diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index da732c31da..800c0a59b9 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -36,7 +36,6 @@ jobs: helm repo add prometheus https://prometheus-community.github.io/helm-charts helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add hashicorp https://helm.releases.hashicorp.com - helm repo add minio https://helm.min.io helm repo add minio-new https://charts.min.io - name: Run chart-releaser diff --git a/.github/workflows/update-helm-repo.yaml b/.github/workflows/update-helm-repo.yaml index 75c1be27b3..8382c1f231 100644 --- a/.github/workflows/update-helm-repo.yaml +++ b/.github/workflows/update-helm-repo.yaml @@ -154,7 +154,6 @@ jobs: helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add bitnami-pre-2022 https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami helm repo add hashicorp https://helm.releases.hashicorp.com - helm repo add minio https://helm.min.io helm repo add minio-new https://charts.min.io helm repo add jetstack https://charts.jetstack.io helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index 5b50875e7f..0c38584e11 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,12 +2,12 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.10 -appVersion: "0.37.4" -home: https://grafana.com/docs/agent/v0.37/ -icon: https://raw.githubusercontent.com/grafana/agent/v0.37.4/docs/sources/assets/logo_and_name.png +version: 0.3.14 +appVersion: "0.39.0" +home: https://grafana.com/docs/agent/v0.39/ +icon: https://raw.githubusercontent.com/grafana/agent/v0.39.0/docs/sources/assets/logo_and_name.png sources: - - https://github.com/grafana/agent/tree/v0.37.4/pkg/operator + - https://github.com/grafana/agent/tree/v0.39.0/pkg/operator maintainers: - name: Grafana Agent Team email: grafana-agent-team@googlegroups.com diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index 23830e11db..3398af7c25 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.10](https://img.shields.io/badge/Version-0.3.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.37.4](https://img.shields.io/badge/AppVersion-0.37.4-informational?style=flat-square) +![Version: 0.3.14](https://img.shields.io/badge/Version-0.3.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.39.0](https://img.shields.io/badge/AppVersion-0.39.0-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -8,7 +8,7 @@ A Helm chart for Grafana Agent Operator ## Source Code -* +* Note that this chart does not provision custom resources like `GrafanaAgent` and `MetricsInstance` (formerly `PrometheusInstance`) or any `*Monitor` resources. @@ -16,7 +16,7 @@ To learn how to deploy these resources, please see Grafana's [Agent Operator get ## CRDs -The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/production/operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs. +The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/operations/agent-static-operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs. ## Get Repo Info @@ -63,7 +63,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.pullSecrets | list | `[]` | Image pull secrets | | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | -| image.tag | string | `"v0.37.4"` | Image tag | +| image.tag | string | `"v0.39.0"` | Image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | diff --git a/charts/agent-operator/README.md.gotmpl b/charts/agent-operator/README.md.gotmpl index 5b08d32051..3dce97a945 100644 --- a/charts/agent-operator/README.md.gotmpl +++ b/charts/agent-operator/README.md.gotmpl @@ -16,7 +16,7 @@ To learn how to deploy these resources, please see Grafana's [Agent Operator get ## CRDs -The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/production/operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs. +The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/operations/agent-static-operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs. ## Get Repo Info diff --git a/charts/agent-operator/values.yaml b/charts/agent-operator/values.yaml index fb770e2fd7..0d0c491dee 100644 --- a/charts/agent-operator/values.yaml +++ b/charts/agent-operator/values.yaml @@ -37,7 +37,7 @@ image: # -- Image repo repository: grafana/agent-operator # -- Image tag - tag: v0.37.4 + tag: v0.39.0 # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 7f0fccba65..0069f17158 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,11 +1,11 @@ apiVersion: v2 name: grafana -version: 7.0.6 -appVersion: 10.1.5 +version: 7.2.1 +appVersion: 10.2.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. -home: https://grafana.net -icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png +home: https://grafana.com +icon: https://artifacthub.io/image/b4fed1a7-6c8f-4945-b99d-096efa3e4116 sources: - https://github.com/grafana/grafana - https://github.com/grafana/helm-charts diff --git a/charts/grafana/README.md b/charts/grafana/README.md index 81e5360b9f..6f645c564a 100644 --- a/charts/grafana/README.md +++ b/charts/grafana/README.md @@ -48,7 +48,7 @@ This version requires Helm >= 3.1.0. ### To 7.0.0 -For consistency with other Helm charts, the `global.image.registry` parameter was renamed +For consistency with other Helm charts, the `global.image.registry` parameter was renamed to `global.imageRegistry`. If you were not previously setting `global.image.registry`, no action is required on upgrade. If you were previously setting `global.image.registry`, you will need to instead set `global.imageRegistry`. @@ -136,6 +136,7 @@ need to instead set `global.imageRegistry`. | `enableServiceLinks` | Inject Kubernetes services as environment variables. | `true` | | `extraSecretMounts` | Additional grafana server secret mounts | `[]` | | `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | +| `extraVolumes` | Additional Grafana server volumes | `[]` | | `createConfigmap` | Enable creating the grafana configmap | `true` | | `extraConfigmapMounts` | Additional grafana server configMap volume mounts (values are templated) | `[]` | | `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | @@ -174,7 +175,7 @@ need to instead set `global.imageRegistry`. | `sidecar.alerts.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | | `sidecar.alerts.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/alerting/reload"` | | `sidecar.alerts.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` | -| `sidecar.alerts.initDatasources` | Set to true to deploy the datasource sidecar as an initContainer. This is needed if skipReload is true, to load any alerts defined at startup time. | `false` | +| `sidecar.alerts.initAlerts` | Set to true to deploy the alerts sidecar as an initContainer. This is needed if skipReload is true, to load any alerts defined at startup time. | `false` | | `sidecar.alerts.extraMounts` | Additional alerts sidecar volume mounts. | `[]` | | `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | | `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` | @@ -315,24 +316,35 @@ ingress: path: "/grafana" ``` -### Example of extraVolumeMounts +### Example of extraVolumeMounts and extraVolumes -Volume can be type persistentVolumeClaim or hostPath but not both at same time. -If neither existingClaim or hostPath argument is given then type is emptyDir. +Configure additional volumes with `extraVolumes` and volume mounts with `extraVolumeMounts`. + +Example for `extraVolumeMounts` and corresponding `extraVolumes`: ```yaml -- extraVolumeMounts: +extraVolumeMounts: - name: plugins mountPath: /var/lib/grafana/plugins subPath: configs/grafana/plugins - existingClaim: existing-grafana-claim readOnly: false - name: dashboards mountPath: /var/lib/grafana/dashboards hostPath: /usr/shared/grafana/dashboards readOnly: false + +extraVolumes: + - name: plugins + existingClaim: existing-grafana-claim + - name: dashboards + hostPath: /usr/shared/grafana/dashboards ``` +Volumes default to `emptyDir`. Set to `persistentVolumeClaim`, +`hostPath`, `csi`, or `configMap` for other types. For a +`persistentVolumeClaim`, specify an existing claim name with +`existingClaim`. + ## Import dashboards There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method: @@ -544,9 +556,61 @@ delete_notifiers: # default org_id: 1 ``` -## Provision alert rules, contact points, notification policies and notification templates +## Sidecar for alerting resources + +If the parameter `sidecar.alerts.enabled` is set, a sidecar container is deployed in the grafana +pod. This container watches all configmaps (or secrets) in the cluster (namespace defined by `sidecar.alerts.searchNamespace`) and filters out the ones with +a label as defined in `sidecar.alerts.label` (default is `grafana_alert`). The files defined in those configmaps are written +to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported alerting resources are updated, however, deletions are a little more complicated (see below). + +This sidecar can be used to provision alert rules, contact points, notification policies, notification templates and mute timings as shown in [Grafana Documentation](https://grafana.com/docs/grafana/next/alerting/set-up/provision-alerting-resources/file-provisioning/). + +To fetch the alert config which will be provisioned, use the alert provisioning API ([Grafana Documentation](https://grafana.com/docs/grafana/next/developers/http_api/alerting_provisioning/)). +You can use either JSON or YAML format. + +Example config for an alert rule: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: sample-grafana-alert + labels: + grafana_alert: "1" +data: + k8s-alert.yml: |- + apiVersion: 1 + groups: + - orgId: 1 + name: k8s-alert + [...] +``` + +To delete provisioned alert rules is a two step process, you need to delete the configmap which defined the alert rule +and then create a configuration which deletes the alert rule. + +Example deletion configuration: +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: delete-sample-grafana-alert + namespace: monitoring + labels: + grafana_alert: "1" +data: + delete-k8s-alert.yml: |- + apiVersion: 1 + deleteRules: + - orgId: 1 + uid: 16624780-6564-45dc-825c-8bded4ad92d3 +``` + +## Statically provision alerting resources +If you don't need to change alerting resources (alert rules, contact points, notification policies and notification templates) regularly you could use the `alerting` config option instead of the sidecar option above. +This will grab the alerting config and apply it statically at build time for the helm file. -There are two methods to provision alerting configuration in Grafana. Below are some examples and explanations as to how to use each method: +There are two methods to statically provision alerting configuration in Grafana. Below are some examples and explanations as to how to use each method: ```yaml alerting: @@ -576,13 +640,14 @@ alerting: title: '{{ `{{ template "default.title" . }}` }}' ``` -There are two possibilities: +The two possibilities for static alerting resource provisioning are: -* Inlining the file contents as described in the example `values.yaml` and the official [Grafana documentation](https://grafana.com/docs/grafana/next/alerting/set-up/provision-alerting-resources/file-provisioning/). -* Importing a file using a relative path starting from the chart root directory. +* Inlining the file contents as shown for contact points in the above example. +* Importing a file using a relative path starting from the chart root directory as shown for the alert rules in the above example. ### Important notes on file provisioning +* The format of the files is defined in the [Grafana documentation](https://grafana.com/docs/grafana/next/alerting/set-up/provision-alerting-resources/file-provisioning/) on file provisioning. * The chart supports importing YAML and JSON files. * The filename must be unique, otherwise one volume mount will overwrite the other. * In case of inlining, double curly braces that arise from the Grafana configuration format and are not intended as templates for the chart must be escaped. diff --git a/charts/grafana/templates/_config.tpl b/charts/grafana/templates/_config.tpl new file mode 100644 index 0000000000..19df19cd2a --- /dev/null +++ b/charts/grafana/templates/_config.tpl @@ -0,0 +1,171 @@ +{{/* + Generate config map data + */}} +{{- define "grafana.configData" -}} +{{ include "grafana.assertNoLeakedSecrets" . }} +{{- $files := .Files }} +{{- $root := . -}} +{{- with .Values.plugins }} +plugins: {{ join "," . }} +{{- end }} +grafana.ini: | +{{- range $elem, $elemVal := index .Values "grafana.ini" }} + {{- if not (kindIs "map" $elemVal) }} + {{- if kindIs "invalid" $elemVal }} + {{ $elem }} = + {{- else if kindIs "string" $elemVal }} + {{ $elem }} = {{ tpl $elemVal $ }} + {{- else }} + {{ $elem }} = {{ $elemVal }} + {{- end }} + {{- end }} +{{- end }} +{{- range $key, $value := index .Values "grafana.ini" }} + {{- if kindIs "map" $value }} + [{{ $key }}] + {{- range $elem, $elemVal := $value }} + {{- if kindIs "invalid" $elemVal }} + {{ $elem }} = + {{- else if kindIs "string" $elemVal }} + {{ $elem }} = {{ tpl $elemVal $ }} + {{- else }} + {{ $elem }} = {{ $elemVal }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} + +{{- range $key, $value := .Values.datasources }} +{{- if not (hasKey $value "secret") }} +{{ $key }}: | + {{- tpl (toYaml $value | nindent 2) $root }} +{{- end }} +{{- end }} + +{{- range $key, $value := .Values.notifiers }} +{{- if not (hasKey $value "secret") }} +{{ $key }}: | + {{- toYaml $value | nindent 2 }} +{{- end }} +{{- end }} + +{{- range $key, $value := .Values.alerting }} +{{- if (hasKey $value "file") }} +{{ $key }}: +{{- toYaml ( $files.Get $value.file ) | nindent 2 }} +{{- else if (or (hasKey $value "secret") (hasKey $value "secretFile"))}} +{{/* will be stored inside secret generated by "configSecret.yaml"*/}} +{{- else }} +{{ $key }}: | + {{- tpl (toYaml $value | nindent 2) $root }} +{{- end }} +{{- end }} + +{{- range $key, $value := .Values.dashboardProviders }} +{{ $key }}: | + {{- toYaml $value | nindent 2 }} +{{- end }} + +{{- if .Values.dashboards }} +download_dashboards.sh: | + #!/usr/bin/env sh + set -euf + {{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{- range $value.providers }} + mkdir -p {{ .options.path }} + {{- end }} + {{- end }} + {{- end }} +{{ $dashboardProviders := .Values.dashboardProviders }} +{{- range $provider, $dashboards := .Values.dashboards }} + {{- range $key, $value := $dashboards }} + {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} + curl -skf \ + --connect-timeout 60 \ + --max-time 60 \ + {{- if not $value.b64content }} + {{- if not $value.acceptHeader }} + -H "Accept: application/json" \ + {{- else }} + -H "Accept: {{ $value.acceptHeader }}" \ + {{- end }} + {{- if $value.token }} + -H "Authorization: token {{ $value.token }}" \ + {{- end }} + {{- if $value.bearerToken }} + -H "Authorization: Bearer {{ $value.bearerToken }}" \ + {{- end }} + {{- if $value.basic }} + -H "Authorization: Basic {{ $value.basic }}" \ + {{- end }} + {{- if $value.gitlabToken }} + -H "PRIVATE-TOKEN: {{ $value.gitlabToken }}" \ + {{- end }} + -H "Content-Type: application/json;charset=UTF-8" \ + {{- end }} + {{- $dpPath := "" -}} + {{- range $kd := (index $dashboardProviders "dashboardproviders.yaml").providers }} + {{- if eq $kd.name $provider }} + {{- $dpPath = $kd.options.path }} + {{- end }} + {{- end }} + {{- if $value.url }} + "{{ $value.url }}" \ + {{- else }} + "https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download" \ + {{- end }} + {{- if $value.datasource }} + {{- if kindIs "string" $value.datasource }} + | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g' \ + {{- end }} + {{- if kindIs "slice" $value.datasource }} + {{- range $value.datasource }} + | sed '/-- .* --/! s/${{"{"}}{{ .name }}}/{{ .value }}/g' \ + {{- end }} + {{- end }} + {{- end }} + {{- if $value.b64content }} + | base64 -d \ + {{- end }} + > "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json" + {{ end }} + {{- end }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* + Generate dashboard json config map data + */}} +{{- define "grafana.configDashboardProviderData" -}} +provider.yaml: |- + apiVersion: 1 + providers: + - name: '{{ .Values.sidecar.dashboards.provider.name }}' + orgId: {{ .Values.sidecar.dashboards.provider.orgid }} + {{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + folder: '{{ .Values.sidecar.dashboards.provider.folder }}' + {{- end }} + type: {{ .Values.sidecar.dashboards.provider.type }} + disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }} + allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }} + updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }} + options: + foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }} +{{- end -}} + +{{- define "grafana.secretsData" -}} +{{- if and (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} +admin-user: {{ .Values.adminUser | b64enc | quote }} +{{- if .Values.adminPassword }} +admin-password: {{ .Values.adminPassword | b64enc | quote }} +{{- else }} +admin-password: {{ include "grafana.password" . }} +{{- end }} +{{- end }} +{{- if not .Values.ldap.existingSecret }} +ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }} +{{- end }} +{{- end -}} diff --git a/charts/grafana/templates/_helpers.tpl b/charts/grafana/templates/_helpers.tpl index ead2449e37..44c00f3570 100644 --- a/charts/grafana/templates/_helpers.tpl +++ b/charts/grafana/templates/_helpers.tpl @@ -225,3 +225,52 @@ Formats imagePullSecrets. Input is (dict "root" . "imagePullSecrets" .{specific {{- end }} {{- $secretFound}} {{- end -}} + +{{/* + Checks whether the user is attempting to store secrets in plaintext + in the grafana.ini configmap +*/}} +{{/* grafana.assertNoLeakedSecrets checks for sensitive keys in values */}} +{{- define "grafana.assertNoLeakedSecrets" -}} + {{- $sensitiveKeysYaml := ` +sensitiveKeys: +- path: ["database", "password"] +- path: ["smtp", "password"] +- path: ["security", "secret_key"] +- path: ["security", "admin_password"] +- path: ["auth.basic", "password"] +- path: ["auth.ldap", "bind_password"] +- path: ["auth.google", "client_secret"] +- path: ["auth.github", "client_secret"] +- path: ["auth.gitlab", "client_secret"] +- path: ["auth.generic_oauth", "client_secret"] +- path: ["auth.okta", "client_secret"] +- path: ["auth.azuread", "client_secret"] +- path: ["auth.grafana_com", "client_secret"] +- path: ["auth.grafananet", "client_secret"] +- path: ["azure", "user_identity_client_secret"] +- path: ["unified_alerting", "ha_redis_password"] +- path: ["metrics", "basic_auth_password"] +- path: ["external_image_storage.s3", "secret_key"] +- path: ["external_image_storage.webdav", "password"] +- path: ["external_image_storage.azure_blob", "account_key"] +` | fromYaml -}} + {{- if $.Values.assertNoLeakedSecrets -}} + {{- $grafanaIni := index .Values "grafana.ini" -}} + {{- range $_, $secret := $sensitiveKeysYaml.sensitiveKeys -}} + {{- $currentMap := $grafanaIni -}} + {{- $shouldContinue := true -}} + {{- range $index, $elem := $secret.path -}} + {{- if and $shouldContinue (hasKey $currentMap $elem) -}} + {{- if eq (len $secret.path) (add1 $index) -}} + {{- fail (printf "Sensitive key '%s' should not be defined explicitly in values. Use variable expansion instead." (join "." $secret.path)) -}} + {{- else -}} + {{- $currentMap = index $currentMap $elem -}} + {{- end -}} + {{- else -}} + {{- $shouldContinue = false -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/grafana/templates/_pod.tpl b/charts/grafana/templates/_pod.tpl index f1b86d1f93..4791c6fc1f 100644 --- a/charts/grafana/templates/_pod.tpl +++ b/charts/grafana/templates/_pod.tpl @@ -14,6 +14,13 @@ securityContext: hostAliases: {{- toYaml . | nindent 2 }} {{- end }} +{{- if .Values.dnsPolicy }} +dnsPolicy: {{ .Values.dnsPolicy }} +{{- end }} +{{- with .Values.dnsConfig }} +dnsConfig: + {{- toYaml . | nindent 2 }} +{{- end }} {{- with .Values.priorityClassName }} priorityClassName: {{ . }} {{- end }} @@ -169,7 +176,7 @@ initContainers: mountPath: "/etc/grafana/provisioning/alerting" {{- with .Values.sidecar.alerts.extraMounts }} {{- toYaml . | trim | nindent 6 }} - {{- end }} + {{- end }} {{- end }} {{- if and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources }} - name: {{ include "grafana.name" . }}-init-sc-datasources @@ -411,7 +418,7 @@ containers: mountPath: "/etc/grafana/provisioning/alerting" {{- with .Values.sidecar.alerts.extraMounts }} {{- toYaml . | trim | nindent 6 }} - {{- end }} + {{- end }} {{- end}} {{- if .Values.sidecar.dashboards.enabled }} - name: {{ include "grafana.name" . }}-sc-dashboard @@ -427,6 +434,11 @@ containers: - name: "{{ $key }}" value: "{{ $value }}" {{- end }} + {{- range $key, $value := .Values.sidecar.datasources.envValueFrom }} + - name: {{ $key | quote }} + valueFrom: + {{- tpl (toYaml $value) $ | nindent 10 }} + {{- end }} {{- if .Values.sidecar.dashboards.ignoreAlreadyProcessed }} - name: IGNORE_ALREADY_PROCESSED value: "true" @@ -898,26 +910,47 @@ containers: {{- end }} {{- end }} {{- with .Values.datasources }} + {{- $datasources := . }} {{- range (keys . | sortAlpha) }} + {{- if (or (hasKey (index $datasources .) "secret")) }} {{/*check if current datasource should be handeled as secret */}} + - name: config-secret + mountPath: "/etc/grafana/provisioning/datasources/{{ . }}" + subPath: {{ . | quote }} + {{- else }} - name: config mountPath: "/etc/grafana/provisioning/datasources/{{ . }}" subPath: {{ . | quote }} {{- end }} {{- end }} + {{- end }} {{- with .Values.notifiers }} + {{- $notifiers := . }} {{- range (keys . | sortAlpha) }} + {{- if (or (hasKey (index $notifiers .) "secret")) }} {{/*check if current notifier should be handeled as secret */}} + - name: config-secret + mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}" + subPath: {{ . | quote }} + {{- else }} - name: config mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}" subPath: {{ . | quote }} {{- end }} {{- end }} + {{- end }} {{- with .Values.alerting }} + {{- $alertingmap := .}} {{- range (keys . | sortAlpha) }} + {{- if (or (hasKey (index $.Values.alerting .) "secret") (hasKey (index $.Values.alerting .) "secretFile")) }} {{/*check if current alerting entry should be handeled as secret */}} + - name: config-secret + mountPath: "/etc/grafana/provisioning/alerting/{{ . }}" + subPath: {{ . | quote }} + {{- else }} - name: config mountPath: "/etc/grafana/provisioning/alerting/{{ . }}" subPath: {{ . | quote }} {{- end }} {{- end }} + {{- end }} {{- with .Values.dashboardProviders }} {{- range (keys . | sortAlpha) }} - name: config @@ -1097,6 +1130,12 @@ volumes: - name: config configMap: name: {{ include "grafana.fullname" . }} + {{- $createConfigSecret := eq (include "grafana.shouldCreateConfigSecret" .) "true" -}} + {{- if and .Values.createConfigmap $createConfigSecret }} + - name: config-secret + secret: + secretName: {{ include "grafana.fullname" . }}-config-secret + {{- end }} {{- range .Values.extraConfigmapMounts }} - name: {{ tpl .name $root }} configMap: @@ -1230,7 +1269,7 @@ volumes: {{ toYaml .hostPath | nindent 6 }} {{- else if .csi }} csi: - {{- toYaml .data | nindent 6 }} + {{- toYaml .csi | nindent 6 }} {{- else if .configMap }} configMap: {{- toYaml .configMap | nindent 6 }} @@ -1264,4 +1303,3 @@ volumes: {{- tpl (toYaml .) $root | nindent 2 }} {{- end }} {{- end }} - diff --git a/charts/grafana/templates/configSecret.yaml b/charts/grafana/templates/configSecret.yaml index f8937ccc7a..55574b9bbc 100644 --- a/charts/grafana/templates/configSecret.yaml +++ b/charts/grafana/templates/configSecret.yaml @@ -25,13 +25,13 @@ stringData: {{- range $key, $value := .Values.datasources }} {{- if (hasKey $value "secret") }} {{- $key | nindent 2 }}: | - {{- tpl (toYaml $value | nindent 4) $root }} + {{- tpl (toYaml $value.secret | nindent 4) $root }} {{- end }} {{- end }} {{- range $key, $value := .Values.notifiers }} {{- if (hasKey $value "secret") }} {{- $key | nindent 2 }}: | - {{- tpl (toYaml $value | nindent 4) $root }} + {{- tpl (toYaml $value.secret | nindent 4) $root }} {{- end }} {{- end }} {{- range $key, $value := .Values.alerting }} @@ -40,4 +40,4 @@ stringData: {{- tpl (toYaml $value.secret | nindent 4) $root }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/grafana/templates/configmap-dashboard-provider.yaml b/charts/grafana/templates/configmap-dashboard-provider.yaml index 1f706a8bbf..b412c4d1f0 100644 --- a/charts/grafana/templates/configmap-dashboard-provider.yaml +++ b/charts/grafana/templates/configmap-dashboard-provider.yaml @@ -11,19 +11,5 @@ metadata: name: {{ include "grafana.fullname" . }}-config-dashboards namespace: {{ include "grafana.namespace" . }} data: - provider.yaml: |- - apiVersion: 1 - providers: - - name: '{{ .Values.sidecar.dashboards.provider.name }}' - orgId: {{ .Values.sidecar.dashboards.provider.orgid }} - {{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} - folder: '{{ .Values.sidecar.dashboards.provider.folder }}' - {{- end }} - type: {{ .Values.sidecar.dashboards.provider.type }} - disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }} - allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }} - updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }} - options: - foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} - path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }} + {{- include "grafana.configDashboardProviderData" . | nindent 2 }} {{- end }} diff --git a/charts/grafana/templates/configmap.yaml b/charts/grafana/templates/configmap.yaml index 7b837d90b1..7d7428be51 100644 --- a/charts/grafana/templates/configmap.yaml +++ b/charts/grafana/templates/configmap.yaml @@ -1,6 +1,4 @@ {{- if .Values.createConfigmap }} -{{- $files := .Files }} -{{- $root := . -}} apiVersion: v1 kind: ConfigMap metadata: @@ -13,132 +11,5 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} data: - {{- with .Values.plugins }} - plugins: {{ join "," . }} - {{- end }} - grafana.ini: | - {{- range $elem, $elemVal := index .Values "grafana.ini" }} - {{- if not (kindIs "map" $elemVal) }} - {{- if kindIs "invalid" $elemVal }} - {{ $elem }} = - {{- else if kindIs "string" $elemVal }} - {{ $elem }} = {{ tpl $elemVal $ }} - {{- else }} - {{ $elem }} = {{ $elemVal }} - {{- end }} - {{- end }} - {{- end }} - {{- range $key, $value := index .Values "grafana.ini" }} - {{- if kindIs "map" $value }} - [{{ $key }}] - {{- range $elem, $elemVal := $value }} - {{- if kindIs "invalid" $elemVal }} - {{ $elem }} = - {{- else if kindIs "string" $elemVal }} - {{ $elem }} = {{ tpl $elemVal $ }} - {{- else }} - {{ $elem }} = {{ $elemVal }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - - {{- range $key, $value := .Values.datasources }} - {{- if not (hasKey $value "secret") }} - {{- $key | nindent 2 }}: | - {{- tpl (toYaml $value | nindent 4) $root }} - {{- end }} - {{- end }} - - {{- range $key, $value := .Values.notifiers }} - {{- if not (hasKey $value "secret") }} - {{- $key | nindent 2 }}: | - {{- toYaml $value | nindent 4 }} - {{- end }} - {{- end }} - - {{- range $key, $value := .Values.alerting }} - {{- if (hasKey $value "file") }} - {{- $key | nindent 2 }}: - {{- toYaml ( $files.Get $value.file ) | nindent 4}} - {{- else if (or (hasKey $value "secret") (hasKey $value "secretFile"))}} - {{/* will be stored inside secret generated by "configSecret.yaml"*/}} - {{- else }} - {{- $key | nindent 2 }}: | - {{- tpl (toYaml $value | nindent 4) $root }} - {{- end }} - {{- end }} - - {{- range $key, $value := .Values.dashboardProviders }} - {{- $key | nindent 2 }}: | - {{- toYaml $value | nindent 4 }} - {{- end }} - -{{- if .Values.dashboards }} - download_dashboards.sh: | - #!/usr/bin/env sh - set -euf - {{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{- range $value.providers }} - mkdir -p {{ .options.path }} - {{- end }} - {{- end }} - {{- end }} - {{ $dashboardProviders := .Values.dashboardProviders }} - {{- range $provider, $dashboards := .Values.dashboards }} - {{- range $key, $value := $dashboards }} - {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} - curl -skf \ - --connect-timeout 60 \ - --max-time 60 \ - {{- if not $value.b64content }} - {{- if not $value.acceptHeader }} - -H "Accept: application/json" \ - {{- else }} - -H "Accept: {{ $value.acceptHeader }}" \ - {{- end }} - {{- if $value.token }} - -H "Authorization: token {{ $value.token }}" \ - {{- end }} - {{- if $value.bearerToken }} - -H "Authorization: Bearer {{ $value.bearerToken }}" \ - {{- end }} - {{- if $value.basic }} - -H "Authorization: Basic {{ $value.basic }}" \ - {{- end }} - {{- if $value.gitlabToken }} - -H "PRIVATE-TOKEN: {{ $value.gitlabToken }}" \ - {{- end }} - -H "Content-Type: application/json;charset=UTF-8" \ - {{- end }} - {{- $dpPath := "" -}} - {{- range $kd := (index $dashboardProviders "dashboardproviders.yaml").providers }} - {{- if eq $kd.name $provider }} - {{- $dpPath = $kd.options.path }} - {{- end }} - {{- end }} - {{- if $value.url }} - "{{ $value.url }}" \ - {{- else }} - "https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download" \ - {{- end }} - {{- if $value.datasource }} - {{- if kindIs "string" $value.datasource }} - | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g' \ - {{- end }} - {{- if kindIs "slice" $value.datasource }} - {{- range $value.datasource }} - | sed '/-- .* --/! s/${{"{"}}{{ .name }}}/{{ .value }}/g' \ - {{- end }} - {{- end }} - {{- end }} - {{- if $value.b64content }} - | base64 -d \ - {{- end }} - > "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json" - {{ end }} - {{- end }} - {{- end }} -{{- end }} + {{- include "grafana.configData" . | nindent 2 }} {{- end }} diff --git a/charts/grafana/templates/deployment.yaml b/charts/grafana/templates/deployment.yaml index bfa26bb40e..46c016faa3 100644 --- a/charts/grafana/templates/deployment.yaml +++ b/charts/grafana/templates/deployment.yaml @@ -33,14 +33,16 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/config: {{ include "grafana.configData" . | sha256sum }} + {{- if .Values.dashboards }} checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} - checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} + {{- end }} + checksum/sc-dashboard-provider-config: {{ include "grafana.configDashboardProviderData" . | sha256sum }} {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/secret: {{ include "grafana.secretsData" . | sha256sum }} {{- end }} {{- if .Values.envRenderSecret }} - checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }} + checksum/secret-env: {{ tpl (toYaml .Values.envRenderSecret) . | sha256sum }} {{- end }} kubectl.kubernetes.io/default-container: {{ .Chart.Name }} {{- with .Values.podAnnotations }} diff --git a/charts/grafana/templates/ingress.yaml b/charts/grafana/templates/ingress.yaml index 063cdfaa52..b2ffd81095 100644 --- a/charts/grafana/templates/ingress.yaml +++ b/charts/grafana/templates/ingress.yaml @@ -34,7 +34,7 @@ spec: rules: {{- if .Values.ingress.hosts }} {{- range .Values.ingress.hosts }} - - host: {{ tpl . $ }} + - host: {{ tpl . $ | quote }} http: paths: {{- with $extraPaths }} diff --git a/charts/grafana/templates/networkpolicy.yaml b/charts/grafana/templates/networkpolicy.yaml index ea4578bec2..4cd3ed6976 100644 --- a/charts/grafana/templates/networkpolicy.yaml +++ b/charts/grafana/templates/networkpolicy.yaml @@ -27,8 +27,17 @@ spec: {{- if .Values.networkPolicy.egress.enabled }} egress: + {{- if not .Values.networkPolicy.egress.blockDNSResolution }} + - ports: + - port: 53 + protocol: UDP + {{- end }} - ports: {{ .Values.networkPolicy.egress.ports | toJson }} + {{- with .Values.networkPolicy.egress.to }} + to: + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} {{- if .Values.networkPolicy.ingress }} ingress: diff --git a/charts/grafana/templates/secret.yaml b/charts/grafana/templates/secret.yaml index 5cbd527448..fd2ca50f4b 100644 --- a/charts/grafana/templates/secret.yaml +++ b/charts/grafana/templates/secret.yaml @@ -12,15 +12,5 @@ metadata: {{- end }} type: Opaque data: - {{- if and (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} - admin-user: {{ .Values.adminUser | b64enc | quote }} - {{- if .Values.adminPassword }} - admin-password: {{ .Values.adminPassword | b64enc | quote }} - {{- else }} - admin-password: {{ include "grafana.password" . }} - {{- end }} - {{- end }} - {{- if not .Values.ldap.existingSecret }} - ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }} - {{- end }} + {{- include "grafana.secretsData" . | nindent 2 }} {{- end }} diff --git a/charts/grafana/templates/service.yaml b/charts/grafana/templates/service.yaml index 9102c1eec1..e9396a15c6 100644 --- a/charts/grafana/templates/service.yaml +++ b/charts/grafana/templates/service.yaml @@ -21,10 +21,13 @@ spec: clusterIP: {{ . }} {{- end }} {{- else if eq .Values.service.type "LoadBalancer" }} - type: {{ .Values.service.type }} + type: LoadBalancer {{- with .Values.service.loadBalancerIP }} loadBalancerIP: {{ . }} {{- end }} + {{- with .Values.service.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} {{- with .Values.service.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml . | nindent 4 }} diff --git a/charts/grafana/templates/servicemonitor.yaml b/charts/grafana/templates/servicemonitor.yaml index 72396828f5..0359013520 100644 --- a/charts/grafana/templates/servicemonitor.yaml +++ b/charts/grafana/templates/servicemonitor.yaml @@ -12,7 +12,7 @@ metadata: labels: {{- include "grafana.labels" . | nindent 4 }} {{- with .Values.serviceMonitor.labels }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml . | nindent 4) $ }} {{- end }} spec: endpoints: diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index ab259791a0..3e18f7dc74 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -116,6 +116,16 @@ testFramework: imagePullPolicy: IfNotPresent securityContext: {} +# dns configuration for pod +dnsPolicy: ~ +dnsConfig: {} + # nameservers: + # - 8.8.8.8 + # options: + # - name: ndots + # value: "2" + # - name: edns0 + securityContext: runAsNonRoot: true runAsUser: 472 @@ -197,6 +207,9 @@ gossipPortName: gossip service: enabled: true type: ClusterIP + loadBalancerIP: "" + loadBalancerClass: "" + loadBalancerSourceRanges: [] port: 80 targetPort: 3000 # targetPort: 4181 To be used with a proxy extraContainer @@ -530,15 +543,22 @@ extraVolumeMounts: [] # - name: extra-volume-0 # mountPath: /mnt/volume0 # readOnly: true - # existingClaim: volume-claim # - name: extra-volume-1 # mountPath: /mnt/volume1 # readOnly: true - # hostPath: /usr/shared/ # - name: grafana-secrets # mountPath: /mnt/volume2 - # csi: true - # data: + +## Additional Grafana server volumes +extraVolumes: [] + # - name: extra-volume-0 + # existingClaim: volume-claim + # - name: extra-volume-1 + # hostPath: + # path: /usr/shared/ + # type: "" + # - name: grafana-secrets + # csi: # driver: secrets-store.csi.k8s.io # readOnly: true # volumeAttributes: @@ -944,6 +964,7 @@ sidecar: enabled: false # Additional environment variables for the datasourcessidecar env: {} + envValueFrom: {} # Do not reprocess already processed unchanged resources on k8s API reconnect. # ignoreAlreadyProcessed: true # label that the configmaps with datasources are marked with @@ -975,8 +996,8 @@ sidecar: # Absolute path to shell script to execute after a datasource got reloaded script: null skipReload: false - # Deploy the datasource sidecar as an initContainer in addition to a container. # This is needed if skipReload is true, to load any datasources defined at startup time. + # Deploy the datasources sidecar as an initContainer. initDatasources: false # Sets the size limit of the datasource sidecar emptyDir volume sizeLimit: {} @@ -1241,14 +1262,25 @@ networkPolicy: ## created allowing grafana to connect to external data sources from kubernetes cluster. enabled: false ## + ## @param networkPolicy.egress.blockDNSResolution When enabled, DNS resolution will be blocked + ## for all pods in the grafana namespace. + blockDNSResolution: false + ## ## @param networkPolicy.egress.ports Add individual ports to be allowed by the egress ports: [] ## Add ports to the egress by specifying - port: ## E.X. - ## ports: - ## - port: 80 - ## - port: 443 - ## + ## - port: 80 + ## - port: 443 + ## + ## @param networkPolicy.egress.to Allow egress traffic to specific destinations + to: [] + ## Add destinations to the egress by specifying - ipBlock: + ## E.X. + ## to: + ## - namespaceSelector: + ## matchExpressions: + ## - {key: role, operator: In, values: [grafana]} ## ## ## @@ -1269,3 +1301,13 @@ extraObjects: [] # data: # - key: grafana-admin-password # name: adminPassword + +# assertNoLeakedSecrets is a helper function defined in _helpers.tpl that checks if secret +# values are not exposed in the rendered grafana.ini configmap. It is enabled by default. +# +# To pass values into grafana.ini without exposing them in a configmap, use variable expansion: +# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#variable-expansion +# +# Alternatively, if you wish to allow secret values to be exposed in the rendered grafana.ini configmap, +# you can disable this check by setting assertNoLeakedSecrets to false. +assertNoLeakedSecrets: true diff --git a/charts/lgtm-distributed/Chart.yaml b/charts/lgtm-distributed/Chart.yaml index 38f6458e6a..04cf805e07 100644 --- a/charts/lgtm-distributed/Chart.yaml +++ b/charts/lgtm-distributed/Chart.yaml @@ -3,7 +3,7 @@ apiVersion: v2 name: lgtm-distributed description: Umbrella chart for a distributed Loki, Grafana, Tempo and Mimir stack type: application -version: 1.0.0 +version: 1.0.1 appVersion: "6.59.4" home: https://grafana.com/oss/ @@ -16,7 +16,14 @@ sources: - https://github.com/grafana/mimir - https://github.com/grafana/tempo +keywords: + - monitoring + - traces + - metrics + - logs + annotations: + "artifacthub.io/license": Apache-2.0 "artifacthub.io/links": | - name: Chart Source url: https://github.com/grafana/helm-charts diff --git a/charts/lgtm-distributed/README.md b/charts/lgtm-distributed/README.md index f8af897372..76c4bae8db 100644 --- a/charts/lgtm-distributed/README.md +++ b/charts/lgtm-distributed/README.md @@ -1,6 +1,6 @@ # lgtm-distributed -![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.59.4](https://img.shields.io/badge/AppVersion-6.59.4-informational?style=flat-square) +![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.59.4](https://img.shields.io/badge/AppVersion-6.59.4-informational?style=flat-square) Umbrella chart for a distributed Loki, Grafana, Tempo and Mimir stack diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index 3a7a250e3b..2dbd096bd3 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -3,7 +3,7 @@ name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application appVersion: 2.9.2 -version: 0.76.1 +version: 0.78.1 home: https://grafana.github.io/helm-charts sources: - https://github.com/grafana/loki diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index 43c8caafff..dc6525ab62 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.76.1](https://img.shields.io/badge/Version-0.76.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) +![Version: 0.78.1](https://img.shields.io/badge/Version-0.78.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode @@ -103,14 +103,22 @@ kubectl delete statefulset RELEASE_NAME-loki-distributed-querier -n LOKI_NAMESPA | compactor.image.repository | string | `nil` | Docker image repository for the compactor image. Overrides `loki.image.repository` | | compactor.image.tag | string | `nil` | Docker image tag for the compactor image. Overrides `loki.image.tag` | | compactor.initContainers | list | `[]` | Init containers to add to the compactor pods | +| compactor.kind | string | `"StatefulSet"` | Kind of deployment [StatefulSet/Deployment] | +| compactor.livenessProbe | object | `{}` | liveness probe settings for ingester pods. If empty use `loki.livenessProbe` | | compactor.nodeSelector | object | `{}` | Node selector for compactor pods | | compactor.persistence.annotations | object | `{}` | Annotations for compactor PVCs | +| compactor.persistence.claims | list | `[{"name":"data","size":"10Gi","storageClass":null}]` | List of the compactor PVCs @notationType -- list | +| compactor.persistence.enableStatefulSetAutoDeletePVC | bool | `false` | Enable StatefulSetAutoDeletePVC feature | | compactor.persistence.enabled | bool | `false` | Enable creating PVCs for the compactor | | compactor.persistence.size | string | `"10Gi"` | Size of persistent disk | | compactor.persistence.storageClass | string | `nil` | Storage class to be used. If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If empty or set to null, no storageClassName spec is set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). | +| compactor.persistence.whenDeleted | string | `"Retain"` | | +| compactor.persistence.whenScaled | string | `"Retain"` | | | compactor.podAnnotations | object | `{}` | Annotations for compactor pods | | compactor.podLabels | object | `{}` | Labels for compactor pods | | compactor.priorityClassName | string | `nil` | The name of the PriorityClass for compactor pods | +| compactor.readinessProbe | object | `{}` | readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` | +| compactor.replicas | int | `1` | Number of replicas for the compactor | | compactor.resources | object | `{}` | Resource requests and limits for the compactor | | compactor.serviceAccount.annotations | object | `{}` | Annotations for the compactor service account | | compactor.serviceAccount.automountServiceAccountToken | bool | `true` | Set this toggle to false to opt out of automounting API credentials for the service account | @@ -325,6 +333,8 @@ kubectl delete statefulset RELEASE_NAME-loki-distributed-querier -n LOKI_NAMESPA | loki.command | string | `nil` | Common command override for all pods (except gateway) | | loki.config | string | See values.yaml | Config file contents for Loki | | loki.configAsSecret | bool | `false` | Store the loki configuration as a secret. | +| loki.configSecretAnnotations | object | `{}` | Annotations for the secret with loki configuration. | +| loki.configSecretLabels | object | `{}` | Additional labels for the secret with loki configuration. | | loki.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true}` | The SecurityContext for Loki containers | | loki.existingSecretForConfig | string | `""` | Specify an existing secret containing loki configuration. If non-empty, overrides `loki.config` | | loki.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | @@ -613,6 +623,7 @@ kubectl delete statefulset RELEASE_NAME-loki-distributed-querier -n LOKI_NAMESPA | serviceMonitor.enabled | bool | `false` | If enabled, ServiceMonitor resources for Prometheus Operator are created | | serviceMonitor.interval | string | `nil` | ServiceMonitor scrape interval | | serviceMonitor.labels | object | `{}` | Additional ServiceMonitor labels | +| serviceMonitor.matchExpressions | list | `[]` | Optional expressions to match on | | serviceMonitor.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint | | serviceMonitor.namespace | string | `nil` | Alternative namespace for ServiceMonitor resources | | serviceMonitor.namespaceSelector | object | `{}` | Namespace selector for ServiceMonitor resources | diff --git a/charts/loki-distributed/templates/compactor/_helpers-compactor.tpl b/charts/loki-distributed/templates/compactor/_helpers-compactor.tpl index 46b0b2f298..75c21db167 100644 --- a/charts/loki-distributed/templates/compactor/_helpers-compactor.tpl +++ b/charts/loki-distributed/templates/compactor/_helpers-compactor.tpl @@ -29,6 +29,36 @@ compactor image {{- include "loki.lokiImage" $dict -}} {{- end }} +{{/* +compactor readinessProbe +*/}} +{{- define "loki.compactor.readinessProbe" -}} +{{- with .Values.compactor.readinessProbe }} +readinessProbe: + {{- toYaml . | nindent 2 }} +{{- else }} +{{- with .Values.loki.readinessProbe }} +readinessProbe: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* +compactor livenessProbe +*/}} +{{- define "loki.compactor.livenessProbe" -}} +{{- with .Values.compactor.livenessProbe }} +livenessProbe: + {{- toYaml . | nindent 2 }} +{{- else }} +{{- with .Values.loki.livenessProbe }} +livenessProbe: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- end -}} + {{/* compactor priority class name */}} diff --git a/charts/loki-distributed/templates/compactor/deployment-compactor.yaml b/charts/loki-distributed/templates/compactor/deployment-compactor.yaml index d669fec7a2..f6b440931c 100644 --- a/charts/loki-distributed/templates/compactor/deployment-compactor.yaml +++ b/charts/loki-distributed/templates/compactor/deployment-compactor.yaml @@ -1,4 +1,5 @@ {{- if .Values.compactor.enabled }} +{{- if eq .Values.compactor.kind "Deployment"}} apiVersion: apps/v1 kind: Deployment metadata: @@ -151,3 +152,4 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/loki-distributed/templates/compactor/persistentvolumeclaim-compactor.yaml b/charts/loki-distributed/templates/compactor/persistentvolumeclaim-compactor.yaml index e19171af24..de71a01aa4 100644 --- a/charts/loki-distributed/templates/compactor/persistentvolumeclaim-compactor.yaml +++ b/charts/loki-distributed/templates/compactor/persistentvolumeclaim-compactor.yaml @@ -1,4 +1,5 @@ {{- if and .Values.compactor.enabled .Values.compactor.persistence.enabled }} +{{- if eq .Values.compactor.kind "Deployment"}} apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -20,3 +21,4 @@ spec: requests: storage: "{{ .Values.compactor.persistence.size }}" {{- end }} +{{- end }} diff --git a/charts/loki-distributed/templates/compactor/servicemonitor-compactor.yaml b/charts/loki-distributed/templates/compactor/servicemonitor-compactor.yaml index 1d49e9aef9..11523f922b 100644 --- a/charts/loki-distributed/templates/compactor/servicemonitor-compactor.yaml +++ b/charts/loki-distributed/templates/compactor/servicemonitor-compactor.yaml @@ -25,6 +25,10 @@ spec: selector: matchLabels: {{- include "loki.compactorSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/templates/compactor/statefulset-compactor.yaml b/charts/loki-distributed/templates/compactor/statefulset-compactor.yaml new file mode 100644 index 0000000000..ed9297504a --- /dev/null +++ b/charts/loki-distributed/templates/compactor/statefulset-compactor.yaml @@ -0,0 +1,190 @@ +{{- if .Values.compactor.enabled }} +{{- if eq .Values.compactor.kind "StatefulSet"}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "loki.compactorFullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "loki.compactorLabels" . | nindent 4 }} + app.kubernetes.io/part-of: memberlist + {{- with .Values.loki.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.compactor.replicas }} + podManagementPolicy: Parallel + updateStrategy: + rollingUpdate: + partition: 0 + serviceName: {{ include "loki.compactorFullname" . }}-headless + revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }} + {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.compactor.persistence.enableStatefulSetAutoDeletePVC) }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.compactor.persistence.whenDeleted }} + whenScaled: {{ .Values.compactor.persistence.whenScaled }} + {{- end }} + selector: + matchLabels: + {{- include "loki.compactorSelectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- include "loki.config.checksum" . | nindent 8 }} + {{- with .Values.loki.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.compactor.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "loki.compactorSelectorLabels" . | nindent 8 }} + app.kubernetes.io/part-of: memberlist + {{- with .Values.loki.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.compactor.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} + {{- with .Values.compactor.topologySpreadConstraints }} + topologySpreadConstraints: + {{- tpl . $ | nindent 8 }} + {{- end }} + {{- end }} + serviceAccountName: {{ include "loki.serviceAccountName" . }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.compactor.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- include "loki.compactorPriorityClassName" . | nindent 6 }} + securityContext: + {{- toYaml .Values.loki.podSecurityContext | nindent 8 }} + terminationGracePeriodSeconds: {{ .Values.compactor.terminationGracePeriodSeconds }} + {{- with .Values.compactor.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: compactor + image: {{ include "loki.compactorImage" . }} + imagePullPolicy: {{ .Values.loki.image.pullPolicy }} + {{- if or .Values.loki.command .Values.compactor.command }} + command: + - {{ coalesce .Values.compactor.command .Values.loki.command | quote }} + {{- end }} + args: + - -config.file=/etc/loki/config/config.yaml + - -target=compactor + {{- with .Values.compactor.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: 3100 + protocol: TCP + - name: grpc + containerPort: 9095 + protocol: TCP + - name: http-memberlist + containerPort: 7946 + protocol: TCP + {{- with .Values.compactor.extraEnv }} + env: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.compactor.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + securityContext: + {{- toYaml .Values.loki.containerSecurityContext | nindent 12 }} + {{- include "loki.compactor.readinessProbe" . | nindent 10 }} + {{- include "loki.compactor.livenessProbe" . | nindent 10 }} + volumeMounts: + - name: temp + mountPath: /tmp + - name: config + mountPath: /etc/loki/config + - name: runtime-config + mountPath: /var/{{ include "loki.name" . }}-runtime + - name: data + mountPath: /var/loki + {{- with .Values.compactor.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.compactor.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.compactor.lifecycle }} + lifecycle: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.compactor.extraContainers }} + {{- toYaml .Values.compactor.extraContainers | nindent 8}} + {{- end }} + {{- with .Values.compactor.affinity }} + affinity: + {{- tpl . $ | nindent 8 }} + {{- end }} + {{- with .Values.compactor.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.compactor.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: temp + emptyDir: {} + - name: config + {{- if .Values.loki.existingSecretForConfig }} + secret: + secretName: {{ .Values.loki.existingSecretForConfig }} + {{- else if .Values.loki.configAsSecret }} + secret: + secretName: {{ include "loki.fullname" . }}-config + {{- else }} + configMap: + name: {{ include "loki.fullname" . }} + {{- end }} + - name: runtime-config + configMap: + name: {{ template "loki.fullname" . }}-runtime + {{- if not .Values.compactor.persistence.enabled }} + - name: data + emptyDir: {} + {{- end }} + {{- with .Values.compactor.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.compactor.persistence.enabled }} + volumeClaimTemplates: + {{- range .Values.compactor.persistence.claims }} + - metadata: + name: {{ .name }} + {{- with .annotations }} + annotations: + {{- . | toYaml | nindent 10 }} + {{- end }} + spec: + accessModes: + - ReadWriteOnce + {{- with .storageClass }} + storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }} + {{- end }} + resources: + requests: + storage: {{ .size | quote }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/loki-distributed/templates/config-secret.yaml b/charts/loki-distributed/templates/config-secret.yaml index 24fd2054e6..6551ab34cc 100644 --- a/charts/loki-distributed/templates/config-secret.yaml +++ b/charts/loki-distributed/templates/config-secret.yaml @@ -6,6 +6,13 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} + {{- with .Values.loki.configSecretLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.loki.configSecretAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} stringData: config.yaml: | {{- tpl (mergeOverwrite (tpl .Values.loki.config . | fromYaml) .Values.loki.structuredConfig | toYaml) . | nindent 4 }} diff --git a/charts/loki-distributed/templates/distributor/servicemonitor-distributor.yaml b/charts/loki-distributed/templates/distributor/servicemonitor-distributor.yaml index 866e2f5a2f..1f1e525645 100644 --- a/charts/loki-distributed/templates/distributor/servicemonitor-distributor.yaml +++ b/charts/loki-distributed/templates/distributor/servicemonitor-distributor.yaml @@ -24,6 +24,10 @@ spec: selector: matchLabels: {{- include "loki.distributorSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/templates/index-gateway/servicemonitor-index-gateway.yaml b/charts/loki-distributed/templates/index-gateway/servicemonitor-index-gateway.yaml index 93c2c0460c..400a592a13 100644 --- a/charts/loki-distributed/templates/index-gateway/servicemonitor-index-gateway.yaml +++ b/charts/loki-distributed/templates/index-gateway/servicemonitor-index-gateway.yaml @@ -25,11 +25,10 @@ spec: selector: matchLabels: {{- include "loki.indexGatewaySelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} matchExpressions: - - key: prometheus.io/service-monitor - operator: NotIn - values: - - "false" + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/templates/ingester/deployment-ingester.yaml b/charts/loki-distributed/templates/ingester/deployment-ingester.yaml index 5d925538c6..d2635882af 100644 --- a/charts/loki-distributed/templates/ingester/deployment-ingester.yaml +++ b/charts/loki-distributed/templates/ingester/deployment-ingester.yaml @@ -36,6 +36,12 @@ spec: labels: {{- include "loki.ingesterSelectorLabels" . | nindent 8 }} app.kubernetes.io/part-of: memberlist + {{- with .Values.loki.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.ingester.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} {{- with .Values.ingester.topologySpreadConstraints }} @@ -64,6 +70,10 @@ spec: - name: ingester image: {{ include "loki.ingesterImage" . }} imagePullPolicy: {{ .Values.loki.image.pullPolicy }} + {{- if or .Values.loki.command .Values.ingester.command }} + command: + - {{ coalesce .Values.ingester.command .Values.loki.command | quote }} + {{- end }} args: - -config.file=/etc/loki/config/config.yaml - -target=ingester @@ -90,10 +100,8 @@ spec: {{- end }} securityContext: {{- toYaml .Values.loki.containerSecurityContext | nindent 12 }} - readinessProbe: - {{- toYaml .Values.loki.readinessProbe | nindent 12 }} - livenessProbe: - {{- toYaml .Values.loki.livenessProbe | nindent 12 }} + {{- include "loki.ingester.readinessProbe" . | nindent 10 }} + {{- include "loki.ingester.livenessProbe" . | nindent 10 }} volumeMounts: - name: config mountPath: /etc/loki/config @@ -104,8 +112,10 @@ spec: {{- with .Values.ingester.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.ingester.resources }} resources: - {{- toYaml .Values.ingester.resources | nindent 12 }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.ingester.lifecycle }} lifecycle: {{- toYaml . | nindent 12 }} diff --git a/charts/loki-distributed/templates/ingester/servicemonitor-ingester.yaml b/charts/loki-distributed/templates/ingester/servicemonitor-ingester.yaml index 39476908fd..349785a0fc 100644 --- a/charts/loki-distributed/templates/ingester/servicemonitor-ingester.yaml +++ b/charts/loki-distributed/templates/ingester/servicemonitor-ingester.yaml @@ -24,11 +24,10 @@ spec: selector: matchLabels: {{- include "loki.ingesterSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} matchExpressions: - - key: prometheus.io/service-monitor - operator: NotIn - values: - - "false" + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/templates/memcached-chunks/servicemonitor-memcached-chunks.yaml b/charts/loki-distributed/templates/memcached-chunks/servicemonitor-memcached-chunks.yaml index f0bd6cc9a3..529c0cb563 100644 --- a/charts/loki-distributed/templates/memcached-chunks/servicemonitor-memcached-chunks.yaml +++ b/charts/loki-distributed/templates/memcached-chunks/servicemonitor-memcached-chunks.yaml @@ -25,6 +25,10 @@ spec: selector: matchLabels: {{- include "loki.memcachedChunksSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http-metrics {{- with .interval }} diff --git a/charts/loki-distributed/templates/memcached-frontend/servicemonitor-memcached-frontend.yaml b/charts/loki-distributed/templates/memcached-frontend/servicemonitor-memcached-frontend.yaml index 3d8c4f69c5..05698f31c0 100644 --- a/charts/loki-distributed/templates/memcached-frontend/servicemonitor-memcached-frontend.yaml +++ b/charts/loki-distributed/templates/memcached-frontend/servicemonitor-memcached-frontend.yaml @@ -25,6 +25,10 @@ spec: selector: matchLabels: {{- include "loki.memcachedFrontendSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http-metrics {{- with .interval }} diff --git a/charts/loki-distributed/templates/memcached-index-queries/servicemonitor-memcached-index-queries.yaml b/charts/loki-distributed/templates/memcached-index-queries/servicemonitor-memcached-index-queries.yaml index 504e9b992d..88be48d77b 100644 --- a/charts/loki-distributed/templates/memcached-index-queries/servicemonitor-memcached-index-queries.yaml +++ b/charts/loki-distributed/templates/memcached-index-queries/servicemonitor-memcached-index-queries.yaml @@ -25,6 +25,10 @@ spec: selector: matchLabels: {{- include "loki.memcachedIndexQueriesSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http-metrics {{- with .interval }} diff --git a/charts/loki-distributed/templates/memcached-index-writes/servicemonitor-memcached-index-writes.yaml b/charts/loki-distributed/templates/memcached-index-writes/servicemonitor-memcached-index-writes.yaml index 9fe2e9eb36..e15ad04697 100644 --- a/charts/loki-distributed/templates/memcached-index-writes/servicemonitor-memcached-index-writes.yaml +++ b/charts/loki-distributed/templates/memcached-index-writes/servicemonitor-memcached-index-writes.yaml @@ -25,6 +25,10 @@ spec: selector: matchLabels: {{- include "loki.memcachedIndexWritesSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http-metrics {{- with .interval }} diff --git a/charts/loki-distributed/templates/querier/servicemonitor-querier.yaml b/charts/loki-distributed/templates/querier/servicemonitor-querier.yaml index 6a15b57741..d38db2ded7 100644 --- a/charts/loki-distributed/templates/querier/servicemonitor-querier.yaml +++ b/charts/loki-distributed/templates/querier/servicemonitor-querier.yaml @@ -24,11 +24,10 @@ spec: selector: matchLabels: {{- include "loki.querierSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} matchExpressions: - - key: prometheus.io/service-monitor - operator: NotIn - values: - - "false" + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/templates/query-frontend/deployment-query-frontend.yaml b/charts/loki-distributed/templates/query-frontend/deployment-query-frontend.yaml index a3c1e33e38..dd4f90ffe9 100644 --- a/charts/loki-distributed/templates/query-frontend/deployment-query-frontend.yaml +++ b/charts/loki-distributed/templates/query-frontend/deployment-query-frontend.yaml @@ -33,6 +33,7 @@ spec: {{- end }} labels: {{- include "loki.queryFrontendSelectorLabels" . | nindent 8 }} + app.kubernetes.io/part-of: memberlist {{- with .Values.loki.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -74,6 +75,9 @@ spec: - name: grpc containerPort: 9095 protocol: TCP + - name: http-memberlist + containerPort: 7946 + protocol: TCP {{- with .Values.queryFrontend.extraEnv }} env: {{- toYaml . | nindent 12 }} diff --git a/charts/loki-distributed/templates/query-frontend/servicemonitor-query-frontend.yaml b/charts/loki-distributed/templates/query-frontend/servicemonitor-query-frontend.yaml index 581abb8544..6a4c7ce251 100644 --- a/charts/loki-distributed/templates/query-frontend/servicemonitor-query-frontend.yaml +++ b/charts/loki-distributed/templates/query-frontend/servicemonitor-query-frontend.yaml @@ -24,6 +24,10 @@ spec: selector: matchLabels: {{- include "loki.queryFrontendSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/templates/query-scheduler/servicemonitor-query-scheduler.yaml b/charts/loki-distributed/templates/query-scheduler/servicemonitor-query-scheduler.yaml index 1277cd118a..9ee893be5e 100644 --- a/charts/loki-distributed/templates/query-scheduler/servicemonitor-query-scheduler.yaml +++ b/charts/loki-distributed/templates/query-scheduler/servicemonitor-query-scheduler.yaml @@ -25,6 +25,10 @@ spec: selector: matchLabels: {{- include "loki.querySchedulerSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/templates/ruler/servicemonitor-ruler.yaml b/charts/loki-distributed/templates/ruler/servicemonitor-ruler.yaml index 4d1df7e939..827b3d4531 100644 --- a/charts/loki-distributed/templates/ruler/servicemonitor-ruler.yaml +++ b/charts/loki-distributed/templates/ruler/servicemonitor-ruler.yaml @@ -25,6 +25,10 @@ spec: selector: matchLabels: {{- include "loki.rulerSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/templates/table-manager/servicemonitor-table-manager.yaml b/charts/loki-distributed/templates/table-manager/servicemonitor-table-manager.yaml index a3d8d3f06f..6a0626a1af 100644 --- a/charts/loki-distributed/templates/table-manager/servicemonitor-table-manager.yaml +++ b/charts/loki-distributed/templates/table-manager/servicemonitor-table-manager.yaml @@ -25,6 +25,10 @@ spec: selector: matchLabels: {{- include "loki.tableManagerSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/values.test.yaml b/charts/loki-distributed/values.test.yaml index 6724161488..1d7a959b30 100644 --- a/charts/loki-distributed/values.test.yaml +++ b/charts/loki-distributed/values.test.yaml @@ -1,67 +1,3 @@ loki: annotations: foo: bar - -ingester: - autoscaling: - enabled: true - customMetrics: - - type: Pods - external: - metric: - name: loki_lines_total - target: - type: AverageValue - averageValue: 10000 - -distributor: - autoscaling: - enabled: true - customMetrics: - - type: Pods - external: - metric: - name: loki_lines_total - target: - type: AverageValue - averageValue: 10000 - -querier: - autoscaling: - enabled: true - customMetrics: - - type: External - external: - metric: - name: loki_inflight_queries - target: - type: AverageValue - averageValue: 12 - -queryFrontend: - autoscaling: - enabled: true - customMetrics: - - type: Pods - pods: - metric: - name: loki_query_rate - target: - type: AverageValue - averageValue: 100 - -gateway: - autoscaling: - enabled: true - customMetrics: - - type: Object - object: - metric: - name: requests-per-second - describedObject: - apiVersion: networking.k8s.io/v1 - kind: Ingress - name: main-route - target: - type: Values - averageValue: 10k diff --git a/charts/loki-distributed/values.yaml b/charts/loki-distributed/values.yaml index 66ae8eeab6..0f0bc1624a 100644 --- a/charts/loki-distributed/values.yaml +++ b/charts/loki-distributed/values.yaml @@ -78,6 +78,10 @@ loki: existingSecretForConfig: "" # -- Store the loki configuration as a secret. configAsSecret: false + # -- Annotations for the secret with loki configuration. + configSecretAnnotations: {} + # -- Additional labels for the secret with loki configuration. + configSecretLabels: {} # -- Adds the appProtocol field to the memberlist service. This allows memberlist to work with istio protocol selection. Ex: "http" or "tcp" appProtocol: "" # -- Common annotations for all loki services @@ -283,6 +287,12 @@ serviceMonitor: namespace: null # -- Namespace selector for ServiceMonitor resources namespaceSelector: {} + # -- Optional expressions to match on + matchExpressions: [] + # - key: prometheus.io/service-monitor + # operator: NotIn + # values: + # - "false" # -- ServiceMonitor annotations annotations: {} # -- Additional ServiceMonitor labels @@ -1319,6 +1329,10 @@ gateway: # Configuration for the compactor compactor: + # -- Kind of deployment [StatefulSet/Deployment] + kind: StatefulSet + # -- Number of replicas for the compactor + replicas: 1 # -- Specifies whether compactor should be enabled enabled: false # -- hostAliases to add @@ -1369,6 +1383,10 @@ compactor: extraVolumeMounts: [] # -- Volumes to add to the compactor pods extraVolumes: [] + # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` + readinessProbe: {} + # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe` + livenessProbe: {} # -- Resource requests and limits for the compactor resources: {} # -- Containers to add to the compactor pods @@ -1397,6 +1415,24 @@ compactor: storageClass: null # -- Annotations for compactor PVCs annotations: {} + # -- List of the compactor PVCs + # @notationType -- list + claims: + - name: data + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # - name: wal + # size: 150Gi + # -- Enable StatefulSetAutoDeletePVC feature + enableStatefulSetAutoDeletePVC: false + whenDeleted: Retain + whenScaled: Retain + serviceAccount: create: false # -- The name of the ServiceAccount to use for the compactor. diff --git a/charts/loki-stack/Chart.yaml b/charts/loki-stack/Chart.yaml index 8069d9fc78..226715a988 100644 --- a/charts/loki-stack/Chart.yaml +++ b/charts/loki-stack/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: "v1" name: loki-stack -version: 2.9.11 +version: 2.10.0 appVersion: v2.6.1 kubeVersion: "^1.10.0-0" description: "Loki: like Prometheus, but for logs." diff --git a/charts/loki-stack/requirements.yaml b/charts/loki-stack/requirements.yaml index 2232f1280e..09525e0961 100644 --- a/charts/loki-stack/requirements.yaml +++ b/charts/loki-stack/requirements.yaml @@ -17,7 +17,7 @@ dependencies: repository: "https://grafana.github.io/helm-charts" - name: "prometheus" condition: prometheus.enabled - version: "~15.5.3" + version: "~19.7.2" repository: "https://prometheus-community.github.io/helm-charts" - name: "filebeat" condition: filebeat.enabled diff --git a/charts/rollout-operator/Chart.yaml b/charts/rollout-operator/Chart.yaml index 12891c9b79..a46e7ecde9 100644 --- a/charts/rollout-operator/Chart.yaml +++ b/charts/rollout-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: rollout-operator description: "Grafana rollout-operator" type: application -version: 0.10.0 -appVersion: v0.9.0 +version: 0.13.0 +appVersion: v0.11.0 home: https://github.com/grafana/rollout-operator kubeVersion: ^1.10.0-0 diff --git a/charts/rollout-operator/README.md b/charts/rollout-operator/README.md index 064819f556..3efeb2f1aa 100644 --- a/charts/rollout-operator/README.md +++ b/charts/rollout-operator/README.md @@ -4,7 +4,7 @@ Helm chart for deploying [Grafana rollout-operator](https://github.com/grafana/r # rollout-operator -![Version: 0.10.0](https://img.shields.io/badge/Version-0.10.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.9.0](https://img.shields.io/badge/AppVersion-v0.9.0-informational?style=flat-square) +![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.11.0](https://img.shields.io/badge/AppVersion-v0.11.0-informational?style=flat-square) Grafana rollout-operator @@ -53,7 +53,6 @@ It is not a highly available application and runs as a single pod. | podLabels | object | `{}` | Pod (extra) Labels | | podSecurityContext | object | `{}` | | | priorityClassName | string | `""` | | -| resources.limits.cpu | string | `"1"` | | | resources.limits.memory | string | `"200Mi"` | | | resources.requests.cpu | string | `"100m"` | | | resources.requests.memory | string | `"100Mi"` | | diff --git a/charts/rollout-operator/values.yaml b/charts/rollout-operator/values.yaml index 3cb558d507..66f9486b1a 100644 --- a/charts/rollout-operator/values.yaml +++ b/charts/rollout-operator/values.yaml @@ -47,7 +47,7 @@ securityContext: {} resources: limits: - cpu: "1" + # cpu: "1" memory: 200Mi requests: cpu: 100m diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index cdba587c07..a1cc09edd9 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.7.0 -appVersion: 2.3.0 +version: 1.7.6 +appVersion: 2.3.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ icon: https://raw.githubusercontent.com/grafana/tempo/master/docs/tempo/website/logo_and_name.png diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index b368afae7c..3cd8818412 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.7.0](https://img.shields.io/badge/Version-1.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) +![Version: 1.7.6](https://img.shields.io/badge/Version-1.7.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -315,7 +315,7 @@ The memcached default args are removed and should be provided manually. The sett | distributor.topologySpreadConstraints | string | Defaults to allow skew no more then 1 node per AZ | topologySpread for distributor pods. Passed through `tpl` and, thus, to be configured as string | | enterprise.enabled | bool | `false` | | | enterprise.image.repository | string | `"grafana/enterprise-traces"` | Grafana Enterprise Metrics container image repository. Note: for Grafana Tempo use the value 'image.repository' | -| enterprise.image.tag | string | `"v2.2.1"` | Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' | +| enterprise.image.tag | string | `"v2.3.1"` | Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' | | enterpriseFederationFrontend.affinity | string | Hard node and soft zone anti-affinity | Affinity for federation-frontend pods. Passed through `tpl` and, thus, to be configured as string | | enterpriseFederationFrontend.autoscaling.enabled | bool | `false` | Enable autoscaling for the federation-frontend | | enterpriseFederationFrontend.autoscaling.maxReplicas | int | `3` | Maximum autoscaling replicas for the federation-frontend | @@ -368,6 +368,7 @@ The memcached default args are removed and should be provided manually. The sett | enterpriseGateway.podAnnotations | object | `{}` | | | enterpriseGateway.podDisruptionBudget | object | `{}` | | | enterpriseGateway.podLabels | object | `{}` | | +| enterpriseGateway.proxy | object | `{}` | Proxy URLs defined in this object will be used if useDefaultProxyURLs is set to false. | | enterpriseGateway.readinessProbe.httpGet.path | string | `"/ready"` | | | enterpriseGateway.readinessProbe.httpGet.port | string | `"http-metrics"` | | | enterpriseGateway.readinessProbe.initialDelaySeconds | int | `45` | | @@ -384,10 +385,11 @@ The memcached default args are removed and should be provided manually. The sett | enterpriseGateway.terminationGracePeriodSeconds | int | `60` | | | enterpriseGateway.tolerations | list | `[]` | | | enterpriseGateway.topologySpreadConstraints | string | Defaults to allow skew no more then 1 node per AZ | topologySpread for enterprise-gateway pods. Passed through `tpl` and, thus, to be configured as string | -| enterpriseGateway.useDefaultProxyURLs | bool | `true` | | +| enterpriseGateway.useDefaultProxyURLs | bool | `true` | If you want to use your own proxy URLs, set this to false. | | externalConfigSecretName | string | `"{{ include \"tempo.resourceName\" (dict \"ctx\" . \"component\" \"config\") }}"` | Name of the Secret or ConfigMap that contains the configuration (used for naming even if config is internal). | | externalConfigVersion | string | `"0"` | When 'useExternalConfig' is true, then changing 'externalConfigVersion' triggers restart of services - otherwise changes to the configuration cause a restart. | | externalRuntimeConfigName | string | `"{{ include \"tempo.resourceName\" (dict \"ctx\" . \"component\" \"runtime\") }}"` | Name of the Secret or ConfigMap that contains the runtime configuration (used for naming even if config is internal). | +| extraObjects | list | `[]` | Create extra manifests via values. | | fullnameOverride | string | `""` | | | gateway.affinity | string | Hard node and soft zone anti-affinity | Affinity for gateway pods. Passed through `tpl` and, thus, to be configured as string | | gateway.autoscaling.behavior | object | `{}` | Autoscaling behavior configuration for the gateway | @@ -450,7 +452,7 @@ The memcached default args are removed and should be provided manually. The sett | global.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets for all images, excluding enterprise. Names of existing secrets with private container registry credentials. Ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod Example: pullSecrets: [ my-dockerconfigjson-secret ] | | global.image.registry | string | `"docker.io"` | Overrides the Docker registry globally for all images, excluding enterprise. | | global.priorityClassName | string | `nil` | Overrides the priorityClassName for all pods | -| global_overrides.metrics_generator_processors | list | `[]` | | +| global_overrides.metrics_generator_processors | list | `[]` | List of enabled metrics generator processors ([service-graphs, span-metrics]) | | global_overrides.per_tenant_override_config | string | `"/runtime-config/overrides.yaml"` | | | ingester.affinity | string | Soft node and soft zone anti-affinity | Affinity for ingester pods. Passed through `tpl` and, thus, to be configured as string | | ingester.annotations | object | `{}` | Annotations for the ingester StatefulSet | @@ -560,6 +562,7 @@ The memcached default args are removed and should be provided manually. The sett | metricsGenerator.appProtocol | object | `{"grpc":null}` | Adds the appProtocol field to the metricsGenerator service. This allows metricsGenerator to work with istio protocol selection. | | metricsGenerator.appProtocol.grpc | string | `nil` | Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" | | metricsGenerator.config | object | `{"metrics_ingestion_time_range_slack":"30s","processor":{"service_graphs":{"dimensions":[],"histogram_buckets":[0.1,0.2,0.4,0.8,1.6,3.2,6.4,12.8],"max_items":10000,"wait":"10s","workers":10},"span_metrics":{"dimensions":[],"histogram_buckets":[0.002,0.004,0.008,0.016,0.032,0.064,0.128,0.256,0.512,1.02,2.05,4.1]}},"registry":{"collection_interval":"15s","external_labels":{},"stale_duration":"15m"},"storage":{"path":"/var/tempo/wal","remote_write":[],"remote_write_flush_deadline":"1m","wal":null}}` | More information on configuration: https://grafana.com/docs/tempo/latest/configuration/#metrics-generator | +| metricsGenerator.config.processor.service_graphs | object | `{"dimensions":[],"histogram_buckets":[0.1,0.2,0.4,0.8,1.6,3.2,6.4,12.8],"max_items":10000,"wait":"10s","workers":10}` | For processors to be enabled and generate metrics, pass the names of the processors to overrides.metrics_generator_processors value like [service-graphs, span-metrics] | | metricsGenerator.config.processor.service_graphs.dimensions | list | `[]` | resource and span attributes and are added to the metrics if present. | | metricsGenerator.config.processor.span_metrics.dimensions | list | `[]` | Dimensions are searched for in the resource and span attributes and are added to the metrics if present. | | metricsGenerator.config.storage.remote_write | list | `[]` | https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write | @@ -725,6 +728,7 @@ The memcached default args are removed and should be provided manually. The sett | serviceAccount.name | string | `nil` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | | storage.admin.backend | string | `"filesystem"` | The supported storage backends are gcs, s3 and azure, as specified in https://grafana.com/docs/enterprise-traces/latest/config/reference/#admin_client_config | | storage.trace.backend | string | `"local"` | The supported storage backends are gcs, s3 and azure, as specified in https://grafana.com/docs/tempo/latest/configuration/#storage | +| storage.trace.block.dedicated_columns | list | `[]` | Lis with dedicated attribute columns (only for vParquet3 or later) | | storage.trace.block.version | string | `nil` | The supported block versions are specified here https://grafana.com/docs/tempo/latest/configuration/parquet/ | | storage.trace.pool.max_workers | int | `400` | Total number of workers pulling jobs from the queue | | storage.trace.pool.queue_depth | int | `20000` | Length of job queue. imporatant for querier as it queues a job for every block it has to search | diff --git a/charts/tempo-distributed/templates/extra-manifests.yaml b/charts/tempo-distributed/templates/extra-manifests.yaml new file mode 100644 index 0000000000..2855904ec7 --- /dev/null +++ b/charts/tempo-distributed/templates/extra-manifests.yaml @@ -0,0 +1,4 @@ +{{ range .Values.extraObjects }} +--- +{{ tpl (toYaml .) $ }} +{{ end }} \ No newline at end of file diff --git a/charts/tempo-distributed/templates/gateway/secret-gateway.yaml b/charts/tempo-distributed/templates/gateway/secret-gateway.yaml index 32c8341983..ed25c43cb7 100644 --- a/charts/tempo-distributed/templates/gateway/secret-gateway.yaml +++ b/charts/tempo-distributed/templates/gateway/secret-gateway.yaml @@ -1,3 +1,4 @@ +{{- $root := . -}} {{- $dict := dict "ctx" . "component" "gateway" -}} {{- with .Values.gateway }} {{- if and .enabled .basicAuth.enabled (not .basicAuth.existingSecret) }} @@ -5,7 +6,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "tempo.resourceName" $dict }} - namespace: {{ .Release.Namespace }} + namespace: {{ $root.Release.Namespace | quote }} labels: {{- include "tempo.labels" $dict | nindent 4 }} stringData: diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 6337512a6f..ae082dc148 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -321,6 +321,7 @@ metricsGenerator: external_labels: {} stale_duration: 15m processor: + # -- For processors to be enabled and generate metrics, pass the names of the processors to overrides.metrics_generator_processors value like [service-graphs, span-metrics] service_graphs: # -- Additional dimensions to add to the metrics. Dimensions are searched for in the # -- resource and span attributes and are added to the metrics if present. @@ -1050,14 +1051,21 @@ config: | url: http://{{ template "tempo.fullname" . }}-admin-api.{{ .Release.Namespace }}.svc:{{ include "tempo.serverHttpListenPort" . }} distributor: url: http://{{ template "tempo.fullname" . }}-distributor.{{ .Release.Namespace }}.svc:{{ include "tempo.serverHttpListenPort" . }} - distributor_ingest: - url: h2c://{{ template "tempo.fullname" . }}-distributor.{{ .Release.Namespace }}.svc:4317 + otlp/grpc: + url: h2c://{{ template "tempo.fullname" . }}-distributor.{{ .Release.Namespace }}.svc:4317 + otlp/http: + url: http://{{ template "tempo.fullname" . }}-distributor.{{ .Release.Namespace }}.svc:4318 ingester: url: http://{{ template "tempo.fullname" . }}-ingester.{{ .Release.Namespace }}.svc:{{ include "tempo.serverHttpListenPort" . }} querier: url: http://{{ template "tempo.fullname" . }}-querier.{{ .Release.Namespace }}.svc:{{ include "tempo.serverHttpListenPort" . }} query_frontend: url: http://{{ template "tempo.fullname" . }}-query-frontend.{{ .Release.Namespace }}.svc:{{ include "tempo.serverHttpListenPort" . }}{{get .Values.tempo.structuredConfig "http_api_prefix"}} + {{else}} + {{- if and .Values.enterprise.enabled .Values.enterpriseGateway.proxy }} + gateway: + proxy: {{- toYaml .Values.enterpriseGateway.proxy | nindent 6 }} + {{- end }} {{- end }} compactor: @@ -1243,6 +1251,10 @@ config: | {{- if .Values.storage.trace.block.version }} block: version: {{.Values.storage.trace.block.version}} + {{- if .Values.storage.trace.block.dedicated_columns}} + parquet_dedicated_columns: + {{ .Values.storage.trace.block.dedicated_columns}} + {{- end }} {{- end }} pool: max_workers: {{ .Values.storage.trace.pool.max_workers }} @@ -1306,6 +1318,8 @@ storage: block: # -- The supported block versions are specified here https://grafana.com/docs/tempo/latest/configuration/parquet/ version: null + # -- Lis with dedicated attribute columns (only for vParquet3 or later) + dedicated_columns: [] # -- The supported storage backends are gcs, s3 and azure, as specified in https://grafana.com/docs/tempo/latest/configuration/#storage backend: local # The worker pool is used primarily when finding traces by id, but is also used by other. @@ -1322,6 +1336,7 @@ storage: # Global overrides global_overrides: per_tenant_override_config: /runtime-config/overrides.yaml + # -- List of enabled metrics generator processors ([service-graphs, span-metrics]) metrics_generator_processors: [] # Per tenants overrides @@ -1836,7 +1851,7 @@ enterprise: # -- Grafana Enterprise Metrics container image repository. Note: for Grafana Tempo use the value 'image.repository' repository: grafana/enterprise-traces # -- Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' - tag: v2.2.1 + tag: v2.3.1 # Note: pullPolicy and optional pullSecrets are set in toplevel 'image' section, not here # In order to use Grafana Enterprise Traces features, you will need to provide the contents of your Grafana Enterprise Traces @@ -1957,8 +1972,10 @@ adminApi: # Settings for the gateway service providing authentication and authorization via the admin_api. # Can only be enabled if enterprise.enabled is true - requires license. enterpriseGateway: - # If you want to use your own proxy URLs, set this to false. + # -- If you want to use your own proxy URLs, set this to false. useDefaultProxyURLs: true + # -- Proxy URLs defined in this object will be used if useDefaultProxyURLs is set to false. + proxy: {} replicas: 1 # -- hostAliases to add hostAliases: [] @@ -2067,3 +2084,15 @@ enterpriseGateway: - secretName: gem-gateway-tls hosts: - gateway.gem.example.com + +# -- Create extra manifests via values. +extraObjects: [] + # - apiVersion: "kubernetes-client.io/v1" + # kind: ExternalSecret + # metadata: + # name: tempo-secrets + # spec: + # backendType: aws + # data: + # - key: secret-access-key + # name: awssm-secret