From e43a3ed03206c58bd33f105305d944e4e0eb4caf Mon Sep 17 00:00:00 2001 From: Ihor Horak Date: Mon, 16 Oct 2023 14:32:37 +0300 Subject: [PATCH 1/2] [prometheus-thanos] upgrade thanos and add security context Signed-off-by: Ihor Horak --- charts/prometheus-thanos/Chart.yaml | 4 +- charts/prometheus-thanos/README.md | 648 +++++++++--------- .../templates/bucket-web/deployment.yaml | 6 + .../templates/compactor/statefulset.yaml | 6 + .../templates/querier/deployment.yaml | 6 + .../templates/query-frontend/deployment.yaml | 6 + .../templates/receiver/statefulset.yaml | 11 +- .../templates/ruler/statefulset.yaml | 6 + .../templates/store-gateway/statefulset.yaml | 6 + charts/prometheus-thanos/values.yaml | 94 ++- 10 files changed, 459 insertions(+), 334 deletions(-) diff --git a/charts/prometheus-thanos/Chart.yaml b/charts/prometheus-thanos/Chart.yaml index 4f8548c4..7753fd07 100644 --- a/charts/prometheus-thanos/Chart.yaml +++ b/charts/prometheus-thanos/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: "0.27.0" +appVersion: "0.32.4" description: A Helm chart for thanos monitoring components name: prometheus-thanos -version: 4.9.4 +version: 5.0.0 home: https://github.com/thanos-io/thanos sources: - https://github.com/thanos-io/thanos diff --git a/charts/prometheus-thanos/README.md b/charts/prometheus-thanos/README.md index 04bec4e8..836bd508 100644 --- a/charts/prometheus-thanos/README.md +++ b/charts/prometheus-thanos/README.md @@ -29,22 +29,22 @@ An example configmap will look like: apiVersion: v1 kind: ConfigMap metadata: - name: custom-config-map - labels: - thanos_alert_config: "1" +name: custom-config-map +labels: +thanos_alert_config: "1" data: - custom-external-rules.yaml: |- - groups: - - name: custom_external_rules_group - rules: - - alert: custom_alert - annotations: - description: "add your desc here" - summary: "add your summary here" - expr: up - for: 10m - labels: - severity: warn +custom-external-rules.yaml: |- +groups: +- name: custom_external_rules_group + rules: + - alert: custom_alert + annotations: +description: "add your desc here" +summary: "add your summary here" + expr: up + for: 10m + labels: +severity: warn ``` ## Uninstalling the Chart @@ -72,9 +72,9 @@ For example, if you had previously set `storeGateway.indexCacheSize` to `500MB`, ```yaml indexCache: - type: IN-MEMORY - config: - max_size: 500MB +type: IN-MEMORY +config: +max_size: 500MB ``` All configuration options can be found in [the documentation](https://thanos.io/components/store.md/#index-cache). @@ -86,305 +86,319 @@ The compactor persistence is now enabled by default and the default PVC size was The following table lists the configurable parameters of the prometheus-thanos chart and their default values. -| Parameter | Description | Default | -| ------------------------------------------ | ----------------------------------------- | ---------------------------------- | -| `tracing.enabled` | Controls whether [tracing](https://github.com/thanos-io/thanos/blob/master/docs/tracing.md) is required across all components | `false` | -| `tracing.type` | The tracer [type](https://github.com/thanos-io/thanos/blob/master/docs/tracing.md). All components which support tracing will use this | `` | -| `tracing.config` | Config for the [tracer](https://github.com/thanos-io/thanos/blob/master/docs/tracing.md). All components which support tracing will use this | `{}` | -| `bucketWebInterface.enabled` | Controls whether bucket web interface related resources should be created | `false` | -| `bucketWebInterface.additionalAnnotations` | Additional annotations on bucket web interface pods| `{}` | -| `bucketWebInterface.additionalFlags` | Additional command line flags | `{}` | -| `bucketWebInterface.additionalLabels` | Additional labels on bucket web interface pods| `{}` | -| `bucketWebInterface.affinity` | Affinity | `{}` | -| `bucketWebInterface.extraEnv` | Extra env vars | `nil` | -| `bucketWebInterface.httpServerPort` | The port to expose from the bucket web interface container | `10902` | -| `bucketWebInterface.image.repository` | Docker image repo for bucket web interface | `quay.io/thanos/thanos` | -| `bucketWebInterface.image.tag` | Docker image tag for bucket web interface | `v0.27.0` | -| `bucketWebInterface.image.pullPolicy` | Docker image pull policy for bucket web interface| `IfNotPresent` | -| `bucketWebInterface.serviceAccount.create` | Create service account | `true` | -| `bucketWebInterface.serviceAccount.annotations` | Service account annotations | `nil` | -| `bucketWebInterface.logLevel` | Bucket web interface log level | `info` | -| `bucketWebInterface.nodeSelector` | NodeSelector | `{}` | -| `bucketWebInterface.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `nil` | -| `bucketWebInterface.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | -| `bucketWebInterface.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | -| `bucketWebInterface.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | -| `bucketWebInterface.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | -| `bucketWebInterface.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | -| `bucketWebInterface.replicaCount` | Replica count for bucket web interface | `1` | -| `bucketWebInterface.resources` | Resources | `{}` | -| `bucketWebInterface.tolerations` | Tolerations | `[]` | -| `bucketWebInterface.updateStrategy` | Deployment update strategy | `type: RollingUpdate` | -| `bucketWebInterface.volumeMounts` | Additional volume mounts | `nil` | -| `bucketWebInterface.volumes` |Additional volumes | `nil` | -| `compact.enabled` | Controls whether compact related resources should be created | `true` | -| `compact.additionalAnnotations` | Additional annotations on compactor pod| `{}` | -| `compact.additionalFlags` | Additional command line flags | `{}` | -| `compact.additionalLabels` | Additional labels on compactor pod| `{}` | -| `compact.affinity` | Affinity | `{}` | -| `compact.consistencyDelay` | Consistency delay | `30m` | -| `compact.extraEnv` | Extra env vars | `nil` | -| `compact.image.repository` | Docker image repo for compactor | `quay.io/thanos/thanos` | -| `compact.image.tag` | Docker image tag for compactor | `v0.27.0` | -| `compact.image.pullPolicy` | Docker image pull policy for store gateway | `IfNotPresent` | -| `compact.serviceAccount.create` | Create service account | `true` | -| `compact.serviceAccount.annotations` | Service account annotations | `nil` | -| `compact.logLevel` | Store gateway log level | `info` | -| `compact.nodeSelector` | NodeSelector | `{}` | -| `compact.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | -| `compact.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | -| `compact.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `nil` | -| `compact.persistentVolume.enabled` | Persistent volume enabled | `true` | -| `compact.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` | -| `compact.persistentVolume.annotations` | Persistent volume annotations | `{}` | -| `compact.persistentVolume.existingClaim` | Persistent volume existingClaim | `""` | -| `compact.persistentVolume.size` | Persistent volume size | `10Gi` | -| `compact.persistentVolume.storageClass` | Persistent volume storage class name | `""` | -| `compact.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | -| `compact.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | -| `compact.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | -| `compact.resources` | Resources | `{}` | -| `compact.retentionResolutionRaw` | Retention for raw buckets | `30d` | -| `compact.retentionResolution5m` | Retention for 5m buckets | `30d` | -| `compact.retentionResolution1h` | Retention for 1h buckets | `10y` | -| `compact.tolerations` | Tolerations | `[]` | -| `compact.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` | -| `compact.volumeMounts` | Additional volume mounts | `nil` | -| `compact.volumes` | Additional volumes | `nil` | -| `querier.enabled` | Controls whether querier related resources should be created | `true` | -| `querier.additionalAnnotations` | Additional annotations on querier pods| `{}` | -| `querier.additionalFlags` | Additional command line flags | `{}` | -| `querier.additionalLabels` | Additional labels on querier pods| `{}` | -| `querier.affinity` | Affinity | `{}` | -| `querier.autoscaling.enabled` | Controls whether StoreGateway autoscaling is enabled | `false` | -| `querier.autoscaling.maxReplicas` | Maximum number of replicas to scale to | `10` | -| `querier.autoscaling.minReplicas` | Minimum number of replicas to scale to | `1` | -| `querier.autoscaling.metrics` | Array of MetricSpecs that will decide whether to scale in or out | `target of 80% for both CPU and memory resources` | -| `querier.image.repository` | Docker image repo for querier | `quay.io/thanos/thanos` | -| `querier.image.tag` | Docker image tag for querier | `v0.27.0` | -| `querier.image.pullPolicy` | Docker image pull policy for querier| `IfNotPresent` | -| `querier.serviceAccount.create` | Create service account | `true` | -| `querier.serviceAccount.annotations` | Service account annotations | `nil` | -| `querier.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | -| `querier.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | -| `querier.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | -| `querier.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | -| `querier.logLevel` | Querier log level | `info` | -| `querier.nodeSelector` | NodeSelector | `{}` | -| `querier.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | -| `querier.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | -| `querier.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | -| `querier.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | -| `querier.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | -| `querier.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | -| `querier.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` | -| `querier.replicaCount` | Replica count for querier | `1` | -| `querier.replicaLabels` | Replica reference labels which are used for query response deduplication | `[]` | -| `querier.resources` | Resources | `{}` | -| `querier.stores` | List of stores [see](https://github.com/thanos-io/thanos/blob/master/docs/components/query.md) | `[]` | -| `querier.tolerations` | Tolerations | `[]` | -| `querier.updateStrategy` | Deployment update strategy | `type: RollingUpdate` | -| `querier.volumeMounts` | Additional volume mounts | `nil` | -| `querier.volumes` | Additional volumes | `nil` | -| `queryFrontend.enabled` | Controls whether query-frontend related resources should be created | `true` | -| `queryFrontend.additionalAnnotations` | Additional annotations on query-frontend pods| `{}` | -| `queryFrontend.additionalFlags` | Additional command line flags | `{}` | -| `queryFrontend.additionalLabels` | Additional labels on query-frontend pods| `{}` | -| `queryFrontend.affinity` | Affinity | `{}` | -| `queryFrontend.autoscaling.enabled` | Controls whether query-frontend autoscaling is enabled | `false` | -| `queryFrontend.autoscaling.maxReplicas` | Maximum number of replicas to scale to | `10` | -| `queryFrontend.autoscaling.minReplicas` | Minimum number of replicas to scale to | `1` | -| `queryFrontend.autoscaling.metrics` | Array of MetricSpecs that will decide whether to scale in or out | `target of 80% for both CPU and memory resources` | -| `queryFrontend.cache.config` | Caching configuration | `nil` | -| `queryFrontend.cache.enabled` | Controls whether caching should be used | `false` | -| `queryFrontend.cache.type` | Type of caching [see](https://thanos.io/tip/components/query-frontend.md/#caching) | `nil` | -| `queryFrontend.downstreamUrl` | The URL of the querier service | `the default URL of the querier service` | -| `queryFrontend.image.repository` | Docker image repo for query-frontend | `quay.io/thanos/thanos` | -| `queryFrontend.image.tag` | Docker image tag for query-frontend | `v0.27.0` | -| `queryFrontend.image.pullPolicy` | Docker image pull policy for query-frontend| `IfNotPresent` | -| `queryFrontend.serviceAccount.create` | Create service account | `true` | -| `queryFrontend.serviceAccount.annotations` | Service account annotations | `nil` | -| `queryFrontend.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | -| `queryFrontend.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | -| `queryFrontend.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | -| `queryFrontend.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | -| `queryFrontend.logLevel` | Query-frontend log level | `info` | -| `queryFrontend.logQueriesLongerThan` | Log queries that are slower than the specified duration. | `0` | -| `queryFrontend.nodeSelector` | NodeSelector | `{}` | -| `queryFrontend.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | -| `queryFrontend.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | -| `queryFrontend.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | -| `queryFrontend.querySplitInterval` | Split query range requests by an interval and execute in parallel | `24h` | -| `queryFrontend.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | -| `queryFrontend.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | -| `queryFrontend.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | -| `queryFrontend.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` | -| `queryFrontend.replicaCount` | Replica count for query-frontend | `1` | -| `queryFrontend.resources` | Resources | `{}` | -| `queryFrontend.stores` | List of stores [see](https://github.com/thanos-io/thanos/blob/master/docs/components/query.md) | `[]` | -| `queryFrontend.tolerations` | Tolerations | `[]` | -| `queryFrontend.updateStrategy` | Deployment update strategy | `type: RollingUpdate` | -| `queryFrontend.volumeMounts` | Additional volume mounts | `nil` | -| `queryFrontend.volumes` | Additional volumes | `nil` | -| `receiver.enabled` | Controls whether receiver related resources should be created | `true` | -| `receiver.affinity` | Affinity | `{}` | -| `receiver.additionalAnnotations` | Additional annotations on receiver pods| `{}` | -| `receiver.additionalFlags` | Additional command line flags | `{}` | -| `receiver.additionalLabels` | Additional labels on receiver pods| `{}` | -| `receiver.extraEnv` | Extra env vars | `nil` | -| `receiver.image.repository` | Docker image repo for receiver | `quay.io/thanos/thanos` | -| `receiver.image.tag` | Docker image tag for receiver | `v0.27.0` | -| `receiver.image.pullPolicy` | Docker image pull policy for receiver | `IfNotPresent` | -| `receiver.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | -| `receiver.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | -| `receiver.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | -| `receiver.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | -| `receiver.logLevel` | Receiver log level | `info` | -| `receiver.nodeSelector` | NodeSelector | `{}` | -| `receiver.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | -| `receiver.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | -| `receiver.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `GCS` | -| `receiver.persistentVolume.enabled` | Persistent volume enabled | `true` | -| `receiver.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` | -| `receiver.persistentVolume.annotations` | Persistent volume annotations | `{}` | -| `receiver.persistentVolume.existingClaim` | Persistent volume existingClaim | `""` | -| `receiver.persistentVolume.size` | Persistent volume size | `2Gi` | -| `receiver.persistentVolume.storageClass` | Persistent volume storage class name | `""` | -| `receiver.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | -| `receiver.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | -| `receiver.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | -| `receiver.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | -| `receiver.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | -| `receiver.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | -| `receiver.readinessProbe.timeoutSeconds` |Readiness probe timeoutSeconds | `30` | -| `receiver.replicaCount` | Replica count for receiver | `1` | -| `receiver.replicationFactor` | Number of times to replicate incoming write requests | `1` | -| `receiver.resources` | Resources | `{}` | -| `receiver.serviceAccount.create` | Create service account | `true` | -| `receiver.serviceAccount.annotations` | Service account annotations | `nil` | -| `receiver.tolerations` | Tolerations | `[]` | -| `receiver.tsdbRetention` | The period to retain TSDB blocks in the receiver | `1d` | -| `receiver.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` | -| `receiver.volumeMounts` | Additional volume mounts | `nil` | -| `receiver.volumes` |Additional volumes | `nil` | -| `ruler.enabled` | controls whether ruler related resources should be created | `true` | -| `ruler.additionalAnnotations` | Additional annotations on ruler pod| `{}` | -| `ruler.additionalFlags` | Additional command line flags | `{}` | -| `ruler.additionalLabels` | Additional labels on ruler pod| `{}` | -| `ruler.affinity` | Affinity | `{}` | -| `ruler.alertmanagerUrl` | Ruler alert manager url | `http://localhost` | -| `ruler.clusterName` | Ruler cluster name | `nil` | -| `ruler.config` | Default ruler config | `nil` | -| `ruler.evalInterval` | Ruler evaluation interval | `1m` | -| `ruler.extraEnv` | Extra env vars | `nil` | -| `ruler.image.repository` | Docker image repo for ruler | `quay.io/thanos/thanos` | -| `ruler.image.tag` | Docker image tag for ruler | `v0.27.0` | -| `ruler.image.pullPolicy` | Docker image pull policy for ruler | `IfNotPresent` | -| `ruler.imagePullSecrets` | Docker image pull secrets for ruler | `[]` | -| `ruler.serviceAccount.annotations` | Service account annotations | `nil` | -| `ruler.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | -| `ruler.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | -| `ruler.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | -| `ruler.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | -| `ruler.logLevel` | Ruler log level | `info` | -| `ruler.nodeSelector` | NodeSelector | `{}` | -| `ruler.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `nil` | -| `ruler.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | -| `ruler.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | -| `ruler.persistentVolume.enabled` | Persistent volume enabled | `true` | -| `ruler.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` | -| `ruler.persistentVolume.annotations` | Persistent volume annotations | `{}` | -| `ruler.persistentVolume.existingClaim` | Persistent volume existingClaim | `""` | -| `ruler.persistentVolume.size` | Persistent volume size | `2Gi` | -| `ruler.persistentVolume.storageClass` | Persistent volume storage class name | `""` | -| `ruler.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`.| `false` | -| `ruler.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | -| `ruler.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | -| `ruler.queries` | Ruler quieries endpoints | `[]` | -| `ruler.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | -| `ruler.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | -| `ruler.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | -| `ruler.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` | -| `ruler.replicaCount` | Replica count for ruler | `1` | -| `ruler.resources` | Resources | `{}` | -| `ruler.ruleFile` | Rule files that should be used | `/etc/thanos-ruler/**/*-rules.yaml` | -| `ruler.sidecar.image.repository` | Docker image for configmap watcher sidecar | `kiwigrid/k8s-configmap-watcher` | -| `ruler.sidecar.image.tag` | Docker image tag for configmap watcher sidecar | `0.1.1` | -| `ruler.sidecar.image.pullPolicy` | Pull policy for configmap watcher sidecar | `IfNotPresent` | -| `ruler.sidecar.enabled` | Enable configmap watcher sidecar | `false` | -| `ruler.sidecar.watchLabel` | Label for configmaps to watch | `thanos_alert_config` | -| `ruler.tolerations` | Tolerations | `[]` | -| `ruler.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` | -| `ruler.volumeMounts` | Additional volume mounts | `nil` | -| `ruler.volumes` | Additional volumes | `nil` | -| `service.bucketWebInterface.type` | Service type for the bucket web interface | `ClusterIP` | -| `service.bucketWebInterface.http.port` | Service http port for the bucket web interface | `9090` | -| `service.bucketWebInterface.annotations` | Service annotations for the bucket web interface | `{}` | -| `service.compact.type` | Service type for the compactor | `ClusterIP` | -| `service.compact.http.port` | Service http port for the compactor | `9090` | -| `service.compact.annotations` | Service annotations for the compactor | `{}` | -| `service.receiver.http.port` | Service http port for the receiver | `9090` | -| `service.receiver.httpRemoteWrite.port` | Service http port for the receiver remote write endpoint | `9091` | -| `service.receiver.grpc.port` | Service grpc port for the receiver | `10901` | -| `service.receiver.annotations` | Service annotations for the receiver | `{}` | -| `service.querier.type` | Service type for the querier | `ClusterIP` | -| `service.querier.http.port` | Service http port for the querier | `9090` | -| `service.querier.grpc.port` | Service grpc port for the querier | `10901` | -| `service.querier.annotations` | Service annotations for the querier | `{}` | -| `service.storeGateway.type` | Service type for the store gateway | `ClusterIP` | -| `service.storeGateway.http.port` | Service http port for the store gateway | `9090` | -| `service.storeGateway.grpc.port` | Service grpc port for the store gateway | `10901` | -| `service.storeGateway.annotations` | Service annotations for the store gateway | `{}` | -| `service.ruler.type` | Service type for ruler | `ClusterIP` | -| `service.ruler.http.port` | Service http port for ruler | `9090` | -| `service.ruler.grpc.port` | Service grpc port for ruler | `10901` | -| `service.ruler.annotations` | Service annotations for the ruler | `{}` | -| `storeGateway.enabled` | Controls whether StoreGateway related resources should be created | `true` | -| `storeGateway.affinity` | Affinity | `{}` | -| `storeGateway.additionalAnnotations` | Additional annotations on store gateway pods| `{}` | -| `storeGateway.additionalFlags` | Additional command line flags | `{}` | -| `storeGateway.additionalLabels` | Additional labels on store gateway pods| `{}` | -| `storeGateway.autoscaling.enabled` | Controls whether StoreGateway autoscaling is enabled | `false` | -| `storeGateway.autoscaling.maxReplicas` | Maximum number of replicas to scale to | `10` | -| `storeGateway.autoscaling.minReplicas` | Minimum number of replicas to scale to | `1` | -| `storeGateway.autoscaling.metrics` | Array of MetricSpecs that will decide whether to scale in or out | `target of 80% for both CPU and memory resources` | -| `storeGateway.chunkPoolSize` | Chunk pool size | `500MB` | -| `storeGateway.extraEnv` | Extra env vars | `nil` | -| `storeGateway.image.repository` | Docker image repo for store gateway | `quay.io/thanos/thanos` | -| `storeGateway.image.tag` | Docker image tag for store gateway | `v0.27.0` | -| `storeGateway.image.pullPolicy` | Docker image pull policy for store gateway | `IfNotPresent` | -| `storeGateway.indexCache.config` | Config for the index cache, see [the docs](https://thanos.io/components/store.md/#index-cache) | `max_size: 500MB` | -| `storeGateway.indexCache.type` | Type of the index cache, either `IN-MEMORY` or `MEMCACHED` | `IN-MEMORY` | -| `storeGateway.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | -| `storeGateway.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | -| `storeGateway.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | -| `storeGateway.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | -| `storeGateway.logLevel` | Store gateway log level | `info` | -| `storeGateway.nodeSelector` | NodeSelector | `{}` | -| `storeGateway.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | -| `storeGateway.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | -| `storeGateway.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `GCS` | -| `storeGateway.persistentVolume.enabled` | Persistent volume enabled | `true` | -| `storeGateway.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` | -| `storeGateway.persistentVolume.annotations` | Persistent volume annotations | `{}` | -| `storeGateway.persistentVolume.existingClaim` | Persistent volume existingClaim | `""` | -| `storeGateway.persistentVolume.size` | Persistent volume size | `2Gi` | -| `storeGateway.persistentVolume.storageClass` | Persistent volume storage class name | `""` | -| `storeGateway.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | -| `storeGateway.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | -| `storeGateway.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | -| `storeGateway.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | -| `storeGateway.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | -| `storeGateway.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | -| `storeGateway.readinessProbe.timeoutSeconds` |Readiness probe timeoutSeconds | `30` | -| `storeGateway.replicaCount` | Replica count for store gateway | `1` | -| `storeGateway.resources` | Resources | `{}` | -| `storeGateway.serviceAccount.create` | Create service account | `true` | -| `storeGateway.serviceAccount.annotations` | Service account annotations | `nil` | -| `storeGateway.tolerations` | Tolerations | `[]` | -| `storeGateway.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` | -| `storeGateway.volumeMounts` | Additional volume mounts | `nil` | -| `storeGateway.volumes` |Additional volumes | `nil` | +| Parameter | Description | Default | +|:---------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------| +| `tracing.enabled` | Controls whether [tracing](https://github.com/thanos-io/thanos/blob/master/docs/tracing.md) is required across all components | `false` | +| `tracing.type` | The tracer [type](https://github.com/thanos-io/thanos/blob/master/docs/tracing.md).All components which support tracing will use this | `` | +| `tracing.config` | Config for the [tracer](https://github.com/thanos-io/thanos/blob/master/docs/tracing.md).All components which support tracing will use this | `{}` | +| `bucketWebInterface.enabled` | Controls whether bucket web interface related resources should be created | `false` | +| `bucketWebInterface.additionalAnnotations` | Additional annotations on bucket web interface pods | `{}` | +| `bucketWebInterface.additionalFlags` | Additional command line flags | `{}` | +| `bucketWebInterface.additionalLabels` | Additional labels on bucket web interface pods | `{}` | +| `bucketWebInterface.affinity` | Affinity | `{}` | +| `bucketWebInterface.extraEnv` | Extra env vars | `nil` | +| `bucketWebInterface.httpServerPort` | The port to expose from the bucket web interface container | `10902` | +| `bucketWebInterface.image.repository` | Docker image repo for bucket web interface | `quay.io/thanos/thanos` | +| `bucketWebInterface.image.tag` | Docker image tag for bucket web interface | `v0.32.4` | +| `bucketWebInterface.image.pullPolicy` | Docker image pull policy for bucket web interface | `IfNotPresent` | +| `bucketWebInterface.serviceAccount.create` | Create service account | `true` | +| `bucketWebInterface.serviceAccount.annotations` | Service account annotations | `nil` | +| `bucketWebInterface.logLevel` | Bucket web interface log level | `info` | +| `bucketWebInterface.nodeSelector` | NodeSelector | `{}` | +| `bucketWebInterface.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `nil` | +| `bucketWebInterface.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | +| `bucketWebInterface.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | +| `bucketWebInterface.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | +| `bucketWebInterface.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | +| `bucketWebInterface.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | +| `bucketWebInterface.replicaCount` | Replica count for bucket web interface | `1` | +| `bucketWebInterface.resources` | Resources | `{}` | +| `bucketWebInterface.tolerations` | Tolerations | `[]` | +| `bucketWebInterface.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | +| `bucketWebInterface.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | +| `bucketWebInterface.updateStrategy` | Deployment update strategy | `type: RollingUpdate` | +| `bucketWebInterface.volumeMounts` | Additional volume mounts | `nil` | +| `bucketWebInterface.volumes` | Additional volumes | `nil` | +| `compact.enabled` | Controls whether compact related resources should be created | `true` | +| `compact.additionalAnnotations` | Additional annotations on compactor pod | `{}` | +| `compact.additionalFlags` | Additional command line flags | `{}` | +| `compact.additionalLabels` | Additional labels on compactor pod | `{}` | +| `compact.affinity` | Affinity | `{}` | +| `compact.consistencyDelay` | Consistency delay | `30m` | +| `compact.extraEnv` | Extra env vars | `nil` | +| `compact.image.repository` | Docker image repo for compactor | `quay.io/thanos/thanos` | +| `compact.image.tag` | Docker image tag for compactor | `v0.32.4` | +| `compact.image.pullPolicy` | Docker image pull policy for store gateway | `IfNotPresent` | +| `compact.serviceAccount.create` | Create service account | `true` | +| `compact.serviceAccount.annotations` | Service account annotations | `nil` | +| `compact.logLevel` | Store gateway log level | `info` | +| `compact.nodeSelector` | NodeSelector | `{}` | +| `compact.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | +| `compact.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | +| `compact.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `nil` | +| `compact.persistentVolume.enabled` | Persistent volume enabled | `true` | +| `compact.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` | +| `compact.persistentVolume.annotations` | Persistent volume annotations | `{}` | +| `compact.persistentVolume.existingClaim` | Persistent volume existingClaim | `""` | +| `compact.persistentVolume.size` | Persistent volume size | `10Gi` | +| `compact.persistentVolume.storageClass` | Persistent volume storage class name | `""` | +| `compact.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | +| `compact.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | +| `compact.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | +| `compact.resources` | Resources | `{}` | +| `compact.retentionResolutionRaw` | Retention for raw buckets | `30d` | +| `compact.retentionResolution5m` | Retention for 5m buckets | `30d` | +| `compact.retentionResolution1h` | Retention for 1h buckets | `10y` | +| `compact.tolerations` | Tolerations | `[]` | +| `compact.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | +| `compact.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | +| `compact.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` | +| `compact.volumeMounts` | Additional volume mounts | `nil` | +| `compact.volumes` | Additional volumes | `nil` | +| `querier.enabled` | Controls whether querier related resources should be created | `true` | +| `querier.additionalAnnotations` | Additional annotations on querier pods | `{}` | +| `querier.additionalFlags` | Additional command line flags | `{}` | +| `querier.additionalLabels` | Additional labels on querier pods | `{}` | +| `querier.affinity` | Affinity | `{}` | +| `querier.autoscaling.enabled` | Controls whether StoreGateway autoscaling is enabled | `false` | +| `querier.autoscaling.maxReplicas` | Maximum number of replicas to scale to | `10` | +| `querier.autoscaling.minReplicas` | Minimum number of replicas to scale to | `1` | +| `querier.autoscaling.metrics` | Array of MetricSpecs that will decide whether to scale in or out | `target of 80% for both CPU and memory resources` | +| `querier.image.repository` | Docker image repo for querier | `quay.io/thanos/thanos` | +| `querier.image.tag` | Docker image tag for querier | `v0.32.4` | +| `querier.image.pullPolicy` | Docker image pull policy for querier | `IfNotPresent` | +| `querier.serviceAccount.create` | Create service account | `true` | +| `querier.serviceAccount.annotations` | Service account annotations | `nil` | +| `querier.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | +| `querier.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | +| `querier.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | +| `querier.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | +| `querier.logLevel` | Querier log level | `info` | +| `querier.nodeSelector` | NodeSelector | `{}` | +| `querier.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | +| `querier.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | +| `querier.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | +| `querier.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | +| `querier.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | +| `querier.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | +| `querier.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` | +| `querier.replicaCount` | Replica count for querier | `1` | +| `querier.replicaLabels` | Replica reference labels which are used for query response deduplication | `[]` | +| `querier.resources` | Resources | `{}` | +| `querier.stores` | List of stores [see](https://github.com/thanos-io/thanos/blob/master/docs/components/query.md) | `[]` | +| `querier.tolerations` | Tolerations | `[]` | +| `querier.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | +| `querier.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | +| `querier.updateStrategy` | Deployment update strategy | `type: RollingUpdate` | +| `querier.volumeMounts` | Additional volume mounts | `nil` | +| `querier.volumes` | Additional volumes | `nil` | +| `queryFrontend.enabled` | Controls whether query-frontend related resources should be created | `true` | +| `queryFrontend.additionalAnnotations` | Additional annotations on query-frontend pods | `{}` | +| `queryFrontend.additionalFlags` | Additional command line flags | `{}` | +| `queryFrontend.additionalLabels` | Additional labels on query-frontend pods | `{}` | +| `queryFrontend.affinity` | Affinity | `{}` | +| `queryFrontend.autoscaling.enabled` | Controls whether query-frontend autoscaling is enabled | `false` | +| `queryFrontend.autoscaling.maxReplicas` | Maximum number of replicas to scale to | `10` | +| `queryFrontend.autoscaling.minReplicas` | Minimum number of replicas to scale to | `1` | +| `queryFrontend.autoscaling.metrics` | Array of MetricSpecs that will decide whether to scale in or out | `target of 80% for both CPU and memory resources` | +| `queryFrontend.cache.config` | Caching configuration | `nil` | +| `queryFrontend.cache.enabled` | Controls whether caching should be used | `false` | +| `queryFrontend.cache.type` | Type of caching [see](https://thanos.io/tip/components/query-frontend.md/#caching) | `nil` | +| `queryFrontend.downstreamUrl` | The URL of the querier service | `the default URL of the querier service` | +| `queryFrontend.image.repository` | Docker image repo for query-frontend | `quay.io/thanos/thanos` | +| `queryFrontend.image.tag` | Docker image tag for query-frontend | `v0.32.4` | +| `queryFrontend.image.pullPolicy` | Docker image pull policy for query-frontend | `IfNotPresent` | +| `queryFrontend.serviceAccount.create` | Create service account | `true` | +| `queryFrontend.serviceAccount.annotations` | Service account annotations | `nil` | +| `queryFrontend.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | +| `queryFrontend.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | +| `queryFrontend.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | +| `queryFrontend.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | +| `queryFrontend.logLevel` | Query-frontend log level | `info` | +| `queryFrontend.logQueriesLongerThan` | Log queries that are slower than the specified duration. | `0` | +| `queryFrontend.nodeSelector` | NodeSelector | `{}` | +| `queryFrontend.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | +| `queryFrontend.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | +| `queryFrontend.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | +| `queryFrontend.querySplitInterval` | Split query range requests by an interval and execute in parallel | `24h` | +| `queryFrontend.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | +| `queryFrontend.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | +| `queryFrontend.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | +| `queryFrontend.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` | +| `queryFrontend.replicaCount` | Replica count for query-frontend | `1` | +| `queryFrontend.resources` | Resources | `{}` | +| `queryFrontend.stores` | List of stores [see](https://github.com/thanos-io/thanos/blob/master/docs/components/query.md) | `[]` | +| `queryFrontend.tolerations` | Tolerations | `[]` | +| `queryFrontend.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | +| `queryFrontend.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | +| `queryFrontend.updateStrategy` | Deployment update strategy | `type: RollingUpdate` | +| `queryFrontend.volumeMounts` | Additional volume mounts | `nil` | +| `queryFrontend.volumes` | Additional volumes | `nil` | +| `receiver.enabled` | Controls whether receiver related resources should be created | `true` | +| `receiver.affinity` | Affinity | `{}` | +| `receiver.additionalAnnotations` | Additional annotations on receiver pods | `{}` | +| `receiver.additionalFlags` | Additional command line flags | `{}` | +| `receiver.additionalLabels` | Additional labels on receiver pods | `{}` | +| `receiver.extraEnv` | Extra env vars | `nil` | +| `receiver.image.repository` | Docker image repo for receiver | `quay.io/thanos/thanos` | +| `receiver.image.tag` | Docker image tag for receiver | `v0.32.4` | +| `receiver.image.pullPolicy` | Docker image pull policy for receiver | `IfNotPresent` | +| `receiver.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | +| `receiver.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | +| `receiver.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | +| `receiver.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | +| `receiver.logLevel` | Receiver log level | `info` | +| `receiver.nodeSelector` | NodeSelector | `{}` | +| `receiver.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | +| `receiver.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | +| `receiver.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `GCS` | +| `receiver.persistentVolume.enabled` | Persistent volume enabled | `true` | +| `receiver.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` | +| `receiver.persistentVolume.annotations` | Persistent volume annotations | `{}` | +| `receiver.persistentVolume.existingClaim` | Persistent volume existingClaim | `""` | +| `receiver.persistentVolume.size` | Persistent volume size | `2Gi` | +| `receiver.persistentVolume.storageClass` | Persistent volume storage class name | `""` | +| `receiver.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | +| `receiver.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | +| `receiver.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | +| `receiver.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | +| `receiver.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | +| `receiver.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | +| `receiver.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` | +| `receiver.replicaCount` | Replica count for receiver | `1` | +| `receiver.replicationFactor` | Number of times to replicate incoming write requests | `1` | +| `receiver.resources` | Resources | `{}` | +| `receiver.serviceAccount.create` | Create service account | `true` | +| `receiver.serviceAccount.annotations` | Service account annotations | `nil` | +| `receiver.tolerations` | Tolerations | `[]` | +| `receiver.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | +| `receiver.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | +| `receiver.tsdbRetention` | The period to retain TSDB blocks in the receiver | `1d` | +| `receiver.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` | +| `receiver.volumeMounts` | Additional volume mounts | `nil` | +| `receiver.volumes` | Additional volumes | `nil` | +| `ruler.enabled` | controls whether ruler related resources should be created | `true` | +| `ruler.additionalAnnotations` | Additional annotations on ruler pod | `{}` | +| `ruler.additionalFlags` | Additional command line flags | `{}` | +| `ruler.additionalLabels` | Additional labels on ruler pod | `{}` | +| `ruler.affinity` | Affinity | `{}` | +| `ruler.alertmanagerUrl` | Ruler alert manager url | `http://localhost` | +| `ruler.clusterName` | Ruler cluster name | `nil` | +| `ruler.config` | Default ruler config | `nil` | +| `ruler.evalInterval` | Ruler evaluation interval | `1m` | +| `ruler.extraEnv` | Extra env vars | `nil` | +| `ruler.image.repository` | Docker image repo for ruler | `quay.io/thanos/thanos` | +| `ruler.image.tag` | Docker image tag for ruler | `v0.32.4` | +| `ruler.image.pullPolicy` | Docker image pull policy for ruler | `IfNotPresent` | +| `ruler.imagePullSecrets` | Docker image pull secrets for ruler | `[]` | +| `ruler.serviceAccount.annotations` | Service account annotations | `nil` | +| `ruler.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | +| `ruler.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | +| `ruler.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | +| `ruler.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | +| `ruler.logLevel` | Ruler log level | `info` | +| `ruler.nodeSelector` | NodeSelector | `{}` | +| `ruler.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `nil` | +| `ruler.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | +| `ruler.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | +| `ruler.persistentVolume.enabled` | Persistent volume enabled | `true` | +| `ruler.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` | +| `ruler.persistentVolume.annotations` | Persistent volume annotations | `{}` | +| `ruler.persistentVolume.existingClaim` | Persistent volume existingClaim | `""` | +| `ruler.persistentVolume.size` | Persistent volume size | `2Gi` | +| `ruler.persistentVolume.storageClass` | Persistent volume storage class name | `""` | +| `ruler.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | +| `ruler.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | +| `ruler.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | +| `ruler.queries` | Ruler quieries endpoints | `[]` | +| `ruler.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | +| `ruler.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | +| `ruler.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | +| `ruler.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` | +| `ruler.replicaCount` | Replica count for ruler | `1` | +| `ruler.resources` | Resources | `{}` | +| `ruler.ruleFile` | Rule files that should be used | `/etc/thanos-ruler/**/*-rules.yaml` | +| `ruler.sidecar.image.repository` | Docker image for configmap watcher sidecar | `kiwigrid/k8s-configmap-watcher` | +| `ruler.sidecar.image.tag` | Docker image tag for configmap watcher sidecar | `0.1.1` | +| `ruler.sidecar.image.pullPolicy` | Pull policy for configmap watcher sidecar | `IfNotPresent` | +| `ruler.sidecar.enabled` | Enable configmap watcher sidecar | `false` | +| `ruler.sidecar.watchLabel` | Label for configmaps to watch | `thanos_alert_config` | +| `ruler.tolerations` | Tolerations | `[]` | +| `ruler.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | +| `ruler.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | +| `ruler.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` | +| `ruler.volumeMounts` | Additional volume mounts | `nil` | +| `ruler.volumes` | Additional volumes | `nil` | +| `service.bucketWebInterface.type` | Service type for the bucket web interface | `ClusterIP` | +| `service.bucketWebInterface.http.port` | Service http port for the bucket web interface | `9090` | +| `service.bucketWebInterface.annotations` | Service annotations for the bucket web interface | `{}` | +| `service.compact.type` | Service type for the compactor | `ClusterIP` | +| `service.compact.http.port` | Service http port for the compactor | `9090` | +| `service.compact.annotations` | Service annotations for the compactor | `{}` | +| `service.receiver.http.port` | Service http port for the receiver | `9090` | +| `service.receiver.httpRemoteWrite.port` | Service http port for the receiver remote write endpoint | `9091` | +| `service.receiver.grpc.port` | Service grpc port for the receiver | `10901` | +| `service.receiver.annotations` | Service annotations for the receiver | `{}` | +| `service.querier.type` | Service type for the querier | `ClusterIP` | +| `service.querier.http.port` | Service http port for the querier | `9090` | +| `service.querier.grpc.port` | Service grpc port for the querier | `10901` | +| `service.querier.annotations` | Service annotations for the querier | `{}` | +| `service.storeGateway.type` | Service type for the store gateway | `ClusterIP` | +| `service.storeGateway.http.port` | Service http port for the store gateway | `9090` | +| `service.storeGateway.grpc.port` | Service grpc port for the store gateway | `10901` | +| `service.storeGateway.annotations` | Service annotations for the store gateway | `{}` | +| `service.ruler.type` | Service type for ruler | `ClusterIP` | +| `service.ruler.http.port` | Service http port for ruler | `9090` | +| `service.ruler.grpc.port` | Service grpc port for ruler | `10901` | +| `service.ruler.annotations` | Service annotations for the ruler | `{}` | +| `storeGateway.enabled` | Controls whether StoreGateway related resources should be created | `true` | +| `storeGateway.affinity` | Affinity | `{}` | +| `storeGateway.additionalAnnotations` | Additional annotations on store gateway pods | `{}` | +| `storeGateway.additionalFlags` | Additional command line flags | `{}` | +| `storeGateway.additionalLabels` | Additional labels on store gateway pods | `{}` | +| `storeGateway.autoscaling.enabled` | Controls whether StoreGateway autoscaling is enabled | `false` | +| `storeGateway.autoscaling.maxReplicas` | Maximum number of replicas to scale to | `10` | +| `storeGateway.autoscaling.minReplicas` | Minimum number of replicas to scale to | `1` | +| `storeGateway.autoscaling.metrics` | Array of MetricSpecs that will decide whether to scale in or out | `target of 80% for both CPU and memory resources` | +| `storeGateway.chunkPoolSize` | Chunk pool size | `500MB` | +| `storeGateway.extraEnv` | Extra env vars | `nil` | +| `storeGateway.image.repository` | Docker image repo for store gateway | `quay.io/thanos/thanos` | +| `storeGateway.image.tag` | Docker image tag for store gateway | `v0.32.4` | +| `storeGateway.image.pullPolicy` | Docker image pull policy for store gateway | `IfNotPresent` | +| `storeGateway.indexCache.config` | Config for the index cache, see [the docs](https://thanos.io/components/store.md/#index-cache) | `max_size: 500MB` | +| `storeGateway.indexCache.type` | Type of the index cache, either `IN-MEMORY` or `MEMCACHED` | `IN-MEMORY` | +| `storeGateway.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | +| `storeGateway.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | +| `storeGateway.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | +| `storeGateway.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | +| `storeGateway.logLevel` | Store gateway log level | `info` | +| `storeGateway.nodeSelector` | NodeSelector | `{}` | +| `storeGateway.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | +| `storeGateway.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | +| `storeGateway.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `GCS` | +| `storeGateway.persistentVolume.enabled` | Persistent volume enabled | `true` | +| `storeGateway.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` | +| `storeGateway.persistentVolume.annotations` | Persistent volume annotations | `{}` | +| `storeGateway.persistentVolume.existingClaim` | Persistent volume existingClaim | `""` | +| `storeGateway.persistentVolume.size` | Persistent volume size | `2Gi` | +| `storeGateway.persistentVolume.storageClass` | Persistent volume storage class name | `""` | +| `storeGateway.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | +| `storeGateway.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | +| `storeGateway.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | +| `storeGateway.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | +| `storeGateway.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | +| `storeGateway.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | +| `storeGateway.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` | +| `storeGateway.replicaCount` | Replica count for store gateway | `1` | +| `storeGateway.resources` | Resources | `{}` | +| `storeGateway.serviceAccount.create` | Create service account | `true` | +| `storeGateway.serviceAccount.annotations` | Service account annotations | `nil` | +| `storeGateway.tolerations` | Tolerations | `[]` | +| `storeGateway.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | +| `storeGateway.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | +| `storeGateway.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` | +| `storeGateway.volumeMounts` | Additional volume mounts | `nil` | +| `storeGateway.volumes` | Additional volumes | `nil` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: diff --git a/charts/prometheus-thanos/templates/bucket-web/deployment.yaml b/charts/prometheus-thanos/templates/bucket-web/deployment.yaml index 3fd11fbd..7412b771 100644 --- a/charts/prometheus-thanos/templates/bucket-web/deployment.yaml +++ b/charts/prometheus-thanos/templates/bucket-web/deployment.yaml @@ -67,6 +67,8 @@ spec: {{- end }} resources: {{- toYaml .Values.bucketWebInterface.resources | nindent 12 }} + securityContext: + {{- toYaml .Values.bucketWebInterface.containerSecurityContext | nindent 12 }} {{- with .Values.bucketWebInterface.volumeMounts }} volumeMounts: {{- toYaml . | nindent 14 }} @@ -83,6 +85,10 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.bucketWebInterface.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.bucketWebInterface.volumes }} volumes: {{- toYaml . | nindent 8 }} diff --git a/charts/prometheus-thanos/templates/compactor/statefulset.yaml b/charts/prometheus-thanos/templates/compactor/statefulset.yaml index dc863433..7a0b7b9d 100644 --- a/charts/prometheus-thanos/templates/compactor/statefulset.yaml +++ b/charts/prometheus-thanos/templates/compactor/statefulset.yaml @@ -73,6 +73,8 @@ spec: {{- end }} resources: {{- toYaml .Values.compact.resources | nindent 12 }} + securityContext: + {{- toYaml .Values.compact.containerSecurityContext | nindent 12 }} volumeMounts: - mountPath: /data name: storage-volume @@ -91,6 +93,10 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.compact.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} volumes: {{- with .Values.compact.volumes }} {{- toYaml . | nindent 8 }} diff --git a/charts/prometheus-thanos/templates/querier/deployment.yaml b/charts/prometheus-thanos/templates/querier/deployment.yaml index 2332b967..861dfd0c 100644 --- a/charts/prometheus-thanos/templates/querier/deployment.yaml +++ b/charts/prometheus-thanos/templates/querier/deployment.yaml @@ -84,6 +84,8 @@ spec: timeoutSeconds: {{ .Values.querier.readinessProbe.timeoutSeconds }} resources: {{- toYaml .Values.querier.resources | nindent 12 }} + securityContext: + {{- toYaml .Values.querier.containerSecurityContext | nindent 12 }} {{- with .Values.querier.volumeMounts }} volumeMounts: {{- toYaml . | nindent 14 }} @@ -100,6 +102,10 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.querier.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.querier.volumes }} volumes: {{- toYaml . | nindent 8 }} diff --git a/charts/prometheus-thanos/templates/query-frontend/deployment.yaml b/charts/prometheus-thanos/templates/query-frontend/deployment.yaml index 5ebc77cc..6eefc0f7 100644 --- a/charts/prometheus-thanos/templates/query-frontend/deployment.yaml +++ b/charts/prometheus-thanos/templates/query-frontend/deployment.yaml @@ -91,6 +91,8 @@ spec: timeoutSeconds: {{ .Values.queryFrontend.readinessProbe.timeoutSeconds }} resources: {{- toYaml .Values.queryFrontend.resources | nindent 12 }} + securityContext: + {{- toYaml .Values.queryFrontend.containerSecurityContext | nindent 12 }} {{- with .Values.queryFrontend.volumeMounts }} volumeMounts: {{- toYaml . | nindent 14 }} @@ -107,6 +109,10 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.queryFrontend.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.queryFrontend.volumes }} volumes: {{- toYaml . | nindent 8 }} diff --git a/charts/prometheus-thanos/templates/receiver/statefulset.yaml b/charts/prometheus-thanos/templates/receiver/statefulset.yaml index 6016025e..3e396e72 100644 --- a/charts/prometheus-thanos/templates/receiver/statefulset.yaml +++ b/charts/prometheus-thanos/templates/receiver/statefulset.yaml @@ -90,7 +90,6 @@ spec: - name: http-rw containerPort: {{ .Values.service.receiver.httpRemoteWrite.port }} protocol: TCP - env: - name: K8S_NAMESPACE valueFrom: @@ -102,11 +101,9 @@ spec: fieldPath: metadata.name - name: K8S_SERVICE value: {{ include "prometheus-thanos.fullname" . }}-receiver - {{- if .Values.receiver.extraEnv }} {{- toYaml .Values.receiver.extraEnv | nindent 12 }} {{- end }} - livenessProbe: httpGet: path: /-/healthy @@ -123,10 +120,10 @@ spec: periodSeconds: {{ .Values.receiver.readinessProbe.periodSeconds }} successThreshold: {{ .Values.receiver.readinessProbe.successThreshold }} timeoutSeconds: {{ .Values.receiver.readinessProbe.timeoutSeconds }} - resources: {{- toYaml .Values.receiver.resources | nindent 12 }} - + securityContext: + {{- toYaml .Values.receiver.containerSecurityContext | nindent 12 }} volumeMounts: - mountPath: /data name: storage-volume @@ -148,6 +145,10 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.receiver.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} volumes: {{- with .Values.receiver.volumes }} {{- toYaml . | nindent 8 }} diff --git a/charts/prometheus-thanos/templates/ruler/statefulset.yaml b/charts/prometheus-thanos/templates/ruler/statefulset.yaml index 68e893ec..a86bbc17 100644 --- a/charts/prometheus-thanos/templates/ruler/statefulset.yaml +++ b/charts/prometheus-thanos/templates/ruler/statefulset.yaml @@ -106,6 +106,8 @@ spec: timeoutSeconds: {{ .Values.ruler.readinessProbe.timeoutSeconds }} resources: {{- toYaml .Values.ruler.resources | nindent 12 }} + securityContext: + {{- toYaml .Values.ruler.containerSecurityContext | nindent 12 }} volumeMounts: - mountPath: /etc/thanos-ruler name: config @@ -156,6 +158,10 @@ spec: tolerations: {{- toYaml . | nindent 6 }} {{- end }} + {{- with .Values.ruler.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} volumes: - name: external-config-volume emptyDir: {} diff --git a/charts/prometheus-thanos/templates/store-gateway/statefulset.yaml b/charts/prometheus-thanos/templates/store-gateway/statefulset.yaml index 3c8b0a54..fbbf5f99 100644 --- a/charts/prometheus-thanos/templates/store-gateway/statefulset.yaml +++ b/charts/prometheus-thanos/templates/store-gateway/statefulset.yaml @@ -95,6 +95,8 @@ spec: timeoutSeconds: {{ .Values.storeGateway.readinessProbe.timeoutSeconds }} resources: {{- toYaml .Values.storeGateway.resources | nindent 12 }} + securityContext: + {{- toYaml .Values.storeGateway.containerSecurityContext | nindent 12 }} volumeMounts: - mountPath: /data name: storage-volume @@ -113,6 +115,10 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.storeGateway.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} volumes: {{- with .Values.storeGateway.volumes }} {{- toYaml . | nindent 8 }} diff --git a/charts/prometheus-thanos/values.yaml b/charts/prometheus-thanos/values.yaml index 1806c482..38bae9b3 100644 --- a/charts/prometheus-thanos/values.yaml +++ b/charts/prometheus-thanos/values.yaml @@ -66,7 +66,7 @@ queryFrontend: maxUnavailable: 0 image: repository: quay.io/thanos/thanos - tag: v0.27.0 + tag: v0.32.4 pullPolicy: IfNotPresent serviceAccount: create: false @@ -85,6 +85,17 @@ queryFrontend: nodeSelector: {} podNumericalPriorityEnabled: false podPriority: 0 + podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + containerSecurityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false podPriorityClassName: "" tolerations: [] affinity: {} @@ -129,7 +140,7 @@ querier: maxUnavailable: 0 image: repository: quay.io/thanos/thanos - tag: v0.27.0 + tag: v0.32.4 pullPolicy: IfNotPresent serviceAccount: create: false @@ -147,6 +158,17 @@ querier: podNumericalPriorityEnabled: false podPriority: 0 podPriorityClassName: "" + podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + containerSecurityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false tolerations: [] affinity: {} livenessProbe: @@ -186,7 +208,7 @@ storeGateway: updateStrategy: RollingUpdate image: repository: quay.io/thanos/thanos - tag: v0.27.0 + tag: v0.32.4 pullPolicy: IfNotPresent serviceAccount: create: false @@ -219,7 +241,17 @@ storeGateway: podNumericalPriorityEnabled: false podPriority: 0 podPriorityClassName: "" - + podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + containerSecurityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false resources: {} nodeSelector: {} tolerations: [] @@ -270,7 +302,7 @@ compact: updateStrategy: RollingUpdate image: repository: quay.io/thanos/thanos - tag: v0.27.0 + tag: v0.32.4 pullPolicy: IfNotPresent serviceAccount: create: false @@ -298,7 +330,17 @@ compact: podNumericalPriorityEnabled: false podPriority: 0 podPriorityClassName: "" - + podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + containerSecurityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false extraEnv: [] # - name: GOOGLE_APPLICATION_CREDENTIALS # value: /etc/gcp/secrets/credentials.json @@ -324,7 +366,7 @@ ruler: updateStrategy: RollingUpdate image: repository: quay.io/thanos/thanos - tag: v0.27.0 + tag: v0.32.4 pullPolicy: IfNotPresent sidecar: enabled: false @@ -397,6 +439,17 @@ ruler: podNumericalPriorityEnabled: true podPriority: 0 podPriorityClassName: "" + podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + containerSecurityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false receiver: enabled: true @@ -404,7 +457,7 @@ receiver: updateStrategy: RollingUpdate image: repository: quay.io/thanos/thanos - tag: v0.27.0 + tag: v0.32.4 pullPolicy: IfNotPresent serviceAccount: create: false @@ -431,7 +484,17 @@ receiver: podNumericalPriorityEnabled: false podPriority: 0 podPriorityClassName: "" - + podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + containerSecurityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false resources: {} nodeSelector: {} tolerations: [] @@ -467,7 +530,7 @@ bucketWebInterface: httpServerPort: 10902 image: repository: quay.io/thanos/thanos - tag: v0.27.0 + tag: v0.32.4 pullPolicy: IfNotPresent serviceAccount: create: false @@ -488,6 +551,17 @@ bucketWebInterface: podNumericalPriorityEnabled: false podPriority: 0 podPriorityClassName: "" + podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + containerSecurityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false replicaCount: 1 resources: {} tolerations: [] From 94eaa55492c3a00ac0fc2b4224fafe139b0c2658 Mon Sep 17 00:00:00 2001 From: Ihor Horak Date: Mon, 16 Oct 2023 14:44:04 +0300 Subject: [PATCH 2/2] [prometheus-thanos] upgrade docs Signed-off-by: Ihor Horak --- charts/prometheus-thanos/README.md | 664 ++++++++++++++--------------- 1 file changed, 332 insertions(+), 332 deletions(-) diff --git a/charts/prometheus-thanos/README.md b/charts/prometheus-thanos/README.md index 836bd508..a0b0a6c4 100644 --- a/charts/prometheus-thanos/README.md +++ b/charts/prometheus-thanos/README.md @@ -29,22 +29,22 @@ An example configmap will look like: apiVersion: v1 kind: ConfigMap metadata: -name: custom-config-map -labels: -thanos_alert_config: "1" + name: custom-config-map + labels: + thanos_alert_config: "1" data: -custom-external-rules.yaml: |- -groups: -- name: custom_external_rules_group - rules: - - alert: custom_alert - annotations: -description: "add your desc here" -summary: "add your summary here" - expr: up - for: 10m - labels: -severity: warn + custom-external-rules.yaml: |- + groups: + - name: custom_external_rules_group + rules: + - alert: custom_alert + annotations: + description: "add your desc here" + summary: "add your summary here" + expr: up + for: 10m + labels: + severity: warn ``` ## Uninstalling the Chart @@ -72,9 +72,9 @@ For example, if you had previously set `storeGateway.indexCacheSize` to `500MB`, ```yaml indexCache: -type: IN-MEMORY -config: -max_size: 500MB + type: IN-MEMORY + config: + max_size: 500MB ``` All configuration options can be found in [the documentation](https://thanos.io/components/store.md/#index-cache). @@ -86,319 +86,319 @@ The compactor persistence is now enabled by default and the default PVC size was The following table lists the configurable parameters of the prometheus-thanos chart and their default values. -| Parameter | Description | Default | -|:---------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------| -| `tracing.enabled` | Controls whether [tracing](https://github.com/thanos-io/thanos/blob/master/docs/tracing.md) is required across all components | `false` | -| `tracing.type` | The tracer [type](https://github.com/thanos-io/thanos/blob/master/docs/tracing.md).All components which support tracing will use this | `` | -| `tracing.config` | Config for the [tracer](https://github.com/thanos-io/thanos/blob/master/docs/tracing.md).All components which support tracing will use this | `{}` | -| `bucketWebInterface.enabled` | Controls whether bucket web interface related resources should be created | `false` | -| `bucketWebInterface.additionalAnnotations` | Additional annotations on bucket web interface pods | `{}` | -| `bucketWebInterface.additionalFlags` | Additional command line flags | `{}` | -| `bucketWebInterface.additionalLabels` | Additional labels on bucket web interface pods | `{}` | -| `bucketWebInterface.affinity` | Affinity | `{}` | -| `bucketWebInterface.extraEnv` | Extra env vars | `nil` | -| `bucketWebInterface.httpServerPort` | The port to expose from the bucket web interface container | `10902` | -| `bucketWebInterface.image.repository` | Docker image repo for bucket web interface | `quay.io/thanos/thanos` | -| `bucketWebInterface.image.tag` | Docker image tag for bucket web interface | `v0.32.4` | -| `bucketWebInterface.image.pullPolicy` | Docker image pull policy for bucket web interface | `IfNotPresent` | -| `bucketWebInterface.serviceAccount.create` | Create service account | `true` | -| `bucketWebInterface.serviceAccount.annotations` | Service account annotations | `nil` | -| `bucketWebInterface.logLevel` | Bucket web interface log level | `info` | -| `bucketWebInterface.nodeSelector` | NodeSelector | `{}` | -| `bucketWebInterface.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `nil` | -| `bucketWebInterface.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | -| `bucketWebInterface.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | -| `bucketWebInterface.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | -| `bucketWebInterface.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | -| `bucketWebInterface.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | -| `bucketWebInterface.replicaCount` | Replica count for bucket web interface | `1` | -| `bucketWebInterface.resources` | Resources | `{}` | -| `bucketWebInterface.tolerations` | Tolerations | `[]` | -| `bucketWebInterface.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | -| `bucketWebInterface.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | -| `bucketWebInterface.updateStrategy` | Deployment update strategy | `type: RollingUpdate` | -| `bucketWebInterface.volumeMounts` | Additional volume mounts | `nil` | -| `bucketWebInterface.volumes` | Additional volumes | `nil` | -| `compact.enabled` | Controls whether compact related resources should be created | `true` | -| `compact.additionalAnnotations` | Additional annotations on compactor pod | `{}` | -| `compact.additionalFlags` | Additional command line flags | `{}` | -| `compact.additionalLabels` | Additional labels on compactor pod | `{}` | -| `compact.affinity` | Affinity | `{}` | -| `compact.consistencyDelay` | Consistency delay | `30m` | -| `compact.extraEnv` | Extra env vars | `nil` | -| `compact.image.repository` | Docker image repo for compactor | `quay.io/thanos/thanos` | -| `compact.image.tag` | Docker image tag for compactor | `v0.32.4` | -| `compact.image.pullPolicy` | Docker image pull policy for store gateway | `IfNotPresent` | -| `compact.serviceAccount.create` | Create service account | `true` | -| `compact.serviceAccount.annotations` | Service account annotations | `nil` | -| `compact.logLevel` | Store gateway log level | `info` | -| `compact.nodeSelector` | NodeSelector | `{}` | -| `compact.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | -| `compact.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | -| `compact.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `nil` | -| `compact.persistentVolume.enabled` | Persistent volume enabled | `true` | -| `compact.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` | -| `compact.persistentVolume.annotations` | Persistent volume annotations | `{}` | -| `compact.persistentVolume.existingClaim` | Persistent volume existingClaim | `""` | -| `compact.persistentVolume.size` | Persistent volume size | `10Gi` | -| `compact.persistentVolume.storageClass` | Persistent volume storage class name | `""` | -| `compact.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | -| `compact.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | -| `compact.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | -| `compact.resources` | Resources | `{}` | -| `compact.retentionResolutionRaw` | Retention for raw buckets | `30d` | -| `compact.retentionResolution5m` | Retention for 5m buckets | `30d` | -| `compact.retentionResolution1h` | Retention for 1h buckets | `10y` | -| `compact.tolerations` | Tolerations | `[]` | -| `compact.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | -| `compact.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | -| `compact.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` | -| `compact.volumeMounts` | Additional volume mounts | `nil` | -| `compact.volumes` | Additional volumes | `nil` | -| `querier.enabled` | Controls whether querier related resources should be created | `true` | -| `querier.additionalAnnotations` | Additional annotations on querier pods | `{}` | -| `querier.additionalFlags` | Additional command line flags | `{}` | -| `querier.additionalLabels` | Additional labels on querier pods | `{}` | -| `querier.affinity` | Affinity | `{}` | -| `querier.autoscaling.enabled` | Controls whether StoreGateway autoscaling is enabled | `false` | -| `querier.autoscaling.maxReplicas` | Maximum number of replicas to scale to | `10` | -| `querier.autoscaling.minReplicas` | Minimum number of replicas to scale to | `1` | -| `querier.autoscaling.metrics` | Array of MetricSpecs that will decide whether to scale in or out | `target of 80% for both CPU and memory resources` | -| `querier.image.repository` | Docker image repo for querier | `quay.io/thanos/thanos` | -| `querier.image.tag` | Docker image tag for querier | `v0.32.4` | -| `querier.image.pullPolicy` | Docker image pull policy for querier | `IfNotPresent` | -| `querier.serviceAccount.create` | Create service account | `true` | -| `querier.serviceAccount.annotations` | Service account annotations | `nil` | -| `querier.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | -| `querier.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | -| `querier.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | -| `querier.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | -| `querier.logLevel` | Querier log level | `info` | -| `querier.nodeSelector` | NodeSelector | `{}` | -| `querier.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | -| `querier.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | -| `querier.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | -| `querier.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | -| `querier.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | -| `querier.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | -| `querier.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` | -| `querier.replicaCount` | Replica count for querier | `1` | -| `querier.replicaLabels` | Replica reference labels which are used for query response deduplication | `[]` | -| `querier.resources` | Resources | `{}` | -| `querier.stores` | List of stores [see](https://github.com/thanos-io/thanos/blob/master/docs/components/query.md) | `[]` | -| `querier.tolerations` | Tolerations | `[]` | -| `querier.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | -| `querier.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | -| `querier.updateStrategy` | Deployment update strategy | `type: RollingUpdate` | -| `querier.volumeMounts` | Additional volume mounts | `nil` | -| `querier.volumes` | Additional volumes | `nil` | -| `queryFrontend.enabled` | Controls whether query-frontend related resources should be created | `true` | -| `queryFrontend.additionalAnnotations` | Additional annotations on query-frontend pods | `{}` | -| `queryFrontend.additionalFlags` | Additional command line flags | `{}` | -| `queryFrontend.additionalLabels` | Additional labels on query-frontend pods | `{}` | -| `queryFrontend.affinity` | Affinity | `{}` | -| `queryFrontend.autoscaling.enabled` | Controls whether query-frontend autoscaling is enabled | `false` | -| `queryFrontend.autoscaling.maxReplicas` | Maximum number of replicas to scale to | `10` | -| `queryFrontend.autoscaling.minReplicas` | Minimum number of replicas to scale to | `1` | -| `queryFrontend.autoscaling.metrics` | Array of MetricSpecs that will decide whether to scale in or out | `target of 80% for both CPU and memory resources` | -| `queryFrontend.cache.config` | Caching configuration | `nil` | -| `queryFrontend.cache.enabled` | Controls whether caching should be used | `false` | -| `queryFrontend.cache.type` | Type of caching [see](https://thanos.io/tip/components/query-frontend.md/#caching) | `nil` | -| `queryFrontend.downstreamUrl` | The URL of the querier service | `the default URL of the querier service` | -| `queryFrontend.image.repository` | Docker image repo for query-frontend | `quay.io/thanos/thanos` | -| `queryFrontend.image.tag` | Docker image tag for query-frontend | `v0.32.4` | -| `queryFrontend.image.pullPolicy` | Docker image pull policy for query-frontend | `IfNotPresent` | -| `queryFrontend.serviceAccount.create` | Create service account | `true` | -| `queryFrontend.serviceAccount.annotations` | Service account annotations | `nil` | -| `queryFrontend.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | -| `queryFrontend.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | -| `queryFrontend.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | -| `queryFrontend.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | -| `queryFrontend.logLevel` | Query-frontend log level | `info` | -| `queryFrontend.logQueriesLongerThan` | Log queries that are slower than the specified duration. | `0` | -| `queryFrontend.nodeSelector` | NodeSelector | `{}` | -| `queryFrontend.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | -| `queryFrontend.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | -| `queryFrontend.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | -| `queryFrontend.querySplitInterval` | Split query range requests by an interval and execute in parallel | `24h` | -| `queryFrontend.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | -| `queryFrontend.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | -| `queryFrontend.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | -| `queryFrontend.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` | -| `queryFrontend.replicaCount` | Replica count for query-frontend | `1` | -| `queryFrontend.resources` | Resources | `{}` | -| `queryFrontend.stores` | List of stores [see](https://github.com/thanos-io/thanos/blob/master/docs/components/query.md) | `[]` | -| `queryFrontend.tolerations` | Tolerations | `[]` | -| `queryFrontend.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | -| `queryFrontend.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | -| `queryFrontend.updateStrategy` | Deployment update strategy | `type: RollingUpdate` | -| `queryFrontend.volumeMounts` | Additional volume mounts | `nil` | -| `queryFrontend.volumes` | Additional volumes | `nil` | -| `receiver.enabled` | Controls whether receiver related resources should be created | `true` | -| `receiver.affinity` | Affinity | `{}` | -| `receiver.additionalAnnotations` | Additional annotations on receiver pods | `{}` | -| `receiver.additionalFlags` | Additional command line flags | `{}` | -| `receiver.additionalLabels` | Additional labels on receiver pods | `{}` | -| `receiver.extraEnv` | Extra env vars | `nil` | -| `receiver.image.repository` | Docker image repo for receiver | `quay.io/thanos/thanos` | -| `receiver.image.tag` | Docker image tag for receiver | `v0.32.4` | -| `receiver.image.pullPolicy` | Docker image pull policy for receiver | `IfNotPresent` | -| `receiver.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | -| `receiver.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | -| `receiver.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | -| `receiver.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | -| `receiver.logLevel` | Receiver log level | `info` | -| `receiver.nodeSelector` | NodeSelector | `{}` | -| `receiver.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | -| `receiver.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | -| `receiver.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `GCS` | -| `receiver.persistentVolume.enabled` | Persistent volume enabled | `true` | -| `receiver.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` | -| `receiver.persistentVolume.annotations` | Persistent volume annotations | `{}` | -| `receiver.persistentVolume.existingClaim` | Persistent volume existingClaim | `""` | -| `receiver.persistentVolume.size` | Persistent volume size | `2Gi` | -| `receiver.persistentVolume.storageClass` | Persistent volume storage class name | `""` | -| `receiver.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | -| `receiver.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | -| `receiver.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | -| `receiver.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | -| `receiver.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | -| `receiver.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | -| `receiver.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` | -| `receiver.replicaCount` | Replica count for receiver | `1` | -| `receiver.replicationFactor` | Number of times to replicate incoming write requests | `1` | -| `receiver.resources` | Resources | `{}` | -| `receiver.serviceAccount.create` | Create service account | `true` | -| `receiver.serviceAccount.annotations` | Service account annotations | `nil` | -| `receiver.tolerations` | Tolerations | `[]` | -| `receiver.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | -| `receiver.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | -| `receiver.tsdbRetention` | The period to retain TSDB blocks in the receiver | `1d` | -| `receiver.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` | -| `receiver.volumeMounts` | Additional volume mounts | `nil` | -| `receiver.volumes` | Additional volumes | `nil` | -| `ruler.enabled` | controls whether ruler related resources should be created | `true` | -| `ruler.additionalAnnotations` | Additional annotations on ruler pod | `{}` | -| `ruler.additionalFlags` | Additional command line flags | `{}` | -| `ruler.additionalLabels` | Additional labels on ruler pod | `{}` | -| `ruler.affinity` | Affinity | `{}` | -| `ruler.alertmanagerUrl` | Ruler alert manager url | `http://localhost` | -| `ruler.clusterName` | Ruler cluster name | `nil` | -| `ruler.config` | Default ruler config | `nil` | -| `ruler.evalInterval` | Ruler evaluation interval | `1m` | -| `ruler.extraEnv` | Extra env vars | `nil` | -| `ruler.image.repository` | Docker image repo for ruler | `quay.io/thanos/thanos` | -| `ruler.image.tag` | Docker image tag for ruler | `v0.32.4` | -| `ruler.image.pullPolicy` | Docker image pull policy for ruler | `IfNotPresent` | -| `ruler.imagePullSecrets` | Docker image pull secrets for ruler | `[]` | -| `ruler.serviceAccount.annotations` | Service account annotations | `nil` | -| `ruler.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | -| `ruler.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | -| `ruler.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | -| `ruler.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | -| `ruler.logLevel` | Ruler log level | `info` | -| `ruler.nodeSelector` | NodeSelector | `{}` | -| `ruler.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `nil` | -| `ruler.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | -| `ruler.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | -| `ruler.persistentVolume.enabled` | Persistent volume enabled | `true` | -| `ruler.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` | -| `ruler.persistentVolume.annotations` | Persistent volume annotations | `{}` | -| `ruler.persistentVolume.existingClaim` | Persistent volume existingClaim | `""` | -| `ruler.persistentVolume.size` | Persistent volume size | `2Gi` | -| `ruler.persistentVolume.storageClass` | Persistent volume storage class name | `""` | -| `ruler.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | -| `ruler.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | -| `ruler.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | -| `ruler.queries` | Ruler quieries endpoints | `[]` | -| `ruler.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | -| `ruler.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | -| `ruler.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | -| `ruler.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` | -| `ruler.replicaCount` | Replica count for ruler | `1` | -| `ruler.resources` | Resources | `{}` | -| `ruler.ruleFile` | Rule files that should be used | `/etc/thanos-ruler/**/*-rules.yaml` | -| `ruler.sidecar.image.repository` | Docker image for configmap watcher sidecar | `kiwigrid/k8s-configmap-watcher` | -| `ruler.sidecar.image.tag` | Docker image tag for configmap watcher sidecar | `0.1.1` | -| `ruler.sidecar.image.pullPolicy` | Pull policy for configmap watcher sidecar | `IfNotPresent` | -| `ruler.sidecar.enabled` | Enable configmap watcher sidecar | `false` | -| `ruler.sidecar.watchLabel` | Label for configmaps to watch | `thanos_alert_config` | -| `ruler.tolerations` | Tolerations | `[]` | -| `ruler.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | -| `ruler.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | -| `ruler.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` | -| `ruler.volumeMounts` | Additional volume mounts | `nil` | -| `ruler.volumes` | Additional volumes | `nil` | -| `service.bucketWebInterface.type` | Service type for the bucket web interface | `ClusterIP` | -| `service.bucketWebInterface.http.port` | Service http port for the bucket web interface | `9090` | -| `service.bucketWebInterface.annotations` | Service annotations for the bucket web interface | `{}` | -| `service.compact.type` | Service type for the compactor | `ClusterIP` | -| `service.compact.http.port` | Service http port for the compactor | `9090` | -| `service.compact.annotations` | Service annotations for the compactor | `{}` | -| `service.receiver.http.port` | Service http port for the receiver | `9090` | -| `service.receiver.httpRemoteWrite.port` | Service http port for the receiver remote write endpoint | `9091` | -| `service.receiver.grpc.port` | Service grpc port for the receiver | `10901` | -| `service.receiver.annotations` | Service annotations for the receiver | `{}` | -| `service.querier.type` | Service type for the querier | `ClusterIP` | -| `service.querier.http.port` | Service http port for the querier | `9090` | -| `service.querier.grpc.port` | Service grpc port for the querier | `10901` | -| `service.querier.annotations` | Service annotations for the querier | `{}` | -| `service.storeGateway.type` | Service type for the store gateway | `ClusterIP` | -| `service.storeGateway.http.port` | Service http port for the store gateway | `9090` | -| `service.storeGateway.grpc.port` | Service grpc port for the store gateway | `10901` | -| `service.storeGateway.annotations` | Service annotations for the store gateway | `{}` | -| `service.ruler.type` | Service type for ruler | `ClusterIP` | -| `service.ruler.http.port` | Service http port for ruler | `9090` | -| `service.ruler.grpc.port` | Service grpc port for ruler | `10901` | -| `service.ruler.annotations` | Service annotations for the ruler | `{}` | -| `storeGateway.enabled` | Controls whether StoreGateway related resources should be created | `true` | -| `storeGateway.affinity` | Affinity | `{}` | -| `storeGateway.additionalAnnotations` | Additional annotations on store gateway pods | `{}` | -| `storeGateway.additionalFlags` | Additional command line flags | `{}` | -| `storeGateway.additionalLabels` | Additional labels on store gateway pods | `{}` | -| `storeGateway.autoscaling.enabled` | Controls whether StoreGateway autoscaling is enabled | `false` | -| `storeGateway.autoscaling.maxReplicas` | Maximum number of replicas to scale to | `10` | -| `storeGateway.autoscaling.minReplicas` | Minimum number of replicas to scale to | `1` | -| `storeGateway.autoscaling.metrics` | Array of MetricSpecs that will decide whether to scale in or out | `target of 80% for both CPU and memory resources` | -| `storeGateway.chunkPoolSize` | Chunk pool size | `500MB` | -| `storeGateway.extraEnv` | Extra env vars | `nil` | -| `storeGateway.image.repository` | Docker image repo for store gateway | `quay.io/thanos/thanos` | -| `storeGateway.image.tag` | Docker image tag for store gateway | `v0.32.4` | -| `storeGateway.image.pullPolicy` | Docker image pull policy for store gateway | `IfNotPresent` | -| `storeGateway.indexCache.config` | Config for the index cache, see [the docs](https://thanos.io/components/store.md/#index-cache) | `max_size: 500MB` | -| `storeGateway.indexCache.type` | Type of the index cache, either `IN-MEMORY` or `MEMCACHED` | `IN-MEMORY` | -| `storeGateway.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | -| `storeGateway.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | -| `storeGateway.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | -| `storeGateway.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | -| `storeGateway.logLevel` | Store gateway log level | `info` | -| `storeGateway.nodeSelector` | NodeSelector | `{}` | -| `storeGateway.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | -| `storeGateway.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | -| `storeGateway.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `GCS` | -| `storeGateway.persistentVolume.enabled` | Persistent volume enabled | `true` | -| `storeGateway.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` | -| `storeGateway.persistentVolume.annotations` | Persistent volume annotations | `{}` | -| `storeGateway.persistentVolume.existingClaim` | Persistent volume existingClaim | `""` | -| `storeGateway.persistentVolume.size` | Persistent volume size | `2Gi` | -| `storeGateway.persistentVolume.storageClass` | Persistent volume storage class name | `""` | -| `storeGateway.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | -| `storeGateway.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | -| `storeGateway.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | -| `storeGateway.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | -| `storeGateway.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | -| `storeGateway.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | -| `storeGateway.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` | -| `storeGateway.replicaCount` | Replica count for store gateway | `1` | -| `storeGateway.resources` | Resources | `{}` | -| `storeGateway.serviceAccount.create` | Create service account | `true` | -| `storeGateway.serviceAccount.annotations` | Service account annotations | `nil` | -| `storeGateway.tolerations` | Tolerations | `[]` | -| `storeGateway.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | -| `storeGateway.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | -| `storeGateway.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` | -| `storeGateway.volumeMounts` | Additional volume mounts | `nil` | -| `storeGateway.volumes` | Additional volumes | `nil` | +| Parameter | Description | Default | +| ------------------------------------------ | ----------------------------------------- | ---------------------------------- | +| `tracing.enabled` | Controls whether [tracing](https://github.com/thanos-io/thanos/blob/master/docs/tracing.md) is required across all components | `false` | +| `tracing.type` | The tracer [type](https://github.com/thanos-io/thanos/blob/master/docs/tracing.md). All components which support tracing will use this | `` | +| `tracing.config` | Config for the [tracer](https://github.com/thanos-io/thanos/blob/master/docs/tracing.md). All components which support tracing will use this | `{}` | +| `bucketWebInterface.enabled` | Controls whether bucket web interface related resources should be created | `false` | +| `bucketWebInterface.additionalAnnotations` | Additional annotations on bucket web interface pods| `{}` | +| `bucketWebInterface.additionalFlags` | Additional command line flags | `{}` | +| `bucketWebInterface.additionalLabels` | Additional labels on bucket web interface pods| `{}` | +| `bucketWebInterface.affinity` | Affinity | `{}` | +| `bucketWebInterface.extraEnv` | Extra env vars | `nil` | +| `bucketWebInterface.httpServerPort` | The port to expose from the bucket web interface container | `10902` | +| `bucketWebInterface.image.repository` | Docker image repo for bucket web interface | `quay.io/thanos/thanos` | +| `bucketWebInterface.image.tag` | Docker image tag for bucket web interface | `v0.27.0` | +| `bucketWebInterface.image.pullPolicy` | Docker image pull policy for bucket web interface| `IfNotPresent` | +| `bucketWebInterface.serviceAccount.create` | Create service account | `true` | +| `bucketWebInterface.serviceAccount.annotations` | Service account annotations | `nil` | +| `bucketWebInterface.logLevel` | Bucket web interface log level | `info` | +| `bucketWebInterface.nodeSelector` | NodeSelector | `{}` | +| `bucketWebInterface.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `nil` | +| `bucketWebInterface.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | +| `bucketWebInterface.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | +| `bucketWebInterface.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | +| `bucketWebInterface.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | +| `bucketWebInterface.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | +| `bucketWebInterface.replicaCount` | Replica count for bucket web interface | `1` | +| `bucketWebInterface.resources` | Resources | `{}` | +| `bucketWebInterface.tolerations` | Tolerations | `[]` | +| `bucketWebInterface.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | +| `bucketWebInterface.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | +| `bucketWebInterface.updateStrategy` | Deployment update strategy | `type: RollingUpdate` | +| `bucketWebInterface.volumeMounts` | Additional volume mounts | `nil` | +| `bucketWebInterface.volumes` |Additional volumes | `nil` | +| `compact.enabled` | Controls whether compact related resources should be created | `true` | +| `compact.additionalAnnotations` | Additional annotations on compactor pod| `{}` | +| `compact.additionalFlags` | Additional command line flags | `{}` | +| `compact.additionalLabels` | Additional labels on compactor pod| `{}` | +| `compact.affinity` | Affinity | `{}` | +| `compact.consistencyDelay` | Consistency delay | `30m` | +| `compact.extraEnv` | Extra env vars | `nil` | +| `compact.image.repository` | Docker image repo for compactor | `quay.io/thanos/thanos` | +| `compact.image.tag` | Docker image tag for compactor | `v0.27.0` | +| `compact.image.pullPolicy` | Docker image pull policy for store gateway | `IfNotPresent` | +| `compact.serviceAccount.create` | Create service account | `true` | +| `compact.serviceAccount.annotations` | Service account annotations | `nil` | +| `compact.logLevel` | Store gateway log level | `info` | +| `compact.nodeSelector` | NodeSelector | `{}` | +| `compact.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | +| `compact.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | +| `compact.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `nil` | +| `compact.persistentVolume.enabled` | Persistent volume enabled | `true` | +| `compact.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` | +| `compact.persistentVolume.annotations` | Persistent volume annotations | `{}` | +| `compact.persistentVolume.existingClaim` | Persistent volume existingClaim | `""` | +| `compact.persistentVolume.size` | Persistent volume size | `10Gi` | +| `compact.persistentVolume.storageClass` | Persistent volume storage class name | `""` | +| `compact.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | +| `compact.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | +| `compact.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | +| `compact.resources` | Resources | `{}` | +| `compact.retentionResolutionRaw` | Retention for raw buckets | `30d` | +| `compact.retentionResolution5m` | Retention for 5m buckets | `30d` | +| `compact.retentionResolution1h` | Retention for 1h buckets | `10y` | +| `compact.tolerations` | Tolerations | `[]` | +| `compact.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | +| `compact.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | +| `compact.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` | +| `compact.volumeMounts` | Additional volume mounts | `nil` | +| `compact.volumes` | Additional volumes | `nil` | +| `querier.enabled` | Controls whether querier related resources should be created | `true` | +| `querier.additionalAnnotations` | Additional annotations on querier pods| `{}` | +| `querier.additionalFlags` | Additional command line flags | `{}` | +| `querier.additionalLabels` | Additional labels on querier pods| `{}` | +| `querier.affinity` | Affinity | `{}` | +| `querier.autoscaling.enabled` | Controls whether StoreGateway autoscaling is enabled | `false` | +| `querier.autoscaling.maxReplicas` | Maximum number of replicas to scale to | `10` | +| `querier.autoscaling.minReplicas` | Minimum number of replicas to scale to | `1` | +| `querier.autoscaling.metrics` | Array of MetricSpecs that will decide whether to scale in or out | `target of 80% for both CPU and memory resources` | +| `querier.image.repository` | Docker image repo for querier | `quay.io/thanos/thanos` | +| `querier.image.tag` | Docker image tag for querier | `v0.27.0` | +| `querier.image.pullPolicy` | Docker image pull policy for querier| `IfNotPresent` | +| `querier.serviceAccount.create` | Create service account | `true` | +| `querier.serviceAccount.annotations` | Service account annotations | `nil` | +| `querier.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | +| `querier.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | +| `querier.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | +| `querier.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | +| `querier.logLevel` | Querier log level | `info` | +| `querier.nodeSelector` | NodeSelector | `{}` | +| `querier.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | +| `querier.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | +| `querier.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | +| `querier.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | +| `querier.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | +| `querier.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | +| `querier.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` | +| `querier.replicaCount` | Replica count for querier | `1` | +| `querier.replicaLabels` | Replica reference labels which are used for query response deduplication | `[]` | +| `querier.resources` | Resources | `{}` | +| `querier.stores` | List of stores [see](https://github.com/thanos-io/thanos/blob/master/docs/components/query.md) | `[]` | +| `querier.tolerations` | Tolerations | `[]` | +| `querier.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | +| `querier.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | +| `querier.updateStrategy` | Deployment update strategy | `type: RollingUpdate` | +| `querier.volumeMounts` | Additional volume mounts | `nil` | +| `querier.volumes` | Additional volumes | `nil` | +| `queryFrontend.enabled` | Controls whether query-frontend related resources should be created | `true` | +| `queryFrontend.additionalAnnotations` | Additional annotations on query-frontend pods| `{}` | +| `queryFrontend.additionalFlags` | Additional command line flags | `{}` | +| `queryFrontend.additionalLabels` | Additional labels on query-frontend pods| `{}` | +| `queryFrontend.affinity` | Affinity | `{}` | +| `queryFrontend.autoscaling.enabled` | Controls whether query-frontend autoscaling is enabled | `false` | +| `queryFrontend.autoscaling.maxReplicas` | Maximum number of replicas to scale to | `10` | +| `queryFrontend.autoscaling.minReplicas` | Minimum number of replicas to scale to | `1` | +| `queryFrontend.autoscaling.metrics` | Array of MetricSpecs that will decide whether to scale in or out | `target of 80% for both CPU and memory resources` | +| `queryFrontend.cache.config` | Caching configuration | `nil` | +| `queryFrontend.cache.enabled` | Controls whether caching should be used | `false` | +| `queryFrontend.cache.type` | Type of caching [see](https://thanos.io/tip/components/query-frontend.md/#caching) | `nil` | +| `queryFrontend.downstreamUrl` | The URL of the querier service | `the default URL of the querier service` | +| `queryFrontend.image.repository` | Docker image repo for query-frontend | `quay.io/thanos/thanos` | +| `queryFrontend.image.tag` | Docker image tag for query-frontend | `v0.27.0` | +| `queryFrontend.image.pullPolicy` | Docker image pull policy for query-frontend| `IfNotPresent` | +| `queryFrontend.serviceAccount.create` | Create service account | `true` | +| `queryFrontend.serviceAccount.annotations` | Service account annotations | `nil` | +| `queryFrontend.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | +| `queryFrontend.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | +| `queryFrontend.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | +| `queryFrontend.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | +| `queryFrontend.logLevel` | Query-frontend log level | `info` | +| `queryFrontend.logQueriesLongerThan` | Log queries that are slower than the specified duration. | `0` | +| `queryFrontend.nodeSelector` | NodeSelector | `{}` | +| `queryFrontend.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | +| `queryFrontend.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | +| `queryFrontend.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | +| `queryFrontend.querySplitInterval` | Split query range requests by an interval and execute in parallel | `24h` | +| `queryFrontend.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | +| `queryFrontend.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | +| `queryFrontend.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | +| `queryFrontend.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` | +| `queryFrontend.replicaCount` | Replica count for query-frontend | `1` | +| `queryFrontend.resources` | Resources | `{}` | +| `queryFrontend.stores` | List of stores [see](https://github.com/thanos-io/thanos/blob/master/docs/components/query.md) | `[]` | +| `queryFrontend.tolerations` | Tolerations | `[]` | +| `queryFrontend.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | +| `queryFrontend.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | +| `queryFrontend.updateStrategy` | Deployment update strategy | `type: RollingUpdate` | +| `queryFrontend.volumeMounts` | Additional volume mounts | `nil` | +| `queryFrontend.volumes` | Additional volumes | `nil` | +| `receiver.enabled` | Controls whether receiver related resources should be created | `true` | +| `receiver.affinity` | Affinity | `{}` | +| `receiver.additionalAnnotations` | Additional annotations on receiver pods| `{}` | +| `receiver.additionalFlags` | Additional command line flags | `{}` | +| `receiver.additionalLabels` | Additional labels on receiver pods| `{}` | +| `receiver.extraEnv` | Extra env vars | `nil` | +| `receiver.image.repository` | Docker image repo for receiver | `quay.io/thanos/thanos` | +| `receiver.image.tag` | Docker image tag for receiver | `v0.27.0` | +| `receiver.image.pullPolicy` | Docker image pull policy for receiver | `IfNotPresent` | +| `receiver.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | +| `receiver.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | +| `receiver.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | +| `receiver.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | +| `receiver.logLevel` | Receiver log level | `info` | +| `receiver.nodeSelector` | NodeSelector | `{}` | +| `receiver.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | +| `receiver.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | +| `receiver.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `GCS` | +| `receiver.persistentVolume.enabled` | Persistent volume enabled | `true` | +| `receiver.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` | +| `receiver.persistentVolume.annotations` | Persistent volume annotations | `{}` | +| `receiver.persistentVolume.existingClaim` | Persistent volume existingClaim | `""` | +| `receiver.persistentVolume.size` | Persistent volume size | `2Gi` | +| `receiver.persistentVolume.storageClass` | Persistent volume storage class name | `""` | +| `receiver.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | +| `receiver.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | +| `receiver.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | +| `receiver.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | +| `receiver.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | +| `receiver.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | +| `receiver.readinessProbe.timeoutSeconds` |Readiness probe timeoutSeconds | `30` | +| `receiver.replicaCount` | Replica count for receiver | `1` | +| `receiver.replicationFactor` | Number of times to replicate incoming write requests | `1` | +| `receiver.resources` | Resources | `{}` | +| `receiver.serviceAccount.create` | Create service account | `true` | +| `receiver.serviceAccount.annotations` | Service account annotations | `nil` | +| `receiver.tolerations` | Tolerations | `[]` | +| `receiver.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | +| `receiver.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | +| `receiver.tsdbRetention` | The period to retain TSDB blocks in the receiver | `1d` | +| `receiver.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` | +| `receiver.volumeMounts` | Additional volume mounts | `nil` | +| `receiver.volumes` |Additional volumes | `nil` | +| `ruler.enabled` | controls whether ruler related resources should be created | `true` | +| `ruler.additionalAnnotations` | Additional annotations on ruler pod| `{}` | +| `ruler.additionalFlags` | Additional command line flags | `{}` | +| `ruler.additionalLabels` | Additional labels on ruler pod| `{}` | +| `ruler.affinity` | Affinity | `{}` | +| `ruler.alertmanagerUrl` | Ruler alert manager url | `http://localhost` | +| `ruler.clusterName` | Ruler cluster name | `nil` | +| `ruler.config` | Default ruler config | `nil` | +| `ruler.evalInterval` | Ruler evaluation interval | `1m` | +| `ruler.extraEnv` | Extra env vars | `nil` | +| `ruler.image.repository` | Docker image repo for ruler | `quay.io/thanos/thanos` | +| `ruler.image.tag` | Docker image tag for ruler | `v0.27.0` | +| `ruler.image.pullPolicy` | Docker image pull policy for ruler | `IfNotPresent` | +| `ruler.imagePullSecrets` | Docker image pull secrets for ruler | `[]` | +| `ruler.serviceAccount.annotations` | Service account annotations | `nil` | +| `ruler.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | +| `ruler.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | +| `ruler.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | +| `ruler.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | +| `ruler.logLevel` | Ruler log level | `info` | +| `ruler.nodeSelector` | NodeSelector | `{}` | +| `ruler.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `nil` | +| `ruler.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | +| `ruler.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | +| `ruler.persistentVolume.enabled` | Persistent volume enabled | `true` | +| `ruler.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` | +| `ruler.persistentVolume.annotations` | Persistent volume annotations | `{}` | +| `ruler.persistentVolume.existingClaim` | Persistent volume existingClaim | `""` | +| `ruler.persistentVolume.size` | Persistent volume size | `2Gi` | +| `ruler.persistentVolume.storageClass` | Persistent volume storage class name | `""` | +| `ruler.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`.| `false` | +| `ruler.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | +| `ruler.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | +| `ruler.queries` | Ruler quieries endpoints | `[]` | +| `ruler.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | +| `ruler.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | +| `ruler.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | +| `ruler.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` | +| `ruler.replicaCount` | Replica count for ruler | `1` | +| `ruler.resources` | Resources | `{}` | +| `ruler.ruleFile` | Rule files that should be used | `/etc/thanos-ruler/**/*-rules.yaml` | +| `ruler.sidecar.image.repository` | Docker image for configmap watcher sidecar | `kiwigrid/k8s-configmap-watcher` | +| `ruler.sidecar.image.tag` | Docker image tag for configmap watcher sidecar | `0.1.1` | +| `ruler.sidecar.image.pullPolicy` | Pull policy for configmap watcher sidecar | `IfNotPresent` | +| `ruler.sidecar.enabled` | Enable configmap watcher sidecar | `false` | +| `ruler.sidecar.watchLabel` | Label for configmaps to watch | `thanos_alert_config` | +| `ruler.tolerations` | Tolerations | `[]` | +| `ruler.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | +| `ruler.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | +| `ruler.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` | +| `ruler.volumeMounts` | Additional volume mounts | `nil` | +| `ruler.volumes` | Additional volumes | `nil` | +| `service.bucketWebInterface.type` | Service type for the bucket web interface | `ClusterIP` | +| `service.bucketWebInterface.http.port` | Service http port for the bucket web interface | `9090` | +| `service.bucketWebInterface.annotations` | Service annotations for the bucket web interface | `{}` | +| `service.compact.type` | Service type for the compactor | `ClusterIP` | +| `service.compact.http.port` | Service http port for the compactor | `9090` | +| `service.compact.annotations` | Service annotations for the compactor | `{}` | +| `service.receiver.http.port` | Service http port for the receiver | `9090` | +| `service.receiver.httpRemoteWrite.port` | Service http port for the receiver remote write endpoint | `9091` | +| `service.receiver.grpc.port` | Service grpc port for the receiver | `10901` | +| `service.receiver.annotations` | Service annotations for the receiver | `{}` | +| `service.querier.type` | Service type for the querier | `ClusterIP` | +| `service.querier.http.port` | Service http port for the querier | `9090` | +| `service.querier.grpc.port` | Service grpc port for the querier | `10901` | +| `service.querier.annotations` | Service annotations for the querier | `{}` | +| `service.storeGateway.type` | Service type for the store gateway | `ClusterIP` | +| `service.storeGateway.http.port` | Service http port for the store gateway | `9090` | +| `service.storeGateway.grpc.port` | Service grpc port for the store gateway | `10901` | +| `service.storeGateway.annotations` | Service annotations for the store gateway | `{}` | +| `service.ruler.type` | Service type for ruler | `ClusterIP` | +| `service.ruler.http.port` | Service http port for ruler | `9090` | +| `service.ruler.grpc.port` | Service grpc port for ruler | `10901` | +| `service.ruler.annotations` | Service annotations for the ruler | `{}` | +| `storeGateway.enabled` | Controls whether StoreGateway related resources should be created | `true` | +| `storeGateway.affinity` | Affinity | `{}` | +| `storeGateway.additionalAnnotations` | Additional annotations on store gateway pods| `{}` | +| `storeGateway.additionalFlags` | Additional command line flags | `{}` | +| `storeGateway.additionalLabels` | Additional labels on store gateway pods| `{}` | +| `storeGateway.autoscaling.enabled` | Controls whether StoreGateway autoscaling is enabled | `false` | +| `storeGateway.autoscaling.maxReplicas` | Maximum number of replicas to scale to | `10` | +| `storeGateway.autoscaling.minReplicas` | Minimum number of replicas to scale to | `1` | +| `storeGateway.autoscaling.metrics` | Array of MetricSpecs that will decide whether to scale in or out | `target of 80% for both CPU and memory resources` | +| `storeGateway.chunkPoolSize` | Chunk pool size | `500MB` | +| `storeGateway.extraEnv` | Extra env vars | `nil` | +| `storeGateway.image.repository` | Docker image repo for store gateway | `quay.io/thanos/thanos` | +| `storeGateway.image.tag` | Docker image tag for store gateway | `v0.27.0` | +| `storeGateway.image.pullPolicy` | Docker image pull policy for store gateway | `IfNotPresent` | +| `storeGateway.indexCache.config` | Config for the index cache, see [the docs](https://thanos.io/components/store.md/#index-cache) | `max_size: 500MB` | +| `storeGateway.indexCache.type` | Type of the index cache, either `IN-MEMORY` or `MEMCACHED` | `IN-MEMORY` | +| `storeGateway.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` | +| `storeGateway.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` | +| `storeGateway.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` | +| `storeGateway.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` | +| `storeGateway.logLevel` | Store gateway log level | `info` | +| `storeGateway.nodeSelector` | NodeSelector | `{}` | +| `storeGateway.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` | +| `storeGateway.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` | +| `storeGateway.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `GCS` | +| `storeGateway.persistentVolume.enabled` | Persistent volume enabled | `true` | +| `storeGateway.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` | +| `storeGateway.persistentVolume.annotations` | Persistent volume annotations | `{}` | +| `storeGateway.persistentVolume.existingClaim` | Persistent volume existingClaim | `""` | +| `storeGateway.persistentVolume.size` | Persistent volume size | `2Gi` | +| `storeGateway.persistentVolume.storageClass` | Persistent volume storage class name | `""` | +| `storeGateway.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` | +| `storeGateway.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` | +| `storeGateway.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `""` | +| `storeGateway.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` | +| `storeGateway.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` | +| `storeGateway.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` | +| `storeGateway.readinessProbe.timeoutSeconds` |Readiness probe timeoutSeconds | `30` | +| `storeGateway.replicaCount` | Replica count for store gateway | `1` | +| `storeGateway.resources` | Resources | `{}` | +| `storeGateway.serviceAccount.create` | Create service account | `true` | +| `storeGateway.serviceAccount.annotations` | Service account annotations | `nil` | +| `storeGateway.tolerations` | Tolerations | `[]` | +| `storeGateway.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
`runAsUser: 1001`
`runAsGroup: 1001`
`fsGroup: 1001` | +| `storeGateway.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
`runAsNonRoot: true`
`allowPrivilegeEscalation: false`
`capabilities:`
`drop:`
`- ALL`
`privileged: false` | +| `storeGateway.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` | +| `storeGateway.volumeMounts` | Additional volume mounts | `nil` | +| `storeGateway.volumes` |Additional volumes | `nil` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: @@ -406,4 +406,4 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm helm install --name prometheus-thanos --set ingress.enabled=false kiwigrid/prometheus-thanos ``` -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. \ No newline at end of file