana.com/docs/grafana/next/alerting/set-up/provision-alerting-resources/file-provisioning/) on file provisioning.
* The chart supports importing YAML and JSON files.
* The filename must be unique, otherwise one volume mount will overwrite the other.
* Alerting configurations support Helm templating. Double curly braces that arise from the Grafana configuration format and are not intended as templates for the chart must be escaped.
* The number of total files under `alerting:` is not limited. Each file will end up as a volume mount in the corresponding provisioning folder of the deployed Grafana instance.
* The file size for each import is limited by what the function `.Files.Get` can handle, which suffices for most cases.
## How to serve Grafana with a path prefix (/grafana)
In order to serve Grafana with a prefix (e.g., <http://example.com/grafana>), add the following to your values.yaml.
```yaml
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/use-regex: "true"
path: /grafana/?(.*)
hosts:
- k8s.example.dev
grafana.ini:
server:
root_url: http://localhost:3000/grafana # this host can be localhost
```
## How to securely reference secrets in grafana.ini
This example uses Grafana [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets.
In grafana.ini:
```yaml
grafana.ini:
[auth.generic_oauth]
enabled = true
client_id = $__file{/etc/secrets/auth_generic_oauth/client_id}
client_secret = $__file{/etc/secrets/auth_generic_oauth/client_secret}
```
Existing secret, or created along with helm:
```yaml
---
apiVersion: v1
kind: Secret
metadata:
name: auth-generic-oauth-secret
type: Opaque
stringData:
client_id: <value>
client_secret: <value>
```
Include in the `extraSecretMounts` configuration flag:
```yaml
extraSecretMounts:
- name: auth-generic-oauth-secret-mount
secretName: auth-generic-oauth-secret
defaultMode: 0440
mountPath: /etc/secrets/auth_generic_oauth
readOnly: true
```
### extraSecretMounts using a Container Storage Interface (CSI) provider
This example uses a CSI driver e.g. retrieving secrets using [Azure Key Vault Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure)
```yaml
extraSecretMounts:
- name: secrets-store-inline
mountPath: /run/secrets
readOnly: true
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: "my-provider"
nodePublishSecretRef:
name: akv-creds
```
## Image Renderer Plug-In
This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/README.md#run-in-docker)
```yaml
imageRenderer:
enabled: true
```
### Image Renderer NetworkPolicy
By default the image-renderer pods will have a network policy which only allows ingress traffic from the created grafana instance
### High Availability for unified alerting
If you want to run Grafana in a high availability cluster you need to enable
the headless service by setting `headlessService: true` in your `values.yaml`
file.
As next step you have to setup the `grafana.ini` in your `values.yaml` in a way
that it will make use of the headless service to obtain all the IPs of the
cluster. For example, use ``{{ .Release.Name }}`` to refer to the Helm release name in your values.
```yaml
grafana.ini:
...
unified_alerting:
enabled: true
ha_peers: {{ .Release.Name }}-headless:9094
ha_listen_address: ${POD_IP}:9094
ha_advertise_address: ${POD_IP}:9094
rule_version_record_limit: "5"
alerting:
enabled: false
```
### Installing plugins
If you want to install a Grafana plugin using the helm chart, you can do so by using the identifier of the plugin, for example `digirich-bubblechart-panel` will install [Bubble Chart](https://grafana.com/grafana/plugins/digrich-bubblechart-panel/).
You can also install a plugin and a specific version by specifying the version and URL of the download file as shown in the example below :
```yaml
plugins:
- digrich-bubblechart-panel
- grafana-clock-panel
## You can also use other plugin download URL, as long as they are valid zip files,
## and specify the name of the plugin as prefix, with an version. Like this:
# - marcusolsson-json-datasource@1.3.24@https://grafana.com/api/plugins/marcusolsson-json-datasource/versions/1.3.24/download
```
Generic documentation about plugins can be found in the [official documentation](https://grafana.com/docs/grafana/latest/administration/plugin-management/).

0
charts/rancher-monitoring/charts/grafana/dashboards/custom-dashboard.json → charts/kube-prometheus-stack/charts/grafana/dashboards/custom-dashboard.json
View File

0
charts/rancher-monitoring/charts/grafana/templates/NOTES.txt → charts/kube-prometheus-stack/charts/grafana/templates/NOTES.txt
View File

16
charts/rancher-monitoring/charts/grafana/templates/_config.tpl → charts/kube-prometheus-stack/charts/grafana/templates/_config.tpl
View File

@ -55,8 +55,8 @@ grafana.ini: |
{{- range $key, $value := .Values.alerting }}
{{- if (hasKey $value "file") }}
{{ $key }}:
{{- toYaml ( $files.Get $value.file ) | nindent 2 }}
{{ $key }}: |
{{- tpl ($files.Get $value.file) $root | nindent 2 }}
{{- else if (or (hasKey $value "secret") (hasKey $value "secretFile"))}}
{{/* will be stored inside secret generated by "configSecret.yaml"*/}}
{{- else }}
@ -85,7 +85,7 @@ download_dashboards.sh: |
{{- range $provider, $dashboards := .Values.dashboards }}
{{- range $key, $value := $dashboards }}
{{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }}
curl -skf \
curl {{ get $value "curlOptions" | default $.Values.defaultCurlOptions }} \
--connect-timeout 60 \
--max-time 60 \
{{- if not $value.b64content }}
@ -125,13 +125,21 @@ download_dashboards.sh: |
{{- end }}
{{- if kindIs "slice" $value.datasource }}
{{- range $value.datasource }}
| sed '/-- .* --/! s/${{"{"}}{{ .name }}}/{{ .value }}/g' \
| sed -E '/-- .* --/! s/\$\{{"{"}}?{{ .name }}\}?/{{ .value }}/g' \
{{- end }}
{{- end }}
{{- end }}
{{- if $value.b64content }}
| base64 -d \
{{- end }}
{{- /*
Overrides original title with a custom title.
Deterministic search as title is generally indented with 2 spaces, 4 spaces or a tab.
Escape characters that may be wrongly interpreted by sed: backslash (\), double backslash (\\), and ampersand (&).
*/}}
{{- if $value.title }}
| sed -E '/^(\t| | )"title":/ s#"title": *"[^"]*"#"title": "{{ $value.title | replace "\\" "\\\\" | replace "\"" "\\\"" | replace "&" "\\&" }}"#' \
{{- end }}
> "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json"
{{ end }}
{{- end }}

171
charts/rancher-monitoring/charts/grafana/templates/_helpers.tpl → charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl
View File

@ -1,32 +1,3 @@
# Rancher
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- end -}}
{{- end -}}
# Windows Support
{{/*
Windows cluster will add default taint for linux nodes,
add below linux tolerations to workloads could be scheduled to those linux nodes
*/}}
{{- define "linux-node-tolerations" -}}
- key: "cattle.io/os"
value: "linux"
effect: "NoSchedule"
operator: "Equal"
{{- end -}}
{{- define "linux-node-selector" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
beta.kubernetes.io/os: linux
{{- else -}}
kubernetes.io/os: linux
{{- end -}}
{{- end -}}
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
@ -94,14 +65,8 @@ Allow the release namespace to be overridden for multi-namespace deployments in
Common labels
*/}}
{{- define "grafana.labels" -}}
app.kubernetes.io/component: {{ include "grafana.name" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "grafana.chart" . }}
chart: {{ include "grafana.chart" . }}
release: {{ $.Release.Name | quote }}
heritage: {{ $.Release.Service | quote }}
{{ include "grafana.selectorLabels" . }}
app.kubernetes.io/part-of: {{ template "kube-prometheus-stack.name" . }}
{{- if or .Chart.AppVersion .Values.image.tag }}
app.kubernetes.io/version: {{ mustRegexReplaceAllLiteral "@sha.*" .Values.image.tag "" | default .Chart.AppVersion | trunc 63 | trimSuffix "-" | quote }}
{{- end }}
@ -118,6 +83,15 @@ app.kubernetes.io/name: {{ include "grafana.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create a fully qualified name for image-renderer resources.
We truncate at 47 chars to reserve space for the longest suffix (-image-renderer, 16 chars)
so the Service name stays within the 63-char DNS label limit.
*/}}
{{- define "grafana.imageRenderer.fullname" -}}
{{- include "grafana.fullname" . | trunc 47 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
@ -150,74 +124,17 @@ new password and use it.
{{- end }}
{{- end }}
{{/*
Return the appropriate apiVersion for rbac.
*/}}
{{- define "grafana.rbac.apiVersion" -}}
{{- if $.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }}
{{- print "rbac.authorization.k8s.io/v1" }}
{{- else }}
{{- print "rbac.authorization.k8s.io/v1beta1" }}
{{- end }}
{{- end }}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "grafana.ingress.apiVersion" -}}
{{- if and ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version) }}
{{- print "networking.k8s.io/v1" }}
{{- else if $.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
{{- print "networking.k8s.io/v1beta1" }}
{{- else }}
{{- print "extensions/v1beta1" }}
{{- end }}
{{- end }}
{{/*
Return the appropriate apiVersion for Horizontal Pod Autoscaler.
*/}}
{{- define "grafana.hpa.apiVersion" -}}
{{- if .Capabilities.APIVersions.Has "autoscaling/v2" }}
{{- print "autoscaling/v2" }}
{{- else }}
{{- print "autoscaling/v2beta2" }}
{{- end }}
{{- end }}
{{/*
Return the appropriate apiVersion for podDisruptionBudget.
*/}}
{{- define "grafana.podDisruptionBudget.apiVersion" -}}
{{- if $.Values.podDisruptionBudget.apiVersion }}
{{- print $.Values.podDisruptionBudget.apiVersion }}
{{- else if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }}
{{- print "policy/v1" }}
{{- if .Capabilities.APIVersions.Has "autoscaling/v2" }}
{{- print "autoscaling/v2" }}
{{- else }}
{{- print "policy/v1beta1" }}
{{- print "autoscaling/v2beta2" }}
{{- end }}
{{- end }}
{{/*
Return if ingress is stable.
*/}}
{{- define "grafana.ingress.isStable" -}}
{{- eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1" }}
{{- end }}
{{/*
Return if ingress supports ingressClassName.
*/}}
{{- define "grafana.ingress.supportsIngressClassName" -}}
{{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) }}
{{- end }}
{{/*
Return if ingress supports pathType.
*/}}
{{- define "grafana.ingress.supportsPathType" -}}
{{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) }}
{{- end }}
{{/*
Formats imagePullSecrets. Input is (dict "root" . "imagePullSecrets" .{specific imagePullSecrets})
@ -307,3 +224,67 @@ sensitiveKeys:
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Sidecars health port
*/}}
{{/*
Give health port for alerts sidecar
*/}}
{{- define "grafana.sidecar.alerts.healthPort" -}}
{{- $healthPort := 8081 -}}
{{- if hasKey .Values.sidecar.alerts "startupProbe" -}}
{{- if hasKey .Values.sidecar.alerts.startupProbe "httpGet" -}}
{{- if hasKey .Values.sidecar.alerts.startupProbe.httpGet "port" -}}
{{- $healthPort = .Values.sidecar.alerts.startupProbe.httpGet.port -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $healthPort | quote -}}
{{- end -}}
{{/*
Give health port for datasources sidecar
*/}}
{{- define "grafana.sidecar.datasources.healthPort" -}}
{{- $healthPort := 8082 -}}
{{- if hasKey .Values.sidecar.datasources "startupProbe" -}}
{{- if hasKey .Values.sidecar.datasources.startupProbe "httpGet" -}}
{{- if hasKey .Values.sidecar.datasources.startupProbe.httpGet "port" -}}
{{- $healthPort = .Values.sidecar.datasources.startupProbe.httpGet.port -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $healthPort | quote -}}
{{- end -}}
{{/*
Give health port for notifiers sidecar
*/}}
{{- define "grafana.sidecar.notifiers.healthPort" -}}
{{- $healthPort := 8083 -}}
{{- if hasKey .Values.sidecar.notifiers "startupProbe" -}}
{{- if hasKey .Values.sidecar.notifiers.startupProbe "httpGet" -}}
{{- if hasKey .Values.sidecar.notifiers.startupProbe.httpGet "port" -}}
{{- $healthPort = .Values.sidecar.notifiers.startupProbe.httpGet.port -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $healthPort | quote -}}
{{- end -}}
{{/*
Give health port for dashboards sidecar
*/}}
{{- define "grafana.sidecar.dashboards.healthPort" -}}
{{- $healthPort := 8084 -}}
{{- if hasKey .Values.sidecar.dashboards "startupProbe" -}}
{{- if hasKey .Values.sidecar.dashboards.startupProbe "httpGet" -}}
{{- if hasKey .Values.sidecar.dashboards.startupProbe.httpGet "port" -}}
{{- $healthPort = .Values.sidecar.dashboards.startupProbe.httpGet.port -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $healthPort | quote -}}
{{- end -}}

506
charts/rancher-monitoring/charts/grafana/templates/_pod.tpl → charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl
View File

@ -7,6 +7,9 @@ schedulerName: "{{ . }}"
serviceAccountName: {{ include "grafana.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
shareProcessNamespace: {{ .Values.shareProcessNamespace }}
{{- if kindIs "bool" .Values.hostUsers }}
hostUsers: {{ .Values.hostUsers }}
{{- end }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 2 }}
@ -25,16 +28,22 @@ dnsConfig:
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.extraInitContainers (and .Values.sidecar.alerts.enabled .Values.sidecar.alerts.initAlerts) (and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources) (and .Values.sidecar.notifiers.enabled .Values.sidecar.notifiers.initNotifiers)) }}
{{- if ( or (and .Values.persistence.enabled .Values.initChownData.enabled)
.Values.dashboards
.Values.extraInitContainers
(and .Values.sidecar.alerts.enabled .Values.sidecar.alerts.initAlerts)
(and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources)
(and .Values.sidecar.notifiers.enabled .Values.sidecar.notifiers.initNotifiers)
(and .Values.sidecar.dashboards.enabled .Values.sidecar.dashboards.initDashboards)) }}
initContainers:
{{- end }}
{{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }}
- name: init-chown-data
{{- $registry := include "system_default_registry" . | default .Values.initChownData.image.registry -}}
{{- $registry := .Values.global.imageRegistry | default .Values.initChownData.image.registry -}}
{{- if .Values.initChownData.image.sha }}
image: "{{ $registry }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}"
image: "{{ $registry }}/{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}"
{{- else }}
image: "{{ $registry }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}"
image: "{{ $registry }}/{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }}
{{- with .Values.initChownData.securityContext }}
@ -59,11 +68,11 @@ initContainers:
{{- end }}
{{- if .Values.dashboards }}
- name: download-dashboards
{{- $registry := include "system_default_registry" . | default .Values.downloadDashboardsImage.registry -}}
{{- $registry := .Values.global.imageRegistry | default .Values.downloadDashboardsImage.registry -}}
{{- if .Values.downloadDashboardsImage.sha }}
image: "{{ $registry }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}"
image: "{{ $registry }}/{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}"
{{- else }}
image: "{{ $registry }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}"
image: "{{ $registry }}/{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }}
command: ["/bin/sh"]
@ -108,29 +117,52 @@ initContainers:
{{- end }}
{{- if and .Values.sidecar.alerts.enabled .Values.sidecar.alerts.initAlerts }}
- name: {{ include "grafana.name" . }}-init-sc-alerts
{{- $registry := include "system_default_registry" . | default .Values.sidecar.image.registry -}}
{{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}}
{{- if .Values.sidecar.image.sha }}
image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
{{- if .Values.sidecar.alerts.restartPolicy }}
restartPolicy: {{ .Values.sidecar.alerts.restartPolicy }}
{{- with .Values.sidecar.alerts.startupProbe }}
startupProbe:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
env:
{{- range $key, $value := .Values.sidecar.alerts.env }}
- name: "{{ $key }}"
value: "{{ $value }}"
{{- end }}
{{- range $key, $value := .Values.sidecar.alerts.envValueFrom }}
- name: {{ $key | quote }}
valueFrom:
{{- tpl (toYaml $value) $ | nindent 10 }}
{{- end }}
- name: HEALTH_PORT
value: {{ include "grafana.sidecar.alerts.healthPort" . }}
{{- if .Values.sidecar.alerts.ignoreAlreadyProcessed }}
- name: IGNORE_ALREADY_PROCESSED
value: "true"
{{- end }}
{{- if and .Values.sidecar.alerts.restartPolicy (eq .Values.sidecar.alerts.restartPolicy "Always")}}
- name: METHOD
value: {{ .Values.sidecar.alerts.watchMethod }}
{{- if eq .Values.sidecar.alerts.watchMethod "WATCH" }}
- name: REQ_SKIP_INIT
value: "true"
{{- end }}
{{- else }}
- name: METHOD
value: "LIST"
{{- end }}
- name: LABEL
value: "{{ .Values.sidecar.alerts.label }}"
value: "{{ tpl .Values.sidecar.alerts.label $root }}"
{{- with .Values.sidecar.alerts.labelValue }}
- name: LABEL_VALUE
value: {{ quote . }}
value: {{ quote (tpl . $root) }}
{{- end }}
{{- if or .Values.sidecar.logLevel .Values.sidecar.alerts.logLevel }}
- name: LOG_LEVEL
@ -146,7 +178,7 @@ initContainers:
{{- end }}
{{- with .Values.sidecar.alerts.searchNamespace }}
- name: NAMESPACE
value: {{ . | join "," | quote }}
value: "{{ tpl (. | join ",") $root }}"
{{- end }}
{{- with .Values.sidecar.alerts.skipTlsVerify }}
- name: SKIP_TLS_VERIFY
@ -181,13 +213,20 @@ initContainers:
{{- end }}
{{- if and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources }}
- name: {{ include "grafana.name" . }}-init-sc-datasources
{{- $registry := include "system_default_registry" . | default .Values.sidecar.image.registry -}}
{{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}}
{{- if .Values.sidecar.image.sha }}
image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
{{- if .Values.sidecar.datasources.restartPolicy }}
restartPolicy: {{ .Values.sidecar.datasources.restartPolicy }}
{{- with .Values.sidecar.datasources.startupProbe }}
startupProbe:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
env:
{{- range $key, $value := .Values.sidecar.datasources.env }}
- name: "{{ $key }}"
@ -198,17 +237,19 @@ initContainers:
valueFrom:
{{- tpl (toYaml $value) $ | nindent 10 }}
{{- end }}
- name: HEALTH_PORT
value: {{ include "grafana.sidecar.datasources.healthPort" . }}
{{- if .Values.sidecar.datasources.ignoreAlreadyProcessed }}
- name: IGNORE_ALREADY_PROCESSED
value: "true"
{{- end }}
- name: METHOD
value: "LIST"
value: {{ .Values.sidecar.datasources.watchMethod }}
- name: LABEL
value: "{{ .Values.sidecar.datasources.label }}"
value: "{{ tpl .Values.sidecar.datasources.label $root }}"
{{- with .Values.sidecar.datasources.labelValue }}
- name: LABEL_VALUE
value: {{ quote . }}
value: {{ quote (tpl . $root) }}
{{- end }}
{{- if or .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }}
- name: LOG_LEVEL
@ -218,18 +259,84 @@ initContainers:
value: "/etc/grafana/provisioning/datasources"
- name: RESOURCE
value: {{ quote .Values.sidecar.datasources.resource }}
{{- if .Values.sidecar.datasources.resourceName }}
- name: RESOURCE_NAME
value: {{ quote .Values.sidecar.datasources.resourceName }}
{{- end }}
{{- with .Values.sidecar.enableUniqueFilenames }}
- name: UNIQUE_FILENAMES
value: "{{ . }}"
{{- end }}
{{- if .Values.sidecar.datasources.searchNamespace }}
{{- with .Values.sidecar.datasources.searchNamespace }}
- name: NAMESPACE
value: "{{ tpl (.Values.sidecar.datasources.searchNamespace | join ",") . }}"
value: "{{ tpl (. | join ",") $root }}"
{{- end }}
{{- with .Values.sidecar.skipTlsVerify }}
{{- if .Values.sidecar.skipTlsVerify }}
- name: SKIP_TLS_VERIFY
value: "{{ . }}"
value: "{{ .Values.sidecar.skipTlsVerify }}"
{{- end }}
{{- with .Values.sidecar.datasources.script }}
- name: SCRIPT
value: {{ quote . }}
{{- end }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
- name: REQ_USERNAME
valueFrom:
secretKeyRef:
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
key: {{ .Values.admin.userKey | default "admin-user" }}
{{- end }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
- name: REQ_PASSWORD
valueFrom:
secretKeyRef:
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
key: {{ .Values.admin.passwordKey | default "admin-password" }}
{{- end }}
{{- if not .Values.sidecar.datasources.skipReload }}
- name: REQ_URL
value: {{ .Values.sidecar.datasources.reloadURL }}
- name: REQ_METHOD
value: POST
{{- if eq .Values.sidecar.datasources.watchMethod "WATCH" }}
- name: REQ_SKIP_INIT
value: "true"
{{- end }}
{{- end }}
{{- if .Values.sidecar.datasources.watchServerTimeout }}
{{- if ne .Values.sidecar.datasources.watchMethod "WATCH" }}
{{- fail (printf "Cannot use .Values.sidecar.datasources.watchServerTimeout with .Values.sidecar.datasources.watchMethod %s" .Values.sidecar.datasources.watchMethod) }}
{{- end }}
- name: WATCH_SERVER_TIMEOUT
value: "{{ .Values.sidecar.datasources.watchServerTimeout }}"
{{- end }}
{{- if .Values.sidecar.datasources.watchClientTimeout }}
{{- if ne .Values.sidecar.datasources.watchMethod "WATCH" }}
{{- fail (printf "Cannot use .Values.sidecar.datasources.watchClientTimeout with .Values.sidecar.datasources.watchMethod %s" .Values.sidecar.datasources.watchMethod) }}
{{- end }}
- name: WATCH_CLIENT_TIMEOUT
value: "{{ .Values.sidecar.datasources.watchClientTimeout }}"
{{- end }}
{{- if .Values.sidecar.datasources.maxTotalRetries }}
- name: REQ_RETRY_TOTAL
value: "{{ .Values.sidecar.datasources.maxTotalRetries }}"
{{- end }}
{{- if .Values.sidecar.datasources.maxConnectRetries }}
- name: REQ_RETRY_CONNECT
value: "{{ .Values.sidecar.datasources.maxConnectRetries }}"
{{- end }}
{{- if .Values.sidecar.datasources.maxReadRetries }}
- name: REQ_RETRY_READ
value: "{{ .Values.sidecar.datasources.maxReadRetries }}"
{{- end }}
{{- with .Values.sidecar.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.sidecar.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.sidecar.resources }}
resources:
{{- toYaml . | nindent 6 }}
@ -241,32 +348,53 @@ initContainers:
volumeMounts:
- name: sc-datasources-volume
mountPath: "/etc/grafana/provisioning/datasources"
{{- with .Values.sidecar.datasources.extraMounts }}
{{- toYaml . | trim | nindent 6 }}
{{- end }}
{{- end }}
{{- if and .Values.sidecar.notifiers.enabled .Values.sidecar.notifiers.initNotifiers }}
- name: {{ include "grafana.name" . }}-init-sc-notifiers
{{- $registry := include "system_default_registry" . | default .Values.sidecar.image.registry -}}
{{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}}
{{- if .Values.sidecar.image.sha }}
image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
{{- if .Values.sidecar.notifiers.restartPolicy }}
restartPolicy: {{ .Values.sidecar.notifiers.restartPolicy }}
{{- with .Values.sidecar.notifiers.startupProbe }}
startupProbe:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
env:
{{- range $key, $value := .Values.sidecar.notifiers.env }}
- name: "{{ $key }}"
value: "{{ $value }}"
{{- end }}
- name: HEALTH_PORT
value: {{ include "grafana.sidecar.notifiers.healthPort" . }}
{{- if .Values.sidecar.notifiers.ignoreAlreadyProcessed }}
- name: IGNORE_ALREADY_PROCESSED
value: "true"
{{- end }}
{{- if and .Values.sidecar.notifiers.restartPolicy (eq .Values.sidecar.notifiers.restartPolicy "Always")}}
- name: METHOD
value: {{ .Values.sidecar.notifiers.watchMethod }}
{{- if eq .Values.sidecar.notifiers.watchMethod "WATCH" }}
- name: REQ_SKIP_INIT
value: "true"
{{- end }}
{{- else }}
- name: METHOD
value: LIST
{{- end }}
- name: LABEL
value: "{{ .Values.sidecar.notifiers.label }}"
value: "{{ tpl .Values.sidecar.notifiers.label $root }}"
{{- with .Values.sidecar.notifiers.labelValue }}
- name: LABEL_VALUE
value: {{ quote . }}
value: {{ quote (tpl . $root) }}
{{- end }}
{{- if or .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }}
- name: LOG_LEVEL
@ -288,6 +416,10 @@ initContainers:
- name: SKIP_TLS_VERIFY
value: "{{ . }}"
{{- end }}
{{- with .Values.sidecar.notifiers.script }}
- name: SCRIPT
value: {{ quote . }}
{{- end }}
{{- with .Values.sidecar.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 6 }}
@ -307,6 +439,154 @@ initContainers:
volumeMounts:
- name: sc-notifiers-volume
mountPath: "/etc/grafana/provisioning/notifiers"
{{- with .Values.sidecar.notifiers.extraMounts }}
{{- toYaml . | trim | nindent 6 }}
{{- end }}
{{- end}}
{{- if and .Values.sidecar.dashboards.enabled .Values.sidecar.dashboards.initDashboards }}
- name: {{ include "grafana.name" . }}-init-sc-dashboard
{{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}}
{{- if .Values.sidecar.image.sha }}
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
{{- if .Values.sidecar.dashboards.restartPolicy }}
restartPolicy: {{ .Values.sidecar.dashboards.restartPolicy }}
{{- with .Values.sidecar.dashboards.startupProbe }}
startupProbe:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
env:
{{- range $key, $value := .Values.sidecar.dashboards.env }}
- name: "{{ $key }}"
value: "{{ $value }}"
{{- end }}
{{- range $key, $value := .Values.sidecar.dashboards.envValueFrom }}
- name: {{ $key | quote }}
valueFrom:
{{- tpl (toYaml $value) $ | nindent 10 }}
{{- end }}
- name: HEALTH_PORT
value: {{ include "grafana.sidecar.dashboards.healthPort" . }}
{{- if .Values.sidecar.dashboards.ignoreAlreadyProcessed }}
- name: IGNORE_ALREADY_PROCESSED
value: "true"
{{- end }}
- name: METHOD
value: {{ .Values.sidecar.dashboards.watchMethod }}
- name: LABEL
value: "{{ tpl .Values.sidecar.dashboards.label $root }}"
{{- with .Values.sidecar.dashboards.labelValue }}
- name: LABEL_VALUE
value: {{ quote (tpl . $root) }}
{{- end }}
{{- if or .Values.sidecar.logLevel .Values.sidecar.dashboards.logLevel }}
- name: LOG_LEVEL
value: {{ default .Values.sidecar.logLevel .Values.sidecar.dashboards.logLevel }}
{{- end }}
- name: FOLDER
value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}"
- name: RESOURCE
value: {{ quote .Values.sidecar.dashboards.resource }}
{{- if .Values.sidecar.dashboards.resourceName }}
- name: RESOURCE_NAME
value: {{ quote .Values.sidecar.dashboards.resourceName }}
{{- end }}
{{- with .Values.sidecar.enableUniqueFilenames }}
- name: UNIQUE_FILENAMES
value: "{{ . }}"
{{- end }}
{{- with .Values.sidecar.dashboards.searchNamespace }}
- name: NAMESPACE
value: "{{ tpl (. | join ",") $root }}"
{{- end }}
{{- with .Values.sidecar.skipTlsVerify }}
- name: SKIP_TLS_VERIFY
value: "{{ . }}"
{{- end }}
{{- with .Values.sidecar.dashboards.folderAnnotation }}
- name: FOLDER_ANNOTATION
value: "{{ . }}"
{{- end }}
{{- with .Values.sidecar.dashboards.script }}
- name: SCRIPT
value: {{ quote . }}
{{- end }}
{{- if not .Values.sidecar.dashboards.skipReload }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
- name: REQ_USERNAME
valueFrom:
secretKeyRef:
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
key: {{ .Values.admin.userKey | default "admin-user" }}
{{- end }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
- name: REQ_PASSWORD
valueFrom:
secretKeyRef:
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
key: {{ .Values.admin.passwordKey | default "admin-password" }}
{{- end }}
- name: REQ_URL
value: {{ .Values.sidecar.dashboards.reloadURL }}
- name: REQ_METHOD
value: POST
{{- if eq .Values.sidecar.dashboards.watchMethod "WATCH" }}
- name: REQ_SKIP_INIT
value: "true"
{{- end }}
{{- end }}
{{- if .Values.sidecar.dashboards.watchServerTimeout }}
{{- if ne .Values.sidecar.dashboards.watchMethod "WATCH" }}
{{- fail (printf "Cannot use .Values.sidecar.dashboards.watchServerTimeout with .Values.sidecar.dashboards.watchMethod %s" .Values.sidecar.dashboards.watchMethod) }}
{{- end }}
- name: WATCH_SERVER_TIMEOUT
value: "{{ .Values.sidecar.dashboards.watchServerTimeout }}"
{{- end }}
{{- if .Values.sidecar.dashboards.watchClientTimeout }}
{{- if ne .Values.sidecar.dashboards.watchMethod "WATCH" }}
{{- fail (printf "Cannot use .Values.sidecar.dashboards.watchClientTimeout with .Values.sidecar.dashboards.watchMethod %s" .Values.sidecar.dashboards.watchMethod) }}
{{- end }}
- name: WATCH_CLIENT_TIMEOUT
value: {{ .Values.sidecar.dashboards.watchClientTimeout | quote }}
{{- end }}
{{- if .Values.sidecar.dashboards.maxTotalRetries }}
- name: REQ_RETRY_TOTAL
value: "{{ .Values.sidecar.dashboards.maxTotalRetries }}"
{{- end }}
{{- if .Values.sidecar.dashboards.maxConnectRetries }}
- name: REQ_RETRY_CONNECT
value: "{{ .Values.sidecar.dashboards.maxConnectRetries }}"
{{- end }}
{{- if .Values.sidecar.dashboards.maxReadRetries }}
- name: REQ_RETRY_READ
value: "{{ .Values.sidecar.dashboards.maxReadRetries }}"
{{- end }}
{{- with .Values.sidecar.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.sidecar.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.sidecar.resources }}
resources:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.sidecar.securityContext }}
securityContext:
{{- toYaml . | nindent 6 }}
{{- end }}
volumeMounts:
- name: sc-dashboard-volume
mountPath: {{ .Values.sidecar.dashboards.folder | quote }}
{{- with .Values.sidecar.dashboards.extraMounts }}
{{- toYaml . | trim | nindent 6 }}
{{- end }}
{{- end}}
{{- with .Values.extraInitContainers }}
{{- tpl (toYaml .) $root | nindent 2 }}
@ -321,11 +601,11 @@ enableServiceLinks: {{ .Values.enableServiceLinks }}
containers:
{{- if and .Values.sidecar.alerts.enabled (not .Values.sidecar.alerts.initAlerts) }}
- name: {{ include "grafana.name" . }}-sc-alerts
{{- $registry := include "system_default_registry" . | default .Values.sidecar.image.registry -}}
{{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}}
{{- if .Values.sidecar.image.sha }}
image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
env:
@ -333,6 +613,11 @@ containers:
- name: "{{ $key }}"
value: "{{ $value }}"
{{- end }}
{{- range $key, $value := .Values.sidecar.alerts.envValueFrom }}
- name: {{ $key | quote }}
valueFrom:
{{- tpl (toYaml $value) $ | nindent 10 }}
{{- end }}
{{- if .Values.sidecar.alerts.ignoreAlreadyProcessed }}
- name: IGNORE_ALREADY_PROCESSED
value: "true"
@ -340,10 +625,10 @@ containers:
- name: METHOD
value: {{ .Values.sidecar.alerts.watchMethod }}
- name: LABEL
value: "{{ .Values.sidecar.alerts.label }}"
value: "{{ tpl .Values.sidecar.alerts.label $root }}"
{{- with .Values.sidecar.alerts.labelValue }}
- name: LABEL_VALUE
value: {{ quote . }}
value: {{ quote (tpl . $root) }}
{{- end }}
{{- if or .Values.sidecar.logLevel .Values.sidecar.alerts.logLevel }}
- name: LOG_LEVEL
@ -353,13 +638,17 @@ containers:
value: "/etc/grafana/provisioning/alerting"
- name: RESOURCE
value: {{ quote .Values.sidecar.alerts.resource }}
{{- if .Values.sidecar.alerts.resourceName }}
- name: RESOURCE_NAME
value: {{ quote .Values.sidecar.alerts.resourceName }}
{{- end }}
{{- with .Values.sidecar.enableUniqueFilenames }}
- name: UNIQUE_FILENAMES
value: "{{ . }}"
{{- end }}
{{- with .Values.sidecar.alerts.searchNamespace }}
- name: NAMESPACE
value: {{ . | join "," | quote }}
value: "{{ tpl (. | join ",") $root }}"
{{- end }}
{{- with .Values.sidecar.alerts.skipTlsVerify }}
- name: SKIP_TLS_VERIFY
@ -369,7 +658,7 @@ containers:
- name: SCRIPT
value: {{ quote . }}
{{- end }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_ADMIN_USER__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
- name: REQ_USERNAME
valueFrom:
secretKeyRef:
@ -438,13 +727,13 @@ containers:
{{- toYaml . | trim | nindent 6 }}
{{- end }}
{{- end}}
{{- if .Values.sidecar.dashboards.enabled }}
{{- if and .Values.sidecar.dashboards.enabled (not .Values.sidecar.dashboards.initDashboards) }}
- name: {{ include "grafana.name" . }}-sc-dashboard
{{- $registry := include "system_default_registry" . | default .Values.sidecar.image.registry -}}
{{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}}
{{- if .Values.sidecar.image.sha }}
image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
env:
@ -464,10 +753,10 @@ containers:
- name: METHOD
value: {{ .Values.sidecar.dashboards.watchMethod }}
- name: LABEL
value: "{{ .Values.sidecar.dashboards.label }}"
value: "{{ tpl .Values.sidecar.dashboards.label $root }}"
{{- with .Values.sidecar.dashboards.labelValue }}
- name: LABEL_VALUE
value: {{ quote . }}
value: {{ quote (tpl . $root) }}
{{- end }}
{{- if or .Values.sidecar.logLevel .Values.sidecar.dashboards.logLevel }}
- name: LOG_LEVEL
@ -477,6 +766,10 @@ containers:
value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}"
- name: RESOURCE
value: {{ quote .Values.sidecar.dashboards.resource }}
{{- if .Values.sidecar.dashboards.resourceName }}
- name: RESOURCE_NAME
value: {{ quote .Values.sidecar.dashboards.resourceName }}
{{- end }}
{{- with .Values.sidecar.enableUniqueFilenames }}
- name: UNIQUE_FILENAMES
value: "{{ . }}"
@ -495,10 +788,10 @@ containers:
{{- end }}
{{- with .Values.sidecar.dashboards.script }}
- name: SCRIPT
value: "{{ . }}"
value: {{ quote . }}
{{- end }}
{{- if not .Values.sidecar.dashboards.skipReload }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_ADMIN_USER__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
- name: REQ_USERNAME
valueFrom:
secretKeyRef:
@ -568,11 +861,11 @@ containers:
{{- end}}
{{- if and .Values.sidecar.datasources.enabled (not .Values.sidecar.datasources.initDatasources) }}
- name: {{ include "grafana.name" . }}-sc-datasources
{{- $registry := include "system_default_registry" . | default .Values.sidecar.image.registry -}}
{{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}}
{{- if .Values.sidecar.image.sha }}
image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
env:
@ -592,10 +885,10 @@ containers:
- name: METHOD
value: {{ .Values.sidecar.datasources.watchMethod }}
- name: LABEL
value: "{{ .Values.sidecar.datasources.label }}"
value: "{{ tpl .Values.sidecar.datasources.label $root }}"
{{- with .Values.sidecar.datasources.labelValue }}
- name: LABEL_VALUE
value: {{ quote . }}
value: {{ quote (tpl . $root) }}
{{- end }}
{{- if or .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }}
- name: LOG_LEVEL
@ -605,6 +898,10 @@ containers:
value: "/etc/grafana/provisioning/datasources"
- name: RESOURCE
value: {{ quote .Values.sidecar.datasources.resource }}
{{- if .Values.sidecar.datasources.resourceName }}
- name: RESOURCE_NAME
value: {{ quote .Values.sidecar.datasources.resourceName }}
{{- end }}
{{- with .Values.sidecar.enableUniqueFilenames }}
- name: UNIQUE_FILENAMES
value: "{{ . }}"
@ -617,11 +914,11 @@ containers:
- name: SKIP_TLS_VERIFY
value: "{{ .Values.sidecar.skipTlsVerify }}"
{{- end }}
{{- if .Values.sidecar.datasources.script }}
{{- with .Values.sidecar.datasources.script }}
- name: SCRIPT
value: "{{ .Values.sidecar.datasources.script }}"
value: {{ quote . }}
{{- end }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_ADMIN_USER__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
- name: REQ_USERNAME
valueFrom:
secretKeyRef:
@ -690,13 +987,13 @@ containers:
{{- toYaml . | trim | nindent 6 }}
{{- end }}
{{- end}}
{{- if .Values.sidecar.notifiers.enabled }}
{{- if and .Values.sidecar.notifiers.enabled (not .Values.sidecar.notifiers.initNotifiers) }}
- name: {{ include "grafana.name" . }}-sc-notifiers
{{- $registry := include "system_default_registry" . | default .Values.sidecar.image.registry -}}
{{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}}
{{- if .Values.sidecar.image.sha }}
image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
env:
@ -711,10 +1008,10 @@ containers:
- name: METHOD
value: {{ .Values.sidecar.notifiers.watchMethod }}
- name: LABEL
value: "{{ .Values.sidecar.notifiers.label }}"
value: "{{ tpl .Values.sidecar.notifiers.label $root }}"
{{- with .Values.sidecar.notifiers.labelValue }}
- name: LABEL_VALUE
value: {{ quote . }}
value: {{ quote (tpl . $root) }}
{{- end }}
{{- if or .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }}
- name: LOG_LEVEL
@ -724,6 +1021,10 @@ containers:
value: "/etc/grafana/provisioning/notifiers"
- name: RESOURCE
value: {{ quote .Values.sidecar.notifiers.resource }}
{{- if .Values.sidecar.notifiers.resourceName }}
- name: RESOURCE_NAME
value: {{ quote .Values.sidecar.notifiers.resourceName }}
{{- end }}
{{- if .Values.sidecar.enableUniqueFilenames }}
- name: UNIQUE_FILENAMES
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
@ -736,11 +1037,11 @@ containers:
- name: SKIP_TLS_VERIFY
value: "{{ . }}"
{{- end }}
{{- if .Values.sidecar.notifiers.script }}
{{- with .Values.sidecar.notifiers.script }}
- name: SCRIPT
value: "{{ .Values.sidecar.notifiers.script }}"
value: {{ quote . }}
{{- end }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_ADMIN_USER__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
- name: REQ_USERNAME
valueFrom:
secretKeyRef:
@ -811,11 +1112,11 @@ containers:
{{- end}}
{{- if .Values.sidecar.plugins.enabled }}
- name: {{ include "grafana.name" . }}-sc-plugins
{{- $registry := include "system_default_registry" . | default .Values.sidecar.image.registry -}}
{{- $registry := .Values.global.imageRegistry | default .Values.sidecar.image.registry -}}
{{- if .Values.sidecar.image.sha }}
image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ $registry }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
image: "{{ $registry }}/{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
env:
@ -830,10 +1131,10 @@ containers:
- name: METHOD
value: {{ .Values.sidecar.plugins.watchMethod }}
- name: LABEL
value: "{{ .Values.sidecar.plugins.label }}"
value: "{{ tpl .Values.sidecar.plugins.label $root }}"
{{- if .Values.sidecar.plugins.labelValue }}
- name: LABEL_VALUE
value: {{ quote .Values.sidecar.plugins.labelValue }}
value: {{ quote (tpl .Values.sidecar.plugins.labelValue $) }}
{{- end }}
{{- if or .Values.sidecar.logLevel .Values.sidecar.plugins.logLevel }}
- name: LOG_LEVEL
@ -843,6 +1144,10 @@ containers:
value: "/etc/grafana/provisioning/plugins"
- name: RESOURCE
value: {{ quote .Values.sidecar.plugins.resource }}
{{- if .Values.sidecar.plugins.resourceName }}
- name: RESOURCE_NAME
value: {{ quote .Values.sidecar.plugins.resourceName }}
{{- end }}
{{- with .Values.sidecar.enableUniqueFilenames }}
- name: UNIQUE_FILENAMES
value: "{{ . }}"
@ -853,13 +1158,13 @@ containers:
{{- end }}
{{- with .Values.sidecar.plugins.script }}
- name: SCRIPT
value: "{{ . }}"
value: {{ quote . }}
{{- end }}
{{- with .Values.sidecar.skipTlsVerify }}
- name: SKIP_TLS_VERIFY
value: "{{ . }}"
{{- end }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_ADMIN_USER__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
- name: REQ_USERNAME
valueFrom:
secretKeyRef:
@ -928,12 +1233,12 @@ containers:
{{- toYaml . | trim | nindent 6 }}
{{- end }}
{{- end}}
- name: {{ .Chart.Name }}
{{- $registry := include "system_default_registry" . | default .Values.image.registry -}}
- name: grafana
{{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}}
{{- if .Values.image.sha }}
image: "{{ $registry }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.image.sha }}"
image: "{{ $registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.image.sha }}"
{{- else }}
image: "{{ $registry }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: "{{ $registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.command }}
@ -972,6 +1277,8 @@ containers:
{{- with .Values.persistence.subPath }}
subPath: {{ tpl . $root }}
{{- end }}
- name: search
mountPath: "/var/lib/grafana-search"
{{- with .Values.dashboards }}
{{- range $provider, $dashboards := . }}
{{- range $key, $value := $dashboards }}
@ -992,7 +1299,7 @@ containers:
{{- with .Values.datasources }}
{{- $datasources := . }}
{{- range (keys . | sortAlpha) }}
{{- if (or (hasKey (index $datasources .) "secret")) }} {{/*check if current datasource should be handeled as secret */}}
{{- if (or (hasKey (index $datasources .) "secret")) }} {{/*check if current datasource should be handled as secret */}}
- name: config-secret
mountPath: "/etc/grafana/provisioning/datasources/{{ . }}"
subPath: {{ . | quote }}
@ -1006,7 +1313,7 @@ containers:
{{- with .Values.notifiers }}
{{- $notifiers := . }}
{{- range (keys . | sortAlpha) }}
{{- if (or (hasKey (index $notifiers .) "secret")) }} {{/*check if current notifier should be handeled as secret */}}
{{- if (or (hasKey (index $notifiers .) "secret")) }} {{/*check if current notifier should be handled as secret */}}
- name: config-secret
mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}"
subPath: {{ . | quote }}
@ -1020,7 +1327,7 @@ containers:
{{- with .Values.alerting }}
{{- $alertingmap := .}}
{{- range (keys . | sortAlpha) }}
{{- if (or (hasKey (index $.Values.alerting .) "secret") (hasKey (index $.Values.alerting .) "secretFile")) }} {{/*check if current alerting entry should be handeled as secret */}}
{{- if (or (hasKey (index $.Values.alerting .) "secret") (hasKey (index $.Values.alerting .) "secretFile")) }} {{/*check if current alerting entry should be handled as secret */}}
- name: config-secret
mountPath: "/etc/grafana/provisioning/alerting/{{ . }}"
subPath: {{ . | quote }}
@ -1097,7 +1404,7 @@ containers:
valueFrom:
fieldRef:
fieldPath: status.podIP
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_ADMIN_USER__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
- name: GF_SECURITY_ADMIN_USER
valueFrom:
secretKeyRef:
@ -1112,7 +1419,7 @@ containers:
key: {{ .Values.admin.passwordKey | default "admin-password" }}
{{- end }}
{{- if .Values.plugins }}
- name: GF_INSTALL_PLUGINS
- name: GF_PLUGINS_PREINSTALL_SYNC
valueFrom:
configMapKeyRef:
name: {{ include "grafana.fullname" . }}
@ -1135,7 +1442,7 @@ containers:
{{- if .Values.imageRenderer.serverURL }}
value: {{ .Values.imageRenderer.serverURL | quote }}
{{- else }}
value: http://{{ include "grafana.fullname" . }}-image-renderer.{{ include "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render
value: http://{{ include "grafana.imageRenderer.fullname" . }}-image-renderer.{{ include "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render
{{- end }}
- name: GF_RENDERING_CALLBACK_URL
{{- if .Values.imageRenderer.renderingCallbackURL }}
@ -1152,6 +1459,15 @@ containers:
value: {{ (get .Values "grafana.ini").paths.plugins }}
- name: GF_PATHS_PROVISIONING
value: {{ (get .Values "grafana.ini").paths.provisioning }}
- name: GF_UNIFIED_STORAGE_INDEX_PATH
value: {{ (get .Values "grafana.ini").unified_storage.index_path }}
{{- if (.Values.resources.limits).memory }}
- name: GOMEMLIMIT
valueFrom:
resourceFieldRef:
divisor: "1"
resource: limits.memory
{{- end }}
{{- range $key, $value := .Values.envValueFrom }}
- name: {{ $key | quote }}
valueFrom:
@ -1207,8 +1523,8 @@ containers:
{{- with .Values.extraContainers }}
{{- tpl . $ | nindent 2 }}
{{- end }}
nodeSelector: {{ include "linux-node-selector" . | nindent 2 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.affinity }}
@ -1219,8 +1535,8 @@ affinity:
topologySpreadConstraints:
{{- toYaml . | nindent 2 }}
{{- end }}
tolerations: {{ include "linux-node-tolerations" . | nindent 2 }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 2 }}
{{- end }}
volumes:
@ -1289,23 +1605,29 @@ volumes:
emptyDir: {}
{{- end }}
{{- end }}
- name: search
emptyDir: {}
{{- if .Values.sidecar.alerts.enabled }}
- name: sc-alerts-volume
{{- if .Values.sidecar.alerts.sizeLimit }}
emptyDir:
{{- with .Values.sidecar.alerts.sizeLimit }}
sizeLimit: {{ . }}
{{- else }}
{}
{{- end }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
{{- if .Values.sidecar.dashboards.enabled }}
- name: sc-dashboard-volume
{{- if .Values.sidecar.dashboards.sizeLimit }}
emptyDir:
{{- with .Values.sidecar.dashboards.sizeLimit }}
sizeLimit: {{ . }}
{{- else }}
{}
{{- end }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.sidecar.dashboards.SCProvider }}
- name: sc-dashboard-provider
configMap:
@ -1314,30 +1636,36 @@ volumes:
{{- end }}
{{- if .Values.sidecar.datasources.enabled }}
- name: sc-datasources-volume
{{- if .Values.sidecar.datasources.sizeLimit }}
emptyDir:
{{- with .Values.sidecar.datasources.sizeLimit }}
sizeLimit: {{ . }}
{{- else }}
{}
{{- end }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
{{- if .Values.sidecar.plugins.enabled }}
- name: sc-plugins-volume
{{- if .Values.sidecar.plugins.sizeLimit }}
emptyDir:
{{- with .Values.sidecar.plugins.sizeLimit }}
sizeLimit: {{ . }}
{{- else }}
{}
{{- end }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
{{- if .Values.sidecar.notifiers.enabled }}
- name: sc-notifiers-volume
{{- if .Values.sidecar.notifiers.sizeLimit }}
emptyDir:
{{- with .Values.sidecar.notifiers.sizeLimit }}
sizeLimit: {{ . }}
{{- else }}
{}
{{- end }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
{{- range .Values.extraSecretMounts }}
{{- if .secretName }}

0
charts/rancher-monitoring/charts/grafana/templates/clusterrole.yaml → charts/kube-prometheus-stack/charts/grafana/templates/clusterrole.yaml
View File

0
charts/rancher-monitoring/charts/grafana/templates/clusterrolebinding.yaml → charts/kube-prometheus-stack/charts/grafana/templates/clusterrolebinding.yaml
View File

0
charts/rancher-monitoring/charts/grafana/templates/configSecret.yaml → charts/kube-prometheus-stack/charts/grafana/templates/configSecret.yaml
View File

0
charts/rancher-monitoring/charts/grafana/templates/configmap-dashboard-provider.yaml → charts/kube-prometheus-stack/charts/grafana/templates/configmap-dashboard-provider.yaml
View File

0
charts/rancher-monitoring/charts/grafana/templates/configmap.yaml → charts/kube-prometheus-stack/charts/grafana/templates/configmap.yaml
View File

0
charts/rancher-monitoring/charts/grafana/templates/dashboards-json-configmap.yaml → charts/kube-prometheus-stack/charts/grafana/templates/dashboards-json-configmap.yaml
View File

0
charts/rancher-monitoring/charts/grafana/templates/deployment.yaml → charts/kube-prometheus-stack/charts/grafana/templates/deployment.yaml
View File

4
charts/rancher-monitoring/charts/grafana/templates/extra-manifests.yaml → charts/kube-prometheus-stack/charts/grafana/templates/extra-manifests.yaml
View File

@ -1,8 +1,8 @@
{{ range .Values.extraObjects }}
---
{{- if typeIs "string" . }}
{{ tpl . $ }}
{{ tpl . $ }}
{{ else }}
{{ tpl (. | toYaml) $ }}
{{ tpl (. | toYaml) $ }}
{{- end }}
{{ end }}

1
charts/rancher-monitoring/charts/grafana/templates/headless-service.yaml → charts/kube-prometheus-stack/charts/grafana/templates/headless-service.yaml
View File

@ -19,4 +19,5 @@ spec:
ports:
- name: {{ .Values.gossipPortName }}-tcp
port: 9094
targetPort: {{ .Values.gossipPortName }}-tcp
{{- end }}

0
charts/rancher-monitoring/charts/grafana/templates/hpa.yaml → charts/kube-prometheus-stack/charts/grafana/templates/hpa.yaml
View File

17
charts/rancher-monitoring/charts/grafana/templates/image-renderer-deployment.yaml → charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-deployment.yaml
View File

@ -47,6 +47,9 @@ spec:
serviceAccountName: "{{ . }}"
{{- end }}
automountServiceAccountToken: {{ .Values.imageRenderer.automountServiceAccountToken }}
{{- if kindIs "bool" .Values.imageRenderer.hostUsers }}
hostUsers: {{ .Values.imageRenderer.hostUsers }}
{{- end }}
{{- with .Values.imageRenderer.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
@ -58,19 +61,17 @@ spec:
{{- with .Values.imageRenderer.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- with .Values.imageRenderer.image.pullSecrets }}
{{- if or .Values.imageRenderer.image.pullSecrets .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- range . }}
- name: {{ tpl . $root }}
{{- end}}
{{- include "grafana.imagePullSecrets" (dict "root" $root "imagePullSecrets" .Values.imageRenderer.image.pullSecrets) | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}-image-renderer
{{- $registry := include "system_default_registry" | default .Values.imageRenderer.image.registry -}}
{{- $registry := .Values.global.imageRegistry | default .Values.imageRenderer.image.registry -}}
{{- if .Values.imageRenderer.image.sha }}
image: "{{ $registry }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}"
image: "{{ $registry }}/{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}"
{{- else }}
image: "{{ $registry }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}"
image: "{{ $registry }}/{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }}
{{- if .Values.imageRenderer.command }}
@ -85,7 +86,7 @@ spec:
protocol: TCP
livenessProbe:
httpGet:
path: /
path: {{ .Values.imageRenderer.healthcheckPath }}
port: {{ .Values.imageRenderer.service.portName }}
env:
- name: HTTP_PORT

0
charts/rancher-monitoring/charts/grafana/templates/image-renderer-hpa.yaml → charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-hpa.yaml
View File

0
charts/rancher-monitoring/charts/grafana/templates/image-renderer-network-policy.yaml → charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-network-policy.yaml
View File

6
charts/rancher-monitoring/charts/grafana/templates/image-renderer-service.yaml → charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-service.yaml
View File

@ -2,7 +2,7 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "grafana.fullname" . }}-image-renderer
name: {{ include "grafana.imageRenderer.fullname" . }}-image-renderer
namespace: {{ include "grafana.namespace" . }}
labels:
{{- include "grafana.imageRenderer.labels" . | nindent 4 }}
@ -11,7 +11,7 @@ metadata:
{{- end }}
{{- with .Values.imageRenderer.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- tpl (toYaml . | nindent 4) $ }}
{{- end }}
spec:
type: ClusterIP
@ -22,7 +22,7 @@ spec:
- name: {{ .Values.imageRenderer.service.portName }}
port: {{ .Values.imageRenderer.service.port }}
protocol: TCP
targetPort: {{ .Values.imageRenderer.service.targetPort }}
targetPort: {{ .Values.imageRenderer.service.portName }}
{{- with .Values.imageRenderer.appProtocol }}
appProtocol: {{ . }}
{{- end }}

2
charts/rancher-monitoring/charts/grafana/templates/image-renderer-servicemonitor.yaml → charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-servicemonitor.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.imageRenderer.serviceMonitor.enabled }}
{{- if and .Values.imageRenderer.enabled .Values.imageRenderer.serviceMonitor.enabled }}
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor

23
charts/rancher-monitoring/charts/grafana/templates/ingress.yaml → charts/kube-prometheus-stack/charts/grafana/templates/ingress.yaml
View File

@ -1,13 +1,10 @@
{{- if .Values.ingress.enabled -}}
{{- $ingressApiIsStable := eq (include "grafana.ingress.isStable" .) "true" -}}
{{- $ingressSupportsIngressClassName := eq (include "grafana.ingress.supportsIngressClassName" .) "true" -}}
{{- $ingressSupportsPathType := eq (include "grafana.ingress.supportsPathType" .) "true" -}}
{{- $fullName := include "grafana.fullname" . -}}
{{- $servicePort := .Values.service.port -}}
{{- $ingressPath := .Values.ingress.path -}}
{{- $ingressPathType := .Values.ingress.pathType -}}
{{- $extraPaths := .Values.ingress.extraPaths -}}
apiVersion: {{ include "grafana.ingress.apiVersion" . }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}
@ -24,9 +21,9 @@ metadata:
{{- end }}
{{- end }}
spec:
{{- if and $ingressSupportsIngressClassName .Values.ingress.ingressClassName }}
{{- if .Values.ingress.ingressClassName }}
ingressClassName: {{ .Values.ingress.ingressClassName }}
{{- end -}}
{{- end }}
{{- with .Values.ingress.tls }}
tls:
{{- tpl (toYaml .) $ | nindent 4 }}
@ -41,38 +38,24 @@ spec:
{{- toYaml . | nindent 10 }}
{{- end }}
- path: {{ $ingressPath }}
{{- if $ingressSupportsPathType }}
pathType: {{ $ingressPathType }}
{{- end }}
backend:
{{- if $ingressApiIsStable }}
service:
name: {{ $fullName }}
port:
number: {{ $servicePort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
{{- else }}
- http:
paths:
- backend:
{{- if $ingressApiIsStable }}
service:
name: {{ $fullName }}
port:
number: {{ $servicePort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- with $ingressPath }}
path: {{ . }}
{{- end }}
{{- if $ingressSupportsPathType }}
pathType: {{ $ingressPathType }}
{{- end }}
{{- end -}}
{{- end }}

4
charts/rancher-monitoring/charts/grafana/templates/networkpolicy.yaml → charts/kube-prometheus-stack/charts/grafana/templates/networkpolicy.yaml
View File

@ -52,6 +52,10 @@ spec:
- namespaceSelector:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- range .Values.networkPolicy.explicitIpBlocks }}
- ipBlock:
cidr: {{ . | quote }}
{{- end }}
- podSelector:
matchLabels:
{{- include "grafana.labels" . | nindent 14 }}

5
charts/rancher-monitoring/charts/grafana/templates/poddisruptionbudget.yaml → charts/kube-prometheus-stack/charts/grafana/templates/poddisruptionbudget.yaml
View File

@ -1,5 +1,5 @@
{{- if .Values.podDisruptionBudget }}
apiVersion: {{ include "grafana.podDisruptionBudget.apiVersion" . }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "grafana.fullname" . }}
@ -19,4 +19,7 @@ spec:
selector:
matchLabels:
{{- include "grafana.selectorLabels" . | nindent 6 }}
{{- with .Values.podDisruptionBudget.unhealthyPodEvictionPolicy }}
unhealthyPodEvictionPolicy: {{ . }}
{{- end }}
{{- end }}

12
charts/rancher-monitoring/charts/grafana/templates/podsecuritypolicy.yaml → charts/kube-prometheus-stack/charts/grafana/templates/podsecuritypolicy.yaml
View File

@ -1,13 +1,17 @@
{{- if and (or .Values.global.cattle.psp.enabled .Values.rbac.pspEnabled) (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "grafana.fullname" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- if .Values.rbac.pspAnnotations }}
annotations: {{ toYaml .Values.rbac.pspAnnotations | nindent 4 }}
{{- end }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
{{- if .Values.rbac.pspUseAppArmor }}
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false

6
charts/rancher-monitoring/charts/grafana/templates/pvc.yaml → charts/kube-prometheus-stack/charts/grafana/templates/pvc.yaml
View File

@ -19,15 +19,15 @@ metadata:
{{- end }}
spec:
accessModes:
{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" .Values.persistence.accessModes }}
{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" (first .Values.persistence.accessModes) }}
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if and (.Values.persistence.lookupVolumeName) (lookup "v1" "PersistentVolumeClaim" (include "grafana.namespace" .) (include "grafana.fullname" .)) }}
{{- if .Values.persistence.volumeName }}
volumeName: {{ .Values.persistence.volumeName }}
{{- else if and (.Values.persistence.lookupVolumeName) (lookup "v1" "PersistentVolumeClaim" (include "grafana.namespace" .) (include "grafana.fullname" .)) }}
volumeName: {{ (lookup "v1" "PersistentVolumeClaim" (include "grafana.namespace" .) (include "grafana.fullname" .)).spec.volumeName }}
{{- end }}
{{- with .Values.persistence.storageClassName }}

4
charts/rancher-monitoring/charts/grafana/templates/role.yaml → charts/kube-prometheus-stack/charts/grafana/templates/role.yaml
View File

@ -10,9 +10,9 @@ metadata:
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if or (or .Values.global.cattle.psp.enabled .Values.rbac.pspEnabled) (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.rbac.extraRoleRules)) }}
{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.rbac.extraRoleRules)) }}
rules:
{{- if and (or .Values.global.cattle.psp.enabled .Values.rbac.pspEnabled) (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']

0
charts/rancher-monitoring/charts/grafana/templates/rolebinding.yaml → charts/kube-prometheus-stack/charts/grafana/templates/rolebinding.yaml
View File

28
charts/rancher-monitoring/charts/grafana/templates/route.yaml → charts/kube-prometheus-stack/charts/grafana/templates/route.yaml
View File

@ -1,17 +1,16 @@
{{- range $name, $route := .Values.route }}
{{- if $route.enabled -}}
{{- if $route.enabled }}
---
apiVersion: {{ $route.apiVersion | default "gateway.networking.k8s.io/v1" }}
kind: {{ $route.kind | default "HTTPRoute" }}
metadata:
{{- with $route.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
name: {{ template "grafana.fullname" $ }}{{ if ne $name "main" }}-{{ $name }}{{ end }}
namespace: {{ template "grafana.namespace" $ }}
labels:
app: {{ template "grafana.name" $ }}-prometheus
{{- include "grafana.labels" $ | nindent 4 }}
{{- with $route.labels }}
{{- toYaml . | nindent 4 }}
@ -29,9 +28,19 @@ spec:
{{- if $route.additionalRules }}
{{- tpl (toYaml $route.additionalRules) $ | nindent 4 }}
{{- end }}
{{- if $route.httpsRedirect }}
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
{{- else }}
- backendRefs:
- name: {{ include "grafana.fullname" $ }}
port: {{ $.Values.service.port }}
group: ''
kind: Service
weight: 1
{{- with $route.filters }}
filters:
{{- toYaml . | nindent 8 }}
@ -40,5 +49,14 @@ spec:
matches:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
{{- with $route.timeouts }}
timeouts:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $route.sessionPersistence }}
sessionPersistence:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

1
charts/rancher-monitoring/charts/grafana/templates/secret-env.yaml → charts/kube-prometheus-stack/charts/grafana/templates/secret-env.yaml
View File

@ -6,6 +6,7 @@ metadata:
namespace: {{ include "grafana.namespace" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
app.kubernetes.io/component: env-secret
type: Opaque
data:
{{- range $key, $val := .Values.envRenderSecret }}

1
charts/rancher-monitoring/charts/grafana/templates/secret.yaml → charts/kube-prometheus-stack/charts/grafana/templates/secret.yaml
View File

@ -6,6 +6,7 @@ metadata:
namespace: {{ include "grafana.namespace" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
app.kubernetes.io/component: admin-secret
{{- with .Values.annotations }}
annotations:
{{- toYaml . | nindent 4 }}

5
charts/rancher-monitoring/charts/grafana/templates/service.yaml → charts/kube-prometheus-stack/charts/grafana/templates/service.yaml
View File

@ -51,11 +51,14 @@ spec:
{{- with .Values.service.sessionAffinity }}
sessionAffinity: {{ . }}
{{- end }}
{{- with .Values.service.trafficDistribution }}
trafficDistribution: {{ . }}
{{- end }}
ports:
- name: {{ .Values.service.portName }}
port: {{ .Values.service.port }}
protocol: TCP
targetPort: {{ .Values.service.targetPort }}
targetPort: {{ .Values.podPortName }}
{{- with .Values.service.appProtocol }}
appProtocol: {{ . }}
{{- end }}

0
charts/rancher-monitoring/charts/grafana/templates/serviceaccount.yaml → charts/kube-prometheus-stack/charts/grafana/templates/serviceaccount.yaml
View File

17
charts/rancher-monitoring/charts/grafana/templates/servicemonitor.yaml → charts/kube-prometheus-stack/charts/grafana/templates/servicemonitor.yaml
View File

@ -10,6 +10,7 @@ metadata:
namespace: {{ include "grafana.namespace" . }}
{{- end }}
labels:
release: {{ $.Release.Name | quote }}
{{- include "grafana.labels" . | nindent 4 }}
{{- with .Values.serviceMonitor.labels }}
{{- tpl (toYaml . | nindent 4) $ }}
@ -30,26 +31,10 @@ spec:
tlsConfig:
{{- toYaml . | nindent 6 }}
{{- end }}
metricRelabelings:
{{- if .Values.serviceMonitor.metricRelabelings }}
{{- toYaml .Values.serviceMonitor.metricRelabelings | nindent 6 }}
{{- end }}
{{ if .Values.global.cattle.clusterId }}
- sourceLabels: [__address__]
targetLabel: cluster_id
replacement: {{ .Values.global.cattle.clusterId }}
{{- end }}
{{ if .Values.global.cattle.clusterName }}
- sourceLabels: [__address__]
targetLabel: cluster_name
replacement: {{ .Values.global.cattle.clusterName }}
{{- end }}
{{- if .Values.serviceMonitor.relabelings }}
{{- with .Values.serviceMonitor.relabelings }}
relabelings:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- with .Values.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 6 }}

16
charts/rancher-monitoring/charts/grafana/templates/statefulset.yaml → charts/kube-prometheus-stack/charts/grafana/templates/statefulset.yaml
View File

@ -43,14 +43,22 @@ spec:
kind: PersistentVolumeClaim
metadata:
name: storage
{{- with .Values.persistence.annotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" .Values.persistence.accessModes }}
{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" (first .Values.persistence.accessModes) }}
accessModes: {{ .Values.persistence.accessModes }}
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
storageClassName: {{ .Values.persistence.storageClassName }}
{{- with .Values.persistence.volumeName }}
volumeName: {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ required "Must provide size for persistent volumes used by Grafana" .Values.persistence.size }}
storage: {{ .Values.persistence.size }}
{{- with .Values.persistence.selectorLabels }}
selector:
matchLabels:

56
charts/kube-prometheus-stack/charts/grafana/templates/vpa.yaml Normal file
View File

@ -0,0 +1,56 @@
{{- if and .Values.verticalPodAutoscaler.enabled (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1/VerticalPodAutoscaler") }}
{{- $vpa := .Values.verticalPodAutoscaler }}
{{- $resources := $vpa.controlledResources | default dict }}
{{- $target := $vpa.target | default dict }}
{{- $container := $vpa.container | default dict }}
{{- /* Match deployment.yaml condition */ -}}
{{- $isDeployment := and (not .Values.useStatefulSet) (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc")) -}}
{{- /* Derived defaults */ -}}
{{- $defaultApiVersion := "apps/v1" -}}
{{- $defaultKind := ternary "Deployment" "StatefulSet" $isDeployment -}}
{{- $defaultName := include "grafana.fullname" . -}}
{{- /* Optional override (ONLY if you document it in values.yaml/schema) */ -}}
{{- $t := $vpa.targetRef | default dict -}}
{{- $apiVersion := default $defaultApiVersion $t.apiVersion -}}
{{- $kind := default $defaultKind $t.kind -}}
{{- $name := default $defaultName $t.name -}}
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: {{ include "grafana.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
spec:
targetRef:
apiVersion: {{ $apiVersion | quote }}
kind: {{ $kind | quote }}
name: {{ $name | quote }}
updatePolicy:
updateMode: {{ default "Off" $vpa.updateMode | quote }}
resourcePolicy:
containerPolicies:
- containerName: "grafana"
{{- if or (get $resources "cpu") (get $resources "memory") }}
controlledResources:
{{- if (get $resources "cpu") }}
- "cpu"
{{- end }}
{{- if (get $resources "memory") }}
- "memory"
{{- end }}
{{- end }}
{{- with $vpa.minAllowed }}
minAllowed:
{{ toYaml . | nindent 10 }}
{{- end }}
{{- with $vpa.maxAllowed }}
maxAllowed:
{{ toYaml . | nindent 10 }}
{{- end }}
{{- end }}

461
charts/rancher-monitoring/charts/grafana/values.yaml → charts/kube-prometheus-stack/charts/grafana/values.yaml
View File

@ -1,8 +1,6 @@
global:
cattle:
psp:
enabled: false
systemDefaultRegistry: ""
# -- Overrides the Docker registry globally for all images
imageRegistry: null
# To help compatibility with other charts which use global.imagePullSecrets.
# Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style).
@ -36,8 +34,8 @@ rbac:
# verbs: []
serviceAccount:
create: true
name:
nameTest:
name: ""
nameTest: ""
## ServiceAccount labels.
labels: {}
## Service account annotations. Can be templated.
@ -46,7 +44,7 @@ serviceAccount:
## autoMount is deprecated in favor of automountServiceAccountToken
# autoMount: false
automountServiceAccountToken: true
automountServiceAccountToken: false
replicas: 1
@ -72,6 +70,7 @@ podDisruptionBudget: {}
# apiVersion: ""
# minAvailable: 1
# maxUnavailable: 1
# unhealthyPodEvictionPolicy: IfHealthyBudget
## See `kubectl explain deployment.spec.strategy` for more
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
@ -81,12 +80,12 @@ deploymentStrategy:
readinessProbe:
httpGet:
path: /api/health
port: 3000
port: grafana
livenessProbe:
httpGet:
path: /api/health
port: 3000
port: grafana
initialDelaySeconds: 60
timeoutSeconds: 30
failureThreshold: 10
@ -97,9 +96,12 @@ livenessProbe:
# schedulerName: "default-scheduler"
image:
repository: rancher/mirrored-grafana-grafana
# -- The Docker registry
registry: docker.io
# -- Docker image repository
repository: grafana/grafana
# Overrides the Grafana image tag whose default is the chart appVersion
tag: 11.5.5
tag: ""
sha: ""
pullPolicy: IfNotPresent
@ -112,11 +114,18 @@ image:
# - myRegistrKeySecretName
testFramework:
enabled: false
enabled: true
## The type of Helm hook used to run this test. Defaults to test.
## ref: https://helm.sh/docs/topics/charts_hooks/#the-available-hooks
##
# hookType: test
image:
# -- The Docker registry
registry: docker.io
repository: bats/bats
tag: "1.13.0"
imagePullPolicy: IfNotPresent
securityContext:
runAsNonRoot: true
runAsUser: 1000
securityContext: {}
containerSecurityContext: {}
resources: {}
# limits:
@ -136,6 +145,7 @@ dnsConfig: {}
# value: "2"
# - name: edns0
hostUsers: ~
securityContext:
runAsNonRoot: true
runAsUser: 472
@ -144,6 +154,7 @@ securityContext:
containerSecurityContext:
allowPrivilegeEscalation: false
privileged: false
capabilities:
drop:
- ALL
@ -176,8 +187,10 @@ extraLabels: {}
# priorityClassName:
downloadDashboardsImage:
repository: rancher/mirrored-curlimages-curl
tag: 8.9.1
# -- The Docker registry
registry: docker.io
repository: curlimages/curl
tag: 8.19.0
sha: ""
pullPolicy: IfNotPresent
@ -237,6 +250,9 @@ service:
# Adds the appProtocol field to the service. This allows to work with istio protocol selection. Ex: "http" or "tcp"
appProtocol: ""
sessionAffinity: ""
# trafficDistribution allows specifying how traffic is distributed to Service endpoints.
# Valid values: "" (default - standard load balancing),"PreferSameZone" (K8s 1.34+), "PreferSameNode" (K8s 1.35+), "PreferClose" (deprecated, use PreferSameZone),
trafficDistribution: ""
serviceMonitor:
## If true, a ServiceMonitor CR is created for a prometheus operator
@ -256,9 +272,9 @@ serviceMonitor:
targetLabels: []
extraExposePorts: []
# - name: keycloak
# port: 8080
# targetPort: 8080
# - name: keycloak
# port: 8080
# targetPort: 8080
# overrides pod.spec.hostAliases in the grafana deployment's pods
hostAliases: []
@ -268,8 +284,6 @@ hostAliases: []
ingress:
enabled: false
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
# ingressClassName: nginx
# Values can be templated
annotations: {}
@ -277,8 +291,6 @@ ingress:
# kubernetes.io/tls-acme: "true"
labels: {}
path: /
# pathType is only for k8s >= 1.1=
pathType: Prefix
hosts:
@ -286,11 +298,6 @@ ingress:
## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
extraPaths: []
# - path: /*
# backend:
# serviceName: ssl-redirect
# servicePort: use-annotation
## Or for k8s > 1.19
# - path: /*
# pathType: Prefix
# backend:
# service:
@ -334,12 +341,33 @@ route:
type: PathPrefix
value: /
## Timeouts define the timeouts that can be configured for an HTTP request.
## Ref. https://gateway-api.sigs.k8s.io/api-types/httproute/#timeouts-optional
timeouts: {}
# request: 10s
# backendRequest: 5s
## SessionPersistence defines and configures session persistence for the route rule.
## Ref. https://gateway-api.sigs.k8s.io/geps/gep-1619/
sessionPersistence: {}
# sessionName: grafana-session
# type: Cookie
# absoluteTimeout: 48h
# cookieConfig:
# lifetimeType: Permanent
## Filters define the filters that are applied to requests that match this rule.
filters: []
## Additional custom rules that can be added to the route
additionalRules: []
## httpsRedirect adds a filter for redirecting to https (HTTP 301 Moved Permanently).
## To redirect HTTP traffic to HTTPS, you need to have a Gateway with both HTTP and HTTPS listeners.
## Matches and filters do not take effect if enabled.
## Ref. https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/
httpsRedirect: false
resources: {}
# limits:
# cpu: 100m
@ -400,12 +428,14 @@ extraContainerVolumes: []
# emptyDir: {}
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
##
persistence:
type: pvc
enabled: false
# storageClassName: default
## (Optional) Use this to bind the claim to an existing PersistentVolume (PV) by name.
volumeName: ""
accessModes:
- ReadWriteOnce
size: 10Gi
@ -445,8 +475,10 @@ initChownData:
## initChownData container image
##
image:
repository: rancher/mirrored-library-busybox
tag: "1.31.1"
# -- The Docker registry
registry: docker.io
repository: library/busybox
tag: "1.37.0"
sha: ""
pullPolicy: IfNotPresent
@ -461,6 +493,7 @@ initChownData:
# cpu: 100m
# memory: 128Mi
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
runAsUser: 0
seccompProfile:
@ -468,6 +501,8 @@ initChownData:
capabilities:
add:
- CHOWN
drop:
- ALL
# Administrator credentials when not using an existing secret (see below)
adminUser: admin
@ -551,7 +586,7 @@ envFromSecrets: []
## prefix: prefix
## optional: true
## The names of conifgmaps in the same kubernetes namespace which contain values to be added to the environment
## The names of configmaps in the same kubernetes namespace which contain values to be added to the environment
## Each entry should contain a name key, and can optionally specify whether the configmap must be defined with an optional key.
## Name is templated.
## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#configmapenvsource-v1-core
@ -588,7 +623,7 @@ extraSecretMounts: []
#
# for CSI e.g. Azure Key Vault use the following
# - name: secrets-store-inline
# mountPath: /run/secrets
# mountPath: /run/secrets/vault.azure.com
# readOnly: true
# csi:
# driver: secrets-store.csi.k8s.io
@ -637,8 +672,8 @@ plugins: []
# - digrich-bubblechart-panel
# - grafana-clock-panel
## You can also use other plugin download URL, as long as they are valid zip files,
## and specify the name of the plugin after the semicolon. Like this:
# - https://grafana.com/api/plugins/marcusolsson-json-datasource/versions/1.3.2/download;marcusolsson-json-datasource
## and specify the name of the plugin as prefix, with an version. Like this:
# - marcusolsson-json-datasource@1.3.24@https://grafana.com/api/plugins/marcusolsson-json-datasource/versions/1.3.24/download
## Configure grafana datasources
## ref: http://docs.grafana.org/administration/provisioning/#datasources
@ -792,11 +827,25 @@ dashboardProviders: {}
# options:
# path: /var/lib/grafana/dashboards/default
## Configure how curl fetches remote dashboards. The beginning dash is required.
## NOTE: This sets the default short flags for all dashboards, but these
## defaults can be overridden individually for each dashboard by setting
## curlOptions. See the example dashboards section below.
##
## -s - silent mode
## -k - allow insecure (eg: non-TLS) connections
## -f - fail fast
## See the curl documentation for additional options
##
defaultCurlOptions: "-skf"
## Configure grafana dashboard to import
## NOTE: To use dashboards you must also enable/configure dashboardProviders
## ref: https://grafana.com/dashboards
##
## dashboards per provider, use provider name as key.
## For dashboards downloaded via gnetId or url, the optional "title" key overrides
## the dashboard title in the downloaded JSON so the UI displays your custom title.
##
dashboards: {}
# default:
@ -806,11 +855,13 @@ dashboards: {}
# custom-dashboard:
# file: dashboards/custom-dashboard.json
# prometheus-stats:
# title: My Custom Dashboard Title # optional; overrides the dashboard title in the downloaded JSON
# gnetId: 2
# revision: 2
# datasource: Prometheus
# local-dashboard:
# url: https://example.com/repository/test.json
# curlOptions: "-sLf"
# token: ''
# local-dashboard-base64:
# url: https://example.com/repository/test-b64.json
@ -852,32 +903,36 @@ grafana.ini:
check_for_updates: true
log:
mode: console
grafana_net:
url: https://grafana.net
server:
domain: "{{ if (and .Values.ingress.enabled .Values.ingress.hosts) }}{{ tpl (.Values.ingress.hosts | first) . }}{{ else }}''{{ end }}"
domain: "{{ if (and .Values.ingress.enabled .Values.ingress.hosts) }}{{ tpl (.Values.ingress.hosts | first) . }}{{ else if (and .Values.route.main.enabled .Values.route.main.hostnames) }}{{ tpl (.Values.route.main.hostnames | first) . }}{{ else }}''{{ end }}"
unified_storage:
index_path: /var/lib/grafana-search/bleve
## grafana Authentication can be enabled with the following values on grafana.ini
# server:
# The full public facing url you use in browser, used for redirects and emails
# root_url:
# https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana
# auth.github:
# enabled: false
# allow_sign_up: false
# scopes: user:email,read:org
# auth_url: https://github.com/login/oauth/authorize
# token_url: https://github.com/login/oauth/access_token
# api_url: https://api.github.com/user
# team_ids:
# allowed_organizations:
# client_id:
# client_secret:
# server:
# The full public facing url you use in browser, used for redirects and emails
# root_url:
# https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana
# auth.github:
# enabled: false
# allow_sign_up: false
# scopes: user:email,read:org
# auth_url: https://github.com/login/oauth/authorize
# token_url: https://github.com/login/oauth/access_token
# api_url: https://api.github.com/user
# team_ids:
# allowed_organizations:
# client_id:
# client_secret:
## LDAP Authentication can be enabled with the following values on grafana.ini
## NOTE: Grafana will fail to start if the value for ldap.toml is invalid
# auth.ldap:
# enabled: true
# allow_sign_up: true
# config_file: /etc/grafana/ldap.toml
## Grafana's alerting configuration
# unified_alerting:
# enabled: true
# rule_version_record_limit: "5"
## Grafana's LDAP configuration
## Templated by the template in _helpers.tpl
@ -921,8 +976,10 @@ smtp:
## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards
sidecar:
image:
repository: rancher/mirrored-kiwigrid-k8s-sidecar
tag: 1.30.0
# -- The Docker registry
registry: quay.io
repository: kiwigrid/k8s-sidecar
tag: 2.6.0
sha: ""
imagePullPolicy: IfNotPresent
resources: {}
@ -950,11 +1007,24 @@ sidecar:
enabled: false
# Additional environment variables for the alerts sidecar
env: {}
## "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
## Renders in container spec as:
## env:
## ...
## - name: <key>
## valueFrom:
## <value rendered as YAML>
envValueFrom: {}
# ENV_NAME:
# configMapKeyRef:
# name: configmap-name
# key: value_key
# Do not reprocess already processed unchanged resources on k8s API reconnect.
# ignoreAlreadyProcessed: true
# label that the configmaps with alert are marked with
# label that the configmaps with alert are marked with (can be templated)
label: grafana_alert
# value of label that the configmaps with alert are set to
# value of label that the configmaps with alert are set to (can be templated)
labelValue: ""
# Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL.
# logLevel: INFO
@ -966,6 +1036,13 @@ sidecar:
watchMethod: WATCH
# search in configmap, secret or both
resource: both
#
# resourceName: comma separated list of resource names to be fetched/checked by this sidecar.
# per default all resources of the type defined in {{ .Values.sidecar.alerts.resource }} will be checked.
# This e.g. allows stricter RBAC rules which are limited to the resources meant for the sidecars.
# resourceName: "secret/alerts-1,configmap/alerts-0"
resourceName: ""
#
# watchServerTimeout: request to the server, asking it to cleanly close the connection after that.
# defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S
# watchServerTimeout: 3600
@ -995,16 +1072,28 @@ sidecar:
#
# Endpoint to send request to reload alerts
reloadURL: "http://localhost:3000/api/admin/provisioning/alerting/reload"
# Absolute path to shell script to execute after a alert got reloaded
# Absolute path to a script to execute after a configmap got reloaded.
# It runs before calls to REQ_URI. If the file is not executable it will be passed to sh.
# Otherwise, it's executed as is. Shebangs known to work are #!/bin/sh and #!/usr/bin/env python
script: null
skipReload: true
skipReload: false
# This is needed if skipReload is true, to load any alerts defined at startup time.
# Deploy the alert sidecar as an initContainer.
initAlerts: false
# Use native sidecar https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/
# restartPolicy: Always
# # only applies to native sidecars
# startupProbe:
# httpGet:
# path: /healthz
# port: 8080
# initialDelaySeconds: 5
# periodSeconds: 5
# failureThreshold: 60 # 5 minutes
# Additional alerts sidecar volume mounts
extraMounts: []
# Sets the size limit of the alert sidecar emptyDir volume
sizeLimit: {}
sizeLimit: ""
dashboards:
enabled: false
# Additional environment variables for the dashboards sidecar
@ -1025,9 +1114,9 @@ sidecar:
# Do not reprocess already processed unchanged resources on k8s API reconnect.
# ignoreAlreadyProcessed: true
SCProvider: true
# label that the configmaps with dashboards are marked with
# label that the configmaps with dashboards are marked with (can be templated)
label: grafana_dashboard
# value of label that the configmaps with dashboards are set to
# value of label that the configmaps with dashboards are set to (can be templated)
labelValue: ""
# Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL.
# logLevel: INFO
@ -1047,6 +1136,12 @@ sidecar:
# You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure.
folderAnnotation: null
#
# resourceName: comma separated list of resource names to be fetched/checked by this sidecar.
# per default all resources of the type defined in {{ .Values.sidecar.dashboards.resource }} will be checked.
# This e.g. allows stricter RBAC rules which are limited to the resources meant for the sidecars.
# resourceName: "secret/dashboards-0,configmap/dashboards-1"
resourceName: ""
#
# maxTotalRetries: Total number of retries to allow for any http request.
# Takes precedence over other counts. Applies to all requests to reloadURL and k8s api requests.
# Set to 0 to fail on the first retry.
@ -1066,9 +1161,24 @@ sidecar:
#
# Endpoint to send request to reload alerts
reloadURL: "http://localhost:3000/api/admin/provisioning/dashboards/reload"
# Absolute path to shell script to execute after a configmap got reloaded
# Absolute path to a script to execute after a configmap got reloaded.
# It runs before calls to REQ_URI. If the file is not executable it will be passed to sh.
# Otherwise, it's executed as is. Shebangs known to work are #!/bin/sh and #!/usr/bin/env python
script: null
skipReload: false
# This is needed if skipReload is true, to load any dashboards defined at startup time.
# Deploy the dashboard sidecar as an initContainer.
initDashboards: false
# Use native sidecar https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/
# restartPolicy: Always
# # only applies to native sidecars
# startupProbe:
# httpGet:
# path: /healthz
# port: 8083
# initialDelaySeconds: 5
# periodSeconds: 5
# failureThreshold: 60 # 5 minutes
# watchServerTimeout: request to the server, asking it to cleanly close the connection after that.
# defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S
# watchServerTimeout: 3600
@ -1100,7 +1210,7 @@ sidecar:
# Additional dashboards sidecar volume mounts
extraMounts: []
# Sets the size limit of the dashboard sidecar emptyDir volume
sizeLimit: {}
sizeLimit: ""
datasources:
enabled: false
# Additional environment variables for the datasourcessidecar
@ -1120,9 +1230,9 @@ sidecar:
# key: value_key
# Do not reprocess already processed unchanged resources on k8s API reconnect.
# ignoreAlreadyProcessed: true
# label that the configmaps with datasources are marked with
# label that the configmaps with datasources are marked with (can be templated)
label: grafana_datasource
# value of label that the configmaps with datasources are set to
# value of label that the configmaps with datasources are set to (can be templated)
labelValue: ""
# Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL.
# logLevel: INFO
@ -1134,6 +1244,13 @@ sidecar:
watchMethod: WATCH
# search in configmap, secret or both
resource: both
#
# resourceName: comma separated list of resource names to be fetched/checked by this sidecar.
# per default all resources of the type defined in {{ .Values.sidecar.datasources.resource }} will be checked.
# This e.g. allows stricter RBAC rules which are limited to the resources meant for the sidecars.
# resourceName: "secret/datasources-0,configmap/datasources-15"
resourceName: ""
#
# watchServerTimeout: request to the server, asking it to cleanly close the connection after that.
# defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S
# watchServerTimeout: 3600
@ -1163,25 +1280,37 @@ sidecar:
#
# Endpoint to send request to reload datasources
reloadURL: "http://localhost:3000/api/admin/provisioning/datasources/reload"
# Absolute path to shell script to execute after a datasource got reloaded
# Absolute path to a script to execute after a configmap got reloaded.
# It runs before calls to REQ_URI. If the file is not executable it will be passed to sh.
# Otherwise, it's executed as is. Shebangs known to work are #!/bin/sh and #!/usr/bin/env python
script: null
skipReload: false
# This is needed if skipReload is true, to load any datasources defined at startup time.
# Deploy the datasources sidecar as an initContainer.
initDatasources: true
initDatasources: false
# Use native sidecar https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/
# restartPolicy: Always
# # only applies to native sidecars
# startupProbe:
# httpGet:
# path: /healthz
# port: 8081
# initialDelaySeconds: 5
# periodSeconds: 5
# failureThreshold: 60 # 5 minutes
# Additional datasources sidecar volume mounts
extraMounts: []
# Sets the size limit of the datasource sidecar emptyDir volume
sizeLimit: {}
sizeLimit: ""
plugins:
enabled: false
# Additional environment variables for the plugins sidecar
env: {}
# Do not reprocess already processed unchanged resources on k8s API reconnect.
# ignoreAlreadyProcessed: true
# label that the configmaps with plugins are marked with
# label that the configmaps with plugins are marked with (can be templated)
label: grafana_plugin
# value of label that the configmaps with plugins are set to
# value of label that the configmaps with plugins are set to (can be templated)
labelValue: ""
# Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL.
# logLevel: INFO
@ -1193,6 +1322,13 @@ sidecar:
watchMethod: WATCH
# search in configmap, secret or both
resource: both
#
# resourceName: comma separated list of resource names to be fetched/checked by this sidecar.
# per default all resources of the type defined in {{ .Values.sidecar.plugins.resource }} will be checked.
# This e.g. allows stricter RBAC rules which are limited to the resources meant for the sidecars.
# resourceName: "secret/plugins-0,configmap/plugins-1"
resourceName: ""
#
# watchServerTimeout: request to the server, asking it to cleanly close the connection after that.
# defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S
# watchServerTimeout: 3600
@ -1222,7 +1358,9 @@ sidecar:
#
# Endpoint to send request to reload plugins
reloadURL: "http://localhost:3000/api/admin/provisioning/plugins/reload"
# Absolute path to shell script to execute after a plugin got reloaded
# Absolute path to a script to execute after a configmap got reloaded.
# It runs before calls to REQ_URI. If the file is not executable it will be passed to sh.
# Otherwise, it's executed as is. Shebangs known to work are #!/bin/sh and #!/usr/bin/env python
script: null
skipReload: false
# Deploy the datasource sidecar as an initContainer in addition to a container.
@ -1231,16 +1369,16 @@ sidecar:
# Additional plugins sidecar volume mounts
extraMounts: []
# Sets the size limit of the plugin sidecar emptyDir volume
sizeLimit: {}
sizeLimit: ""
notifiers:
enabled: false
# Additional environment variables for the notifierssidecar
env: {}
# Do not reprocess already processed unchanged resources on k8s API reconnect.
# ignoreAlreadyProcessed: true
# label that the configmaps with notifiers are marked with
# label that the configmaps with notifiers are marked with (can be templated)
label: grafana_notifier
# value of label that the configmaps with notifiers are set to
# value of label that the configmaps with notifiers are set to (can be templated)
labelValue: ""
# Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL.
# logLevel: INFO
@ -1252,6 +1390,13 @@ sidecar:
watchMethod: WATCH
# search in configmap, secret or both
resource: both
#
# resourceName: comma separated list of resource names to be fetched/checked by this sidecar.
# per default all resources of the type defined in {{ .Values.sidecar.notifiers.resource }} will be checked.
# This e.g. allows stricter RBAC rules which are limited to the resources meant for the sidecars.
# resourceName: "secret/notifiers-2,configmap/notifiers-1"
resourceName: ""
#
# watchServerTimeout: request to the server, asking it to cleanly close the connection after that.
# defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S
# watchServerTimeout: 3600
@ -1281,16 +1426,28 @@ sidecar:
#
# Endpoint to send request to reload notifiers
reloadURL: "http://localhost:3000/api/admin/provisioning/notifications/reload"
# Absolute path to shell script to execute after a notifier got reloaded
# Absolute path to a script to execute after a configmap got reloaded.
# It runs before calls to REQ_URI. If the file is not executable it will be passed to sh.
# Otherwise, it's executed as is. Shebangs known to work are #!/bin/sh and #!/usr/bin/env python
script: null
skipReload: false
# Deploy the notifier sidecar as an initContainer in addition to a container.
# This is needed if skipReload is true, to load any notifiers defined at startup time.
initNotifiers: false
# Use native sidecar https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/
# restartPolicy: Always
# # only applies to native sidecars
# startupProbe:
# httpGet:
# path: /healthz
# port: 8082
# initialDelaySeconds: 5
# periodSeconds: 5
# failureThreshold: 60 # 5 minutes
# Additional notifiers sidecar volume mounts
extraMounts: []
# Sets the size limit of the notifier sidecar emptyDir volume
sizeLimit: {}
sizeLimit: ""
## Override the deployment namespace
##
@ -1300,7 +1457,7 @@ namespaceOverride: ""
##
revisionHistoryLimit: 10
## Add a seperate remote image renderer deployment/service
## Add a separate remote image renderer deployment/service
imageRenderer:
deploymentStrategy: {}
# Enable the image-renderer deployment & service
@ -1318,12 +1475,16 @@ imageRenderer:
# The callback url of grafana instances if it is not in the same namespace with the remote image renderer
renderingCallbackURL: ""
image:
# -- The Docker registry
registry: docker.io
# image-renderer Image repository
repository: rancher/mirrored-grafana-grafana-image-renderer
repository: grafana/grafana-image-renderer
# image-renderer Image tag
tag: 3.10.5
tag: latest
# image-renderer Image sha (optional)
sha: ""
# image-renderer Image pull secrets (optional)
pullSecrets: []
# image-renderer ImagePullPolicy
pullPolicy: Always
# extra environment variables
@ -1353,6 +1514,8 @@ imageRenderer:
# image-renderer deployment serviceAccount
serviceAccountName: ""
automountServiceAccountToken: false
# image-renderer deployment hostUsers
hostUsers: ~
# image-renderer deployment securityContext
securityContext: {}
# image-renderer deployment container securityContext
@ -1369,6 +1532,8 @@ imageRenderer:
hostAliases: []
# image-renderer deployment priority class
priorityClassName: ''
# Path to the healthcheck endpoint. On Image Renderer v5.0.0 or newer, this is '/healthz'. Older versions use '/'.
healthcheckPath: '/healthz'
service:
# Enable the image-renderer service
enabled: true
@ -1451,69 +1616,73 @@ imageRenderer:
extraVolumes: []
networkPolicy:
## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
##
# -- networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
enabled: false
## @param networkPolicy.allowExternal Don't require client label for connections
## The Policy model to apply. When set to false, only pods with the correct
## client label will have network access to grafana port defined.
## When true, grafana will accept connections from any source
## (with the correct destination port).
##
# --networkPolicy.allowExternal Don't require client label for connections
# The Policy model to apply. When set to false, only pods with the correct
# client label will have network access to grafana port defined.
# When true, grafana will accept connections from any source
# (with the correct destination port).
#
ingress: true
## @param networkPolicy.ingress When true enables the creation
## an ingress network policy
##
# -- networkPolicy.ingress When true enables the creation
# an ingress network policy
allowExternal: true
## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed
## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace
## and that match other criteria, the ones that have the good label, can reach the grafana.
## But sometimes, we want the grafana to be accessible to clients from other namespaces, in this case, we can use this
## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added.
##
## Example:
## explicitNamespacesSelector:
## matchLabels:
## role: frontend
## matchExpressions:
## - {key: role, operator: In, values: [frontend]}
##
# -- networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed
# If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace
# and that match other criteria, the ones that have the good label, can reach the grafana.
# But sometimes, we want the grafana to be accessible to clients from other namespaces, in this case, we can use this
# LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added.
# </br>
#
# Example:
#
# ```
# explicitNamespacesSelector:
# matchLabels:
# role: frontend
# matchExpressions:
# - {key: role, operator: In, values: [frontend]}
# ```
explicitNamespacesSelector: {}
##
##
##
##
##
##
# -- networkPolicy.explicitIpBlocks List of CIDR blocks allowed as ingress sources.
# Each entry must be a valid CIDR notation string (e.g. 10.0.0.0/8).
# When defined, the specified CIDR ranges are added to the ingress `from` rules
# using `ipBlock` entries and complement the other configured ingress sources.
# </br>
#
# Example:
#
# ```
# explicitIpBlocks:
# - 35.191.0.0/16
# - 130.211.0.0/22
# ```
#
explicitIpBlocks: []
egress:
## @param networkPolicy.egress.enabled When enabled, an egress network policy will be
## created allowing grafana to connect to external data sources from kubernetes cluster.
# -- networkPolicy.egress.enabled When enabled, an egress network policy will be
# created allowing grafana to connect to external data sources from kubernetes cluster.
enabled: false
##
## @param networkPolicy.egress.blockDNSResolution When enabled, DNS resolution will be blocked
## for all pods in the grafana namespace.
# -- networkPolicy.egress.blockDNSResolution When enabled, DNS resolution will be blocked
# for all pods in the grafana namespace.
blockDNSResolution: false
##
## @param networkPolicy.egress.ports Add individual ports to be allowed by the egress
# -- networkPolicy.egress.ports Add individual ports to be allowed by the egress
ports: []
## Add ports to the egress by specifying - port: <port number>
## E.X.
## - port: 80
## - port: 443
##
## @param networkPolicy.egress.to Allow egress traffic to specific destinations
# Add ports to the egress by specifying - port: <port number>
# E.X.
# - port: 80
# - port: 443
#
# -- networkPolicy.egress.to Allow egress traffic to specific destinations
to: []
## Add destinations to the egress by specifying - ipBlock: <CIDR>
## E.X.
## to:
## - namespaceSelector:
## matchExpressions:
## - {key: role, operator: In, values: [grafana]}
##
##
##
##
##
# -- destinations to the egress by specifying - ipBlock: <CIDR>
# E.X.
# to:
# - namespaceSelector:
# matchExpressions:
# - {key: role, operator: In, values: [grafana]}
# Enable backward compatibility of kubernetes where version below 1.13 doesn't have the enableServiceLinks option
enableKubeBackwardCompatibility: false
@ -1554,3 +1723,25 @@ extraObjects: []
# Alternatively, if you wish to allow secret values to be exposed in the rendered grafana.ini configmap,
# you can disable this check by setting assertNoLeakedSecrets to false.
assertNoLeakedSecrets: true
# updateMode options are:
# Off: n the Off update mode, the VPA recommender still analyzes resource usage and generates recommendations, but these recommendations are not automatically applied to Pods. The recommendations are only stored in the VPA object's .status field.
# Initial: In Initial mode, VPA only sets resource requests when Pods are first created. It does not update resources for already running Pods, even if recommendations change over time. The recommendations apply only during Pod creation.
# Recreate: In Recreate mode, VPA actively manages Pod resources by evicting Pods when their current resource requests differ significantly from recommendations. When a Pod is evicted, the workload controller (managing a Deployment, StatefulSet, etc) creates a replacement Pod, and the VPA admission controller applies the updated resource requests to the new Pod.
# InPlaceOrRecreate: In Recreate mode, VPA actively manages Pod resources by evicting Pods when their current resource requests differ significantly from recommendations. When a Pod is evicted, the workload controller (managing a Deployment, StatefulSet, etc) creates a replacement Pod, and the VPA admission controller applies the updated resource requests to the new Pod.
# Auto (deprecated): The Auto update mode is deprecated since VPA version 1.4.0. Use Recreate for eviction-based updates, or InPlaceOrRecreate for in-place updates with eviction fallback.
verticalPodAutoscaler:
enabled: false
updateMode: "Off"
controlledResources:
cpu: true
memory: true
# Default safety bounds
minAllowed:
cpu: "25m"
memory: "128Mi"
maxAllowed:
cpu: "1000m"
memory: "1Gi"

0
charts/rancher-monitoring/charts/kube-state-metrics/.helmignore → charts/kube-prometheus-stack/charts/kube-state-metrics/.helmignore
View File

4
charts/rancher-monitoring/charts/kube-state-metrics/Chart.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
- name: Chart Source
url: https://github.com/prometheus-community/helm-charts
apiVersion: v2
appVersion: 2.15.0
appVersion: 2.18.0
description: Install kube-state-metrics to generate and expose cluster-level metrics
home: https://github.com/kubernetes/kube-state-metrics/
keywords:
@ -26,4 +26,4 @@ name: kube-state-metrics
sources:
- https://github.com/kubernetes/kube-state-metrics/
type: application
version: 5.30.1
version: 7.2.2

40
charts/rancher-monitoring/charts/kube-state-metrics/README.md → charts/kube-prometheus-stack/charts/kube-state-metrics/README.md
View File

@ -2,27 +2,26 @@
Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics).
## Get Repository Info
<!-- textlint-disable -->
```console
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
```
## Usage
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
<!-- textlint-enable -->
The chart is distributed as an [OCI Artifact](https://helm.sh/docs/topics/registries/) as well as via a traditional [Helm Repository](https://helm.sh/docs/topics/chart_repository/).
## Install Chart
- OCI Artifact: `oci://ghcr.io/prometheus-community/charts/kube-state-metrics`
- Helm Repository: `https://prometheus-community.github.io/helm-charts` with chart `kube-state-metrics`
The installation instructions use the OCI registry. Refer to the [`helm repo`]([`helm repo`](https://helm.sh/docs/helm/helm_repo/)) command documentation for information on installing charts via the traditional repository.
### Install Chart
```console
helm install [RELEASE_NAME] prometheus-community/kube-state-metrics [flags]
helm install [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/kube-state-metrics [flags]
```
_See [configuration](#configuration) below._
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
## Uninstall Chart
### Uninstall Chart
```console
helm uninstall [RELEASE_NAME]
@ -32,37 +31,40 @@ This removes all the Kubernetes components associated with the chart and deletes
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
## Upgrading Chart
### Upgrading Chart
```console
helm upgrade [RELEASE_NAME] prometheus-community/kube-state-metrics [flags]
helm upgrade [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/kube-state-metrics [flags]
```
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### Migrating from stable/kube-state-metrics and kubernetes/kube-state-metrics
#### Migrating from stable/kube-state-metrics and kubernetes/kube-state-metrics
You can upgrade in-place:
1. [get repository info](#get-repository-info)
1. [upgrade](#upgrading-chart) your existing release name using the new chart repository
## Upgrading to v6.0.0
This version drops support for deprecated Pod Security Policy resources.
## Upgrading to v3.0.0
v3.0.0 includes kube-state-metrics v2.0, see the [changelog](https://github.com/kubernetes/kube-state-metrics/blob/release-2.0/CHANGELOG.md) for major changes on the application-side.
The upgraded chart now the following changes:
* Dropped support for helm v2 (helm v3 or later is required)
* collectors key was renamed to resources
* namespace key was renamed to namespaces
- Dropped support for helm v2 (helm v3 or later is required)
- collectors key was renamed to resources
- namespace key was renamed to namespaces
## Configuration
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
```console
helm show values prometheus-community/kube-state-metrics
helm show values oci://ghcr.io/prometheus-community/charts/kube-state-metrics
```
### kube-rbac-proxy

0
charts/rancher-monitoring/charts/kube-state-metrics/templates/NOTES.txt → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/NOTES.txt
View File

68
charts/rancher-monitoring/charts/kube-state-metrics/templates/_helpers.tpl → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/_helpers.tpl
View File

@ -1,32 +1,3 @@
# Rancher
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- end -}}
{{- end -}}
# Windows Support
{{/*
Windows cluster will add default taint for linux nodes,
add below linux tolerations to workloads could be scheduled to those linux nodes
*/}}
{{- define "linux-node-tolerations" -}}
- key: "cattle.io/os"
value: "linux"
effect: "NoSchedule"
operator: "Equal"
{{- end -}}
{{- define "linux-node-selector" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
beta.kubernetes.io/os: linux
{{- else -}}
kubernetes.io/os: linux
{{- end -}}
{{- end -}}
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
@ -133,6 +104,25 @@ labelValueLengthLimit: {{ . }}
{{- end }}
{{- end -}}
{{/* Sets default scrape limits for scrapeconfig */}}
{{- define "scrapeconfig.scrapeLimits" -}}
{{- with .sampleLimit }}
sampleLimit: {{ . }}
{{- end }}
{{- with .targetLimit }}
targetLimit: {{ . }}
{{- end }}
{{- with .labelLimit }}
labelLimit: {{ . }}
{{- end }}
{{- with .labelNameLengthLimit }}
labelNameLengthLimit: {{ . }}
{{- end }}
{{- with .labelValueLengthLimit }}
labelValueLengthLimit: {{ . }}
{{- end }}
{{- end -}}
{{/*
Formats imagePullSecrets. Input is (dict "Values" .Values "imagePullSecrets" .{specific imagePullSecrets})
*/}}
@ -150,19 +140,14 @@ Formats imagePullSecrets. Input is (dict "Values" .Values "imagePullSecrets" .{s
The image to use for kube-state-metrics
*/}}
{{- define "kube-state-metrics.image" -}}
{{- $temp_registry := (include "system_default_registry" .) }}
{{- if .Values.image.sha }}
{{- if $temp_registry }}
{{- printf "%s%s:%s@%s" $temp_registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }}
{{- else if .Values.global.imageRegistry }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s@%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }}
{{- else }}
{{- printf "%s/%s:%s@%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }}
{{- end }}
{{- else }}
{{- if $temp_registry }}
{{- printf "%s%s:%s" $temp_registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }}
{{- else if .Values.global.imageRegistry }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }}
{{- else }}
{{- printf "%s/%s:%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }}
@ -188,3 +173,14 @@ The image to use for kubeRBACProxy
{{- end }}
{{- end }}
{{- end }}
{{/*
The name of the ConfigMap for the customResourceState config.
*/}}
{{- define "kube-state-metrics.crsConfigMapName" -}}
{{- if ne .Values.customResourceState.name "" }}
{{- .Values.customResourceState.name }}
{{- else }}
{{- template "kube-state-metrics.fullname" . }}-customresourcestate-config
{{- end }}
{{- end }}

0
charts/rancher-monitoring/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml
View File

0
charts/rancher-monitoring/charts/kube-state-metrics/templates/clusterrolebinding.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/clusterrolebinding.yaml
View File

6
charts/rancher-monitoring/charts/kube-state-metrics/templates/crs-configmap.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/crs-configmap.yaml
View File

@ -1,8 +1,8 @@
{{- if .Values.customResourceState.enabled}}
{{- if and .Values.customResourceState.enabled .Values.customResourceState.create }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "kube-state-metrics.fullname" . }}-customresourcestate-config
name: {{ template "kube-state-metrics.crsConfigMapName" . }}
namespace: {{ template "kube-state-metrics.namespace" . }}
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
@ -11,6 +11,6 @@ metadata:
{{ toYaml .Values.annotations | nindent 4 }}
{{- end }}
data:
config.yaml: |
{{ .Values.customResourceState.key }}: |
{{- toYaml .Values.customResourceState.config | nindent 4 }}
{{- end }}

60
charts/rancher-monitoring/charts/kube-state-metrics/templates/deployment.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml
View File

@ -9,9 +9,12 @@ metadata:
namespace: {{ template "kube-state-metrics.namespace" . }}
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
{{- if .Values.annotations }}
{{- with .Values.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.annotations }}
annotations:
{{ toYaml .Values.annotations | indent 4 }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
@ -52,8 +55,12 @@ spec:
initContainers:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- if .Values.dnsConfig }}
dnsConfig: {{ toYaml .Values.dnsConfig | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.dnsPolicy }}
containers:
{{- $servicePort := ternary 9090 (.Values.service.port | default 8080) .Values.kubeRBACProxy.enabled}}
{{- $servicePort := ternary .Values.kubeRBACProxy.port (.Values.service.port | default 8080) .Values.kubeRBACProxy.enabled}}
{{- $telemetryPort := ternary 9091 (.Values.selfMonitor.telemetryPort | default 8081) .Values.kubeRBACProxy.enabled}}
- name: {{ template "kube-state-metrics.name" . }}
{{- if .Values.autosharding.enabled }}
@ -132,7 +139,7 @@ spec:
{{- end }}
{{- end }}
{{- if .Values.customResourceState.enabled }}
- --custom-resource-state-config-file=/etc/customresourcestate/config.yaml
- --custom-resource-state-config-file=/etc/customresourcestate/{{ .Values.customResourceState.key }}
{{- end }}
{{- if or (.Values.kubeconfig.enabled) (.Values.customResourceState.enabled) (.Values.volumeMounts) }}
volumeMounts:
@ -155,11 +162,9 @@ spec:
{{- if eq .Values.kubeRBACProxy.enabled false }}
ports:
- containerPort: {{ .Values.service.port | default 8080}}
name: "http"
{{- if .Values.selfMonitor.enabled }}
name: http
- containerPort: {{ $telemetryPort }}
name: "metrics"
{{- end }}
name: metrics
{{- end }}
{{- if .Values.startupProbe.enabled }}
startupProbe:
@ -174,11 +179,10 @@ spec:
value: {{ $header.value }}
{{- end }}
path: /healthz
port: http
{{- if .Values.kubeRBACProxy.enabled }}
port: {{ .Values.service.port | default 8080 }}
scheme: HTTPS
{{- else }}
port: {{ $servicePort }}
scheme: {{ upper .Values.startupProbe.httpGet.scheme }}
{{- end }}
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
@ -198,11 +202,10 @@ spec:
value: {{ $header.value }}
{{- end }}
path: /livez
port: http
{{- if .Values.kubeRBACProxy.enabled }}
port: {{ .Values.service.port | default 8080 }}
scheme: HTTPS
{{- else }}
port: {{ $servicePort }}
scheme: {{ upper .Values.livenessProbe.httpGet.scheme }}
{{- end }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
@ -221,11 +224,10 @@ spec:
value: {{ $header.value }}
{{- end }}
path: /readyz
port: metrics
{{- if .Values.kubeRBACProxy.enabled }}
port: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
scheme: HTTPS
{{- else }}
port: {{ $telemetryPort }}
scheme: {{ upper .Values.readinessProbe.httpGet.scheme }}
{{- end }}
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
@ -244,9 +246,12 @@ spec:
{{- if .Values.kubeRBACProxy.extraArgs }}
{{- .Values.kubeRBACProxy.extraArgs | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.kubeRBACProxy.ignoreProbePaths }}
- --ignore-paths=/livez,/readyz
{{- end }}
- --secure-listen-address=:{{ .Values.service.port | default 8080}}
- --upstream=http://127.0.0.1:{{ $servicePort }}/
- --proxy-endpoints-port=8888
- --proxy-endpoints-port={{ .Values.kubeRBACProxy.proxyEndpointsPort | default 8888 }}
- --config-file=/etc/kube-rbac-proxy-config/config-file.yaml
volumeMounts:
- name: kube-rbac-proxy-config
@ -258,14 +263,14 @@ spec:
image: {{ include "kubeRBACProxy.image" . }}
ports:
- containerPort: {{ .Values.service.port | default 8080}}
name: "http"
- containerPort: 8888
name: "http-healthz"
name: http
- containerPort: {{ .Values.kubeRBACProxy.proxyEndpointsPort | default 8888 }}
name: http-healthz
readinessProbe:
httpGet:
scheme: HTTPS
port: 8888
path: healthz
port: http-healthz
path: /healthz
initialDelaySeconds: 5
timeoutSeconds: 5
{{- if .Values.kubeRBACProxy.resources }}
@ -282,6 +287,9 @@ spec:
{{- if .Values.kubeRBACProxy.extraArgs }}
{{- .Values.kubeRBACProxy.extraArgs | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.kubeRBACProxy.ignoreProbePaths }}
- --ignore-paths=/livez,/readyz
{{- end }}
- --secure-listen-address=:{{ .Values.selfMonitor.telemetryPort | default 8081 }}
- --upstream=http://127.0.0.1:{{ $telemetryPort }}/
- --proxy-endpoints-port=8889
@ -296,13 +304,13 @@ spec:
image: {{ include "kubeRBACProxy.image" . }}
ports:
- containerPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
name: "metrics"
name: metrics
- containerPort: 8889
name: "metrics-healthz"
name: metrics-healthz
readinessProbe:
httpGet:
scheme: HTTPS
port: 8889
port: metrics-healthz
path: healthz
initialDelaySeconds: 5
timeoutSeconds: 5
@ -331,12 +339,12 @@ spec:
{{- tpl .Values.affinity $ | nindent 8 }}
{{- end }}
{{- end }}
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ tpl (toYaml .) $ | indent 8 }}
{{- end }}
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
{{- with .Values.tolerations }}
tolerations:
{{ tpl (toYaml .) $ | indent 8 }}
{{- end }}
{{- if .Values.topologySpreadConstraints }}
@ -358,7 +366,7 @@ spec:
{{- if .Values.customResourceState.enabled}}
- name: customresourcestate-config
configMap:
name: {{ template "kube-state-metrics.fullname" . }}-customresourcestate-config
name: {{ template "kube-state-metrics.crsConfigMapName" . }}
{{- end }}
{{- if .Values.volumes }}
{{ toYaml .Values.volumes | indent 8 }}

0
charts/rancher-monitoring/charts/kube-state-metrics/templates/extra-manifests.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/extra-manifests.yaml
View File

0
charts/rancher-monitoring/charts/kube-state-metrics/templates/kubeconfig-secret.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/kubeconfig-secret.yaml
View File

2
charts/rancher-monitoring/charts/kube-state-metrics/templates/networkpolicy.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/networkpolicy.yaml
View File

@ -22,7 +22,7 @@ spec:
{{- else }}
## Allow ingress on default ports by default
- ports:
- port: {{ .Values.service.port | default 8080 }}
- port: http
protocol: TCP
{{- if .Values.selfMonitor.enabled }}
{{- $telemetryPort := ternary 9091 (.Values.selfMonitor.telemetryPort | default 8081) .Values.kubeRBACProxy.enabled}}

4
charts/rancher-monitoring/charts/kube-state-metrics/templates/pdb.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/pdb.yaml
View File

@ -1,9 +1,5 @@
{{- if .Values.podDisruptionBudget -}}
{{ if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}}
apiVersion: policy/v1
{{- else -}}
apiVersion: policy/v1beta1
{{- end }}
kind: PodDisruptionBudget
metadata:
name: {{ template "kube-state-metrics.fullname" . }}

0
charts/rancher-monitoring/charts/kube-state-metrics/templates/rbac-configmap.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/rbac-configmap.yaml
View File

11
charts/rancher-monitoring/charts/kube-state-metrics/templates/role.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/role.yaml
View File

@ -1,6 +1,3 @@
{{- if not (kindIs "slice" .Values.collectors) }}
{{- fail "Collectors need to be a List since kube-state-metrics chart 3.2.2. Please check README for more information."}}
{{- end }}
{{- if and (eq .Values.rbac.create true) (not .Values.rbac.useExistingRole) -}}
{{- range (ternary (join "," .Values.namespaces | split "," ) (list "") (eq $.Values.rbac.useClusterRole false)) }}
---
@ -37,13 +34,13 @@ rules:
verbs: ["list", "watch"]
{{ end -}}
{{ if has "daemonsets" $.Values.collectors }}
- apiGroups: ["extensions", "apps"]
- apiGroups: ["apps"]
resources:
- daemonsets
verbs: ["list", "watch"]
{{ end -}}
{{ if has "deployments" $.Values.collectors }}
- apiGroups: ["extensions", "apps"]
- apiGroups: ["apps"]
resources:
- deployments
verbs: ["list", "watch"]
@ -67,7 +64,7 @@ rules:
verbs: ["list", "watch"]
{{ end -}}
{{ if has "ingresses" $.Values.collectors }}
- apiGroups: ["extensions", "networking.k8s.io"]
- apiGroups: ["networking.k8s.io"]
resources:
- ingresses
verbs: ["list", "watch"]
@ -163,7 +160,7 @@ rules:
verbs: ["list", "watch"]
{{ end -}}
{{ if has "replicasets" $.Values.collectors }}
- apiGroups: ["extensions", "apps"]
- apiGroups: ["apps"]
resources:
- replicasets
verbs: ["list", "watch"]

0
charts/rancher-monitoring/charts/kube-state-metrics/templates/rolebinding.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/rolebinding.yaml
View File

60
charts/kube-prometheus-stack/charts/kube-state-metrics/templates/scrapeconfig.yaml Normal file
View File

@ -0,0 +1,60 @@
{{- if .Values.prometheus.scrapeconfig.enabled }}
apiVersion: monitoring.coreos.com/v1alpha1
kind: ScrapeConfig
metadata:
name: {{ template "kube-state-metrics.fullname" . }}
namespace: {{ template "kube-state-metrics.namespace" . }}
labels:
{{- include "kube-state-metrics.labels" . | indent 4 }}
{{- with .Values.prometheus.scrapeconfig.additionalLabels }}
{{- tpl (toYaml . | nindent 4) $ }}
{{- end }}
{{- with .Values.prometheus.scrapeconfig.annotations }}
annotations:
{{- tpl (toYaml . | nindent 4) $ }}
{{- end }}
spec:
{{- include "scrapeconfig.scrapeLimits" .Values.prometheus.scrapeconfig | indent 2 }}
staticConfigs:
- targets:
- {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc:{{ .Values.service.port }}
{{- if .Values.prometheus.scrapeconfig.staticConfigLabels}}
labels:
{{- with .Values.prometheus.scrapeconfig.staticConfigLabels }}
{{- tpl (toYaml . | nindent 8) $ }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.scrapeconfig.jobName }}
jobName: {{ .Values.prometheus.scrapeconfig.jobName }}
{{- end }}
{{- if .Values.prometheus.scrapeconfig.honorLabels }}
honorLabels: true
{{- end }}
{{- if .Values.prometheus.scrapeconfig.scrapeInterval }}
scrapeInterval: {{ .Values.prometheus.scrapeconfig.scrapeInterval }}
{{- end }}
{{- if .Values.prometheus.scrapeconfig.scrapeTimeout }}
scrapeTimeout: {{ .Values.prometheus.scrapeconfig.scrapeTimeout }}
{{- end }}
{{- if .Values.prometheus.scrapeconfig.proxyUrl }}
proxyUrl: {{ .Values.prometheus.scrapeconfig.proxyUrl }}
{{- end }}
{{- if .Values.prometheus.scrapeconfig.enableHttp2 }}
enableHttp2: {{ .Values.prometheus.scrapeconfig.enableHttp2 }}
{{- end }}
{{- if .Values.prometheus.scrapeconfig.metricRelabelings }}
metricRelabelings:
{{- toYaml .Values.prometheus.scrapeconfig.metricRelabelings | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.scrapeconfig.relabelings }}
relabelings:
{{- toYaml .Values.prometheus.scrapeconfig.relabelings | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.scrapeconfig.scheme }}
scheme: {{ .Values.prometheus.scrapeconfig.scheme }}
{{- end }}
{{- if .Values.prometheus.scrapeconfig.tlsConfig }}
tlsConfig:
{{- toYaml (.Values.prometheus.scrapeconfig.tlsConfig ) | nindent 4 }}
{{- end }}
{{- end }}

12
charts/rancher-monitoring/charts/kube-state-metrics/templates/service.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/service.yaml
View File

@ -19,19 +19,19 @@ spec:
ipFamilyPolicy: {{ .Values.service.ipDualStack.ipFamilyPolicy }}
{{- end }}
ports:
- name: "http"
- name: http
protocol: TCP
port: {{ .Values.service.port | default 8080}}
{{- if .Values.service.nodePort }}
{{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }}
nodePort: {{ .Values.service.nodePort }}
{{- end }}
targetPort: {{ .Values.service.port | default 8080}}
targetPort: http
{{ if .Values.selfMonitor.enabled }}
- name: "metrics"
- name: metrics
protocol: TCP
port: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
targetPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
{{- if .Values.selfMonitor.telemetryNodePort }}
targetPort: metrics
{{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }}
nodePort: {{ .Values.selfMonitor.telemetryNodePort }}
{{- end }}
{{ end }}

0
charts/rancher-monitoring/charts/kube-state-metrics/templates/serviceaccount.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/serviceaccount.yaml
View File

12
charts/rancher-monitoring/charts/kube-state-metrics/templates/servicemonitor.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/servicemonitor.yaml
View File

@ -57,20 +57,8 @@ spec:
{{- end }}
{{- if or .Values.prometheus.monitor.http.metricRelabelings .Values.prometheus.monitor.metricRelabelings }}
metricRelabelings:
{{- if or .Values.prometheus.monitor.http.metricRelabelings .Values.prometheus.monitor.metricRelabelings }}
{{- toYaml (.Values.prometheus.monitor.http.metricRelabelings | default .Values.prometheus.monitor.metricRelabelings) | nindent 8 }}
{{- end }}
{{ if .Values.global.cattle.clusterId }}
- sourceLabels: [__address__]
targetLabel: cluster_id
replacement: {{ .Values.global.cattle.clusterId }}
{{- end }}
{{ if .Values.global.cattle.clusterName }}
- sourceLabels: [__address__]
targetLabel: cluster_name
replacement: {{ .Values.global.cattle.clusterName }}
{{- end }}
{{- end }}
{{- if or .Values.prometheus.monitor.http.relabelings .Values.prometheus.monitor.relabelings }}
relabelings:
{{- toYaml (.Values.prometheus.monitor.http.relabelings | default .Values.prometheus.monitor.relabelings) | nindent 8 }}

0
charts/rancher-monitoring/charts/kube-state-metrics/templates/stsdiscovery-role.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/stsdiscovery-role.yaml
View File

0
charts/rancher-monitoring/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml
View File

0
charts/rancher-monitoring/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml
View File

115
charts/rancher-monitoring/charts/kube-state-metrics/values.yaml → charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml
View File

@ -1,9 +1,10 @@
# Default values for kube-state-metrics.
prometheusScrape: true
image:
registry: docker.io
repository: rancher/mirrored-kube-state-metrics-kube-state-metrics
tag: v2.15.0
registry: registry.k8s.io
repository: kube-state-metrics/kube-state-metrics
# If unset use v + .Charts.appVersion
tag: ""
sha: ""
pullPolicy: IfNotPresent
@ -11,11 +12,6 @@ imagePullSecrets: []
# - name: "image-pull-secret"
global:
cattle:
psp:
enabled: false
systemDefaultRegistry: ""
# To help compatibility with other charts which use global.imagePullSecrets.
# Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style).
# global:
@ -53,7 +49,7 @@ revisionHistoryLimit: 10
# List of additional cli arguments to configure kube-state-metrics
# for example: --enable-gzip-encoding, --log-file, etc.
# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md
# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/main/docs/developer/cli-arguments.md
extraArgs: []
# If false then the user will opt out of automounting API credentials.
@ -108,12 +104,16 @@ rbac:
kubeRBACProxy:
enabled: false
image:
registry: ''
repository: rancher/mirrored-brancz-kube-rbac-proxy
tag: v0.18.2
registry: quay.io
repository: brancz/kube-rbac-proxy
tag: v0.21.2
sha: ""
pullPolicy: IfNotPresent
# This set --ignore-paths=/livez,/readyz to kubeRBACProxy container args
# to allow the pod probes working properly with kubeRBACProxy enabled.
ignoreProbePaths: true
# List of additional cli arguments to configure kube-rbac-prxy
# for example: --tls-cipher-suites, --log-file, etc.
# all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage
@ -129,6 +129,12 @@ kubeRBACProxy:
drop:
- ALL
# Configure specific upstream port for kube-state-metrics container
port: 9090
# Configure specific proxy endpoints port
# This port is for healthz on readinessProbe kube-rbac-proxy-http container
proxyEndpointsPort: 8888
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
@ -165,7 +171,7 @@ serviceAccount:
automountServiceAccountToken: true
# Additional Environment variables
env: {}
env: []
# - name: GOMAXPROCS
# valueFrom:
# resourceFieldRef:
@ -243,22 +249,46 @@ prometheus:
# name: secret-name
# key: key-name
tlsConfig: {}
## Specify if a Pod Security Policy for kube-state-metrics must be created
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
##
podSecurityPolicy:
annotations: {}
## Specify pod annotations
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
## Create a scrapeConfig resource for scraping the kube-state-metrics service. Use this instead of serviceMonitor
## to have more instances of kube-state-metrics safety.
scrapeconfig:
## To avoid duplicate metrics, first disable the serviceMonitor creation via prometheus.monitor.enabled=false
enabled: false
annotations: {}
additionalLabels: {}
jobName: kube-state-metrics
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
##
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
sampleLimit: 0
additionalVolumes: []
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
##
targetLimit: 0
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
##
labelLimit: 0
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
##
labelNameLengthLimit: 0
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
##
labelValueLengthLimit: 0
## StaticConfigLabels defines the labels to be used in the Prometheus static configuration for scraping.
staticConfigLabels: {}
scrapeInterval: ""
scrapeTimeout: ""
proxyUrl: ""
## Whether to enable HTTP2 for scrapeconfig
enableHttp2: false
honorLabels: true
metricRelabelings: []
relabelings: []
scheme: ""
tlsConfig: {}
## Configure network policy for kube-state-metrics
networkPolicy:
@ -329,6 +359,9 @@ topologySpreadConstraints: []
# Annotations to be added to the deployment/statefulset
annotations: {}
# Labels to be added to the deployment/statefulset
labels: {}
# Annotations to be added to the pod
podAnnotations: {}
@ -377,7 +410,7 @@ collectors:
- cronjobs
- daemonsets
- deployments
- endpoints
- endpointslices
- horizontalpodautoscalers
- ingresses
- jobs
@ -413,8 +446,19 @@ kubeconfig:
# Enabling support for customResourceState, will create a configMap including your config that will be read from kube-state-metrics
customResourceState:
# Whether to enable support for CustomResourceStateMetrics.
enabled: false
# Add (Cluster)Role permissions to list/watch the customResources defined in the config to rbac.extraRules
# Whether to create the ConfigMap that holds the config.
create: true
# Name of the ConfigMap that holds the config. If empty, name will be generated based on the release name.
name: ""
# ConfigMap key that holds the config.
key: config.yaml
# Definition of the CustomResourceStateMetrics. Add (Cluster)Role permissions to list/watch the resources defined in the config to rbac.extraRules.
config: {}
# Enable only the release namespace for collecting resources. By default all namespaces are collected.
@ -444,11 +488,6 @@ resources: {}
# cpu: 10m
# memory: 32Mi
## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role.
## For example: kubeTargetVersionOverride: 1.14.9
##
kubeTargetVersionOverride: ""
# Enable self metrics configuration for service and Service Monitor
# Default values for telemetry configuration can be overridden
# If you set telemetryNodePort, you must also set service.type to NodePort
@ -522,6 +561,14 @@ initContainers: []
# - name: crd-sidecar
# image: kiwigrid/k8s-sidecar:latest
## dnsPolicy allows to change the default DNS configuration for the pod
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
dnsPolicy: ClusterFirst
## dnsConfig allows setting up specific DNS configuration for the pod
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
dnsConfig: {}
## Settings for startup, liveness and readiness probes
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
##

0
charts/rancher-monitoring/charts/prometheus-node-exporter/.helmignore → charts/kube-prometheus-stack/charts/prometheus-node-exporter/.helmignore
View File

Some files were not shown because too many files have changed in this diff Show More