diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml index 6e4b0db..7a8578c 100644 --- a/.github/workflows/chart-release.yaml +++ b/.github/workflows/chart-release.yaml @@ -26,6 +26,13 @@ jobs: env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + - name: Add dependency chart repos + run: | + helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo add grafana https://grafana.github.io/helm-charts + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm repo add kiali-server https://kiali.org/helm-charts + - name: Run chart-releaser uses: helm/chart-releaser-action@v1.6.0 env: diff --git a/charts/nopo11y-stack/Chart.yaml b/charts/nopo11y-stack/Chart.yaml index cf9ba92..9b67a1a 100644 --- a/charts/nopo11y-stack/Chart.yaml +++ b/charts/nopo11y-stack/Chart.yaml @@ -19,7 +19,7 @@ dependencies: version: 6.15.5 - condition: sloth.enabled name: sloth - repository: https://github.com/slok/sloth + repository: "" version: 0.7.0 - condition: kiali-server.enabled name: kiali-server @@ -27,7 +27,7 @@ dependencies: version: 1.83.0 - condition: jaeger.enabled name: jaeger - repository: https://jaegertracing.io + repository: "" version: 1.0.0 description: A Helm chart for observability stack name: nopo11y-stack diff --git a/charts/nopo11y-stack/charts/grafana-loki/.helmignore b/charts/nopo11y-stack/charts/grafana-loki/.helmignore deleted file mode 100644 index fb56657..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# img folder -img/ diff --git a/charts/nopo11y-stack/charts/grafana-loki/Chart.lock b/charts/nopo11y-stack/charts/grafana-loki/Chart.lock deleted file mode 100644 index 0cdaeca..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/Chart.lock +++ /dev/null @@ -1,18 +0,0 @@ -dependencies: -- name: memcached - repository: oci://registry-1.docker.io/bitnamicharts - version: 7.0.3 -- name: memcached - repository: oci://registry-1.docker.io/bitnamicharts - version: 7.0.3 -- name: memcached - repository: oci://registry-1.docker.io/bitnamicharts - version: 7.0.3 -- name: memcached - repository: oci://registry-1.docker.io/bitnamicharts - version: 7.0.3 -- name: common - repository: oci://registry-1.docker.io/bitnamicharts - version: 2.19.1 -digest: sha256:45a90ec5f8eff1a5367f357a45c42481527b304b5078e109e9737e7b9328b99e -generated: "2024-04-05T16:44:44.41735123Z" diff --git a/charts/nopo11y-stack/charts/grafana-loki/Chart.yaml b/charts/nopo11y-stack/charts/grafana-loki/Chart.yaml deleted file mode 100644 index 5a2c466..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/Chart.yaml +++ /dev/null @@ -1,59 +0,0 @@ -annotations: - category: Infrastructure - images: | - - name: grafana-loki - image: docker.io/bitnami/grafana-loki:3.0.0-debian-12-r0 - - name: memcached - image: docker.io/bitnami/memcached:1.6.26-debian-12-r1 - - name: nginx - image: docker.io/bitnami/nginx:1.25.5-debian-12-r0 - - name: os-shell - image: docker.io/bitnami/os-shell:12-debian-12-r18 - - name: promtail - image: docker.io/bitnami/promtail:3.0.0-debian-12-r0 - licenses: Apache-2.0 -apiVersion: v2 -appVersion: 3.0.0 -dependencies: -- alias: memcachedchunks - condition: memcachedchunks.enabled - name: memcached - repository: oci://registry-1.docker.io/bitnamicharts - version: 7.x.x -- alias: memcachedfrontend - condition: memcachedfrontend.enabled - name: memcached - repository: oci://registry-1.docker.io/bitnamicharts - version: 7.x.x -- alias: memcachedindexqueries - condition: memcachedindexqueries.enabled - name: memcached - repository: oci://registry-1.docker.io/bitnamicharts - version: 7.x.x -- alias: memcachedindexwrites - condition: memcachedindexwrites.enabled - name: memcached - repository: oci://registry-1.docker.io/bitnamicharts - version: 7.x.x -- name: common - repository: oci://registry-1.docker.io/bitnamicharts - tags: - - bitnami-common - version: 2.x.x -description: Grafana Loki is a horizontally scalable, highly available, and multi-tenant - log aggregation system. It provides real-time long tailing and full persistence - to object storage. -home: https://bitnami.com -icon: https://bitnami.com/assets/stacks/grafana-loki/img/grafana-loki-stack-220x234.png -keywords: -- grafana -- tracing -- metrics -- infrastructure -maintainers: -- name: VMware, Inc. - url: https://github.com/bitnami/charts -name: grafana-loki -sources: -- https://github.com/bitnami/charts/tree/main/bitnami/grafana-loki -version: 4.0.0 diff --git a/charts/nopo11y-stack/charts/grafana-loki/README.md b/charts/nopo11y-stack/charts/grafana-loki/README.md deleted file mode 100644 index fd0f2bf..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/README.md +++ /dev/null @@ -1,1581 +0,0 @@ - - -# Bitnami package for Grafana Loki - -Grafana Loki is a horizontally scalable, highly available, and multi-tenant log aggregation system. It provides real-time long tailing and full persistence to object storage. - -[Overview of Grafana Loki](https://grafana.com/oss/loki/) - -Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - -## TL;DR - -```console -helm install my-release oci://registry-1.docker.io/bitnamicharts/grafana-loki -``` - -Looking to use Grafana Loki in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - -## Introduction - -Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads. - -This chart bootstraps a [Grafana Loki](https://github.com/grafana/loki) Deployment in a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.23+ -- Helm 3.8.0+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/grafana-loki -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The command deploys grafana-loki on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Configuration and installation details - -### Resource requests and limits - -Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. - -To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). - -### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Loki configuration - -The loki configuration file `loki.yaml` is shared across the different components: `distributor`, `compactor`, `ingester`, `querier` and `queryFrontend`. This is set in the `loki.configuration` value. Check the official [Loki Grafana documentation](https://grafana.com/docs/loki/latest/configuration/) for the list of possible configurations. - -### Additional environment variables - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property inside each of the subsections: `distributor`, `compactor`, `ingester`, `querier`, `queryFrontend` and `vulture`. - -```yaml -compactor: - extraEnvVars: - - name: LOG_LEVEL - value: error - -distributor: - extraEnvVars: - - name: LOG_LEVEL - value: error - -ingester: - extraEnvVars: - - name: LOG_LEVEL - value: error - -querier: - extraEnvVars: - - name: LOG_LEVEL - value: error - -queryFrontend: - extraEnvVars: - - name: LOG_LEVEL - value: error - -vulture: - extraEnvVars: - - name: LOG_LEVEL - value: error -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. - -### Sidecars - -If additional containers are needed in the same pod as grafana-loki (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter inside each of the subsections: `distributor`, `compactor`, `ingester`, `querier`, `queryFrontend` and `vulture`. - -```yaml -sidecars: -- name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: - -```yaml -service: - extraPorts: - - name: extraPort - port: 11311 - targetPort: 11311 -``` - -> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. - -If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: - -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). - -### Pod affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters inside each of the subsections: `distributor`, `compactor`, `ingester`, `querier`, `queryFrontend` and `vulture`. - -### External cache support - -You may want to have Grafana Loki connect to an external Memcached rather than installing one inside your cluster. Typical reasons for this are to use a managed cache service, or to share a common cache server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the [`externalMemcached` parameter](#parameters). You should also disable the Memcached installation with the `memcached.enabled` option. Here is an example: - -```console -memcached.enabled=false -externalMemcached.host=myexternalhost -externalMemcached.port=11211 -``` - -## Persistence - -### Limitation - -This chart does not function fully when using local filesystem as a persistence store. When using a local filesystem as a persistence store, querying will not be possible (or limited to the ingesters' in-memory caches). For a fully functional deployment of this helm chart, an object storage backend is required. - -### Data - -The [Bitnami grafana-loki](https://github.com/bitnami/containers/tree/main/bitnami/grafana-loki) image stores the grafana-loki `ingester` data at the `/bitnami` path of the container. Persistent Volume Claims are used to keep the data across deployments. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | -| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | - -### Common parameters - -| Name | Description | Value | -| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Override Kubernetes version | `""` | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployments/statefulsets | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployments/statefulsets | `["infinity"]` | - -### Common Grafana Loki Parameters - -| Name | Description | Value | -| ------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------------ | -| `loki.image.registry` | Grafana Loki image registry | `REGISTRY_NAME` | -| `loki.image.repository` | Grafana Loki image repository | `REPOSITORY_NAME/grafana-loki` | -| `loki.image.digest` | Grafana Loki image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `loki.image.pullPolicy` | Grafana Loki image pull policy | `IfNotPresent` | -| `loki.image.pullSecrets` | Grafana Loki image pull secrets | `[]` | -| `loki.configuration` | Loki components configuration | `""` | -| `loki.overrideConfiguration` | Loki components configuration override. Values defined here takes precedence over loki.configuration | `{}` | -| `loki.existingConfigmap` | Name of a ConfigMap with the Loki configuration | `""` | -| `loki.dataDir` | path to the Loki data directory | `/bitnami/grafana-loki` | -| `loki.containerPorts.http` | Loki components web container port | `3100` | -| `loki.containerPorts.grpc` | Loki components GRPC container port | `9095` | -| `loki.containerPorts.gossipRing` | Loki components Gossip Ring container port | `7946` | -| `loki.gossipRing.service.ports.http` | Gossip Ring HTTP headless service port | `7946` | -| `loki.gossipRing.service.annotations` | Additional custom annotations for Gossip Ring headless service | `{}` | - -### Compactor Deployment Parameters - -| Name | Description | Value | -| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `compactor.enabled` | Enable Compactor deployment | `true` | -| `compactor.extraEnvVars` | Array with extra environment variables to add to compactor nodes | `[]` | -| `compactor.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for compactor nodes | `""` | -| `compactor.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for compactor nodes | `""` | -| `compactor.command` | Override default container command (useful when using custom images) | `[]` | -| `compactor.args` | Override default container args (useful when using custom images) | `[]` | -| `compactor.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `compactor.replicaCount` | Number of Compactor replicas to deploy | `1` | -| `compactor.livenessProbe.enabled` | Enable livenessProbe on Compactor nodes | `true` | -| `compactor.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `compactor.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `compactor.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `compactor.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `compactor.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `compactor.readinessProbe.enabled` | Enable readinessProbe on Compactor nodes | `true` | -| `compactor.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | -| `compactor.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `compactor.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `compactor.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `compactor.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `compactor.startupProbe.enabled` | Enable startupProbe on Compactor containers | `false` | -| `compactor.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `compactor.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `compactor.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `compactor.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `compactor.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `compactor.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `compactor.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `compactor.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `compactor.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if compactor.resources is set (compactor.resources is recommended for production). | `nano` | -| `compactor.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `compactor.podSecurityContext.enabled` | Enabled Compactor pods' Security Context | `true` | -| `compactor.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `compactor.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `compactor.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `compactor.podSecurityContext.fsGroup` | Set Compactor pod's Security Context fsGroup | `1001` | -| `compactor.containerSecurityContext.enabled` | Enable containers' Security Context | `true` | -| `compactor.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `compactor.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `compactor.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `compactor.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `compactor.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `compactor.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `compactor.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `compactor.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `compactor.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `compactor.lifecycleHooks` | for the compactor container(s) to automate configuration before or after startup | `{}` | -| `compactor.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `compactor.hostAliases` | compactor pods host aliases | `[]` | -| `compactor.podLabels` | Extra labels for compactor pods | `{}` | -| `compactor.podAnnotations` | Annotations for compactor pods | `{}` | -| `compactor.podAffinityPreset` | Pod affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `compactor.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `compactor.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `compactor.nodeAffinityPreset.key` | Node label key to match. Ignored if `compactor.affinity` is set | `""` | -| `compactor.nodeAffinityPreset.values` | Node label values to match. Ignored if `compactor.affinity` is set | `[]` | -| `compactor.affinity` | Affinity for Compactor pods assignment | `{}` | -| `compactor.nodeSelector` | Node labels for Compactor pods assignment | `{}` | -| `compactor.tolerations` | Tolerations for Compactor pods assignment | `[]` | -| `compactor.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `compactor.priorityClassName` | Compactor pods' priorityClassName | `""` | -| `compactor.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `compactor.updateStrategy.type` | Compactor statefulset strategy type | `RollingUpdate` | -| `compactor.updateStrategy.rollingUpdate` | Compactor statefulset rolling update configuration parameters | `nil` | -| `compactor.extraVolumes` | Optionally specify extra list of additional volumes for the Compactor pod(s) | `[]` | -| `compactor.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Compactor container(s) | `[]` | -| `compactor.sidecars` | Add additional sidecar containers to the Compactor pod(s) | `[]` | -| `compactor.initContainers` | Add additional init containers to the Compactor pod(s) | `[]` | -| `compactor.persistence.enabled` | Enable persistence in Compactor instances | `true` | -| `compactor.persistence.existingClaim` | Name of an existing PVC to use | `""` | -| `compactor.persistence.storageClass` | PVC Storage Class for Memcached data volume | `""` | -| `compactor.persistence.accessModes` | PVC Access modes | `["ReadWriteOnce"]` | -| `compactor.persistence.size` | PVC Storage Request for Memcached data volume | `8Gi` | -| `compactor.persistence.annotations` | Additional PVC annotations | `{}` | -| `compactor.persistence.selector` | Selector to match an existing Persistent Volume for Compactor's data PVC | `{}` | -| `compactor.persistence.dataSource` | PVC data source | `{}` | - -### Compactor Traffic Exposure Parameters - -| Name | Description | Value | -| ------------------------------------------------- | ---------------------------------------------------------------- | ----------- | -| `compactor.service.type` | Compactor service type | `ClusterIP` | -| `compactor.service.ports.http` | Compactor HTTP service port | `3100` | -| `compactor.service.ports.grpc` | Compactor gRPC service port | `9095` | -| `compactor.service.nodePorts.http` | Node port for HTTP | `""` | -| `compactor.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `compactor.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `compactor.service.clusterIP` | Compactor service Cluster IP | `""` | -| `compactor.service.loadBalancerIP` | Compactor service Load Balancer IP | `""` | -| `compactor.service.loadBalancerSourceRanges` | Compactor service Load Balancer sources | `[]` | -| `compactor.service.externalTrafficPolicy` | Compactor service external traffic policy | `Cluster` | -| `compactor.service.annotations` | Additional custom annotations for Compactor service | `{}` | -| `compactor.service.extraPorts` | Extra ports to expose in the Compactor service | `[]` | -| `compactor.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `compactor.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `compactor.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `compactor.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `compactor.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `compactor.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `compactor.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | - -### Gateway Deployment Parameters - -| Name | Description | Value | -| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `gateway.enabled` | Enable Gateway deployment | `true` | -| `gateway.image.registry` | Nginx image registry | `REGISTRY_NAME` | -| `gateway.image.repository` | Nginx image repository | `REPOSITORY_NAME/nginx` | -| `gateway.image.digest` | Nginx image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `gateway.image.pullPolicy` | Nginx image pull policy | `IfNotPresent` | -| `gateway.image.pullSecrets` | Nginx image pull secrets | `[]` | -| `gateway.image.debug` | Enable debugging in the initialization process | `false` | -| `gateway.extraEnvVars` | Array with extra environment variables to add to gateway nodes | `[]` | -| `gateway.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for gateway nodes | `""` | -| `gateway.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for gateway nodes | `""` | -| `gateway.command` | Override default container command (useful when using custom images) | `[]` | -| `gateway.args` | Override default container args (useful when using custom images) | `[]` | -| `gateway.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `gateway.verboseLogging` | Show the gateway access_log | `false` | -| `gateway.replicaCount` | Number of Gateway replicas to deploy | `1` | -| `gateway.auth.enabled` | Enable basic auth | `false` | -| `gateway.auth.username` | Basic auth username | `user` | -| `gateway.auth.password` | Basic auth password | `""` | -| `gateway.auth.existingSecret` | Name of a secret containing the Basic auth password | `""` | -| `gateway.livenessProbe.enabled` | Enable livenessProbe on Gateway nodes | `true` | -| `gateway.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `gateway.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `gateway.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `gateway.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `gateway.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `gateway.readinessProbe.enabled` | Enable readinessProbe on Gateway nodes | `true` | -| `gateway.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `gateway.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `gateway.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `gateway.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `gateway.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `gateway.startupProbe.enabled` | Enable startupProbe on Gateway containers | `false` | -| `gateway.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `gateway.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `gateway.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `gateway.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `gateway.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `gateway.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `gateway.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `gateway.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `gateway.containerPorts.http` | Gateway HTTP port | `8080` | -| `gateway.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if gateway.resources is set (gateway.resources is recommended for production). | `nano` | -| `gateway.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `gateway.podSecurityContext.enabled` | Enabled Gateway pods' Security Context | `true` | -| `gateway.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `gateway.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `gateway.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `gateway.podSecurityContext.fsGroup` | Set Gateway pod's Security Context fsGroup | `1001` | -| `gateway.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `gateway.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `gateway.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `gateway.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `gateway.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `gateway.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `gateway.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `gateway.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `gateway.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `gateway.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `gateway.lifecycleHooks` | for the gateway container(s) to automate configuration before or after startup | `{}` | -| `gateway.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `gateway.hostAliases` | gateway pods host aliases | `[]` | -| `gateway.podLabels` | Extra labels for gateway pods | `{}` | -| `gateway.podAnnotations` | Annotations for gateway pods | `{}` | -| `gateway.podAffinityPreset` | Pod affinity preset. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `gateway.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `gateway.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `gateway.nodeAffinityPreset.key` | Node label key to match. Ignored if `gateway.affinity` is set | `""` | -| `gateway.nodeAffinityPreset.values` | Node label values to match. Ignored if `gateway.affinity` is set | `[]` | -| `gateway.affinity` | Affinity for Gateway pods assignment | `{}` | -| `gateway.nodeSelector` | Node labels for Gateway pods assignment | `{}` | -| `gateway.tolerations` | Tolerations for Gateway pods assignment | `[]` | -| `gateway.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `gateway.priorityClassName` | Gateway pods' priorityClassName | `""` | -| `gateway.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `gateway.updateStrategy.type` | Gateway statefulset strategy type | `RollingUpdate` | -| `gateway.updateStrategy.rollingUpdate` | Gateway statefulset rolling update configuration parameters | `nil` | -| `gateway.extraVolumes` | Optionally specify extra list of additional volumes for the Gateway pod(s) | `[]` | -| `gateway.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Gateway container(s) | `[]` | -| `gateway.sidecars` | Add additional sidecar containers to the Gateway pod(s) | `[]` | -| `gateway.initContainers` | Add additional init containers to the Gateway pod(s) | `[]` | - -### Gateway Traffic Exposure Parameters - -| Name | Description | Value | -| ----------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `gateway.service.type` | Gateway service type | `ClusterIP` | -| `gateway.service.ports.http` | Gateway HTTP service port | `80` | -| `gateway.service.nodePorts.http` | Node port for HTTP | `""` | -| `gateway.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `gateway.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `gateway.service.clusterIP` | Gateway service Cluster IP | `""` | -| `gateway.service.loadBalancerIP` | Gateway service Load Balancer IP | `""` | -| `gateway.service.loadBalancerSourceRanges` | Gateway service Load Balancer sources | `[]` | -| `gateway.service.externalTrafficPolicy` | Gateway service external traffic policy | `Cluster` | -| `gateway.service.annotations` | Additional custom annotations for Gateway service | `{}` | -| `gateway.service.extraPorts` | Extra ports to expose in the Gateway service | `[]` | -| `gateway.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `gateway.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `gateway.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `gateway.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `gateway.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `gateway.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `gateway.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `gateway.ingress.enabled` | Enable ingress record generation for Loki Gateway | `false` | -| `gateway.ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `gateway.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `gateway.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | -| `gateway.ingress.hostname` | Default host for the ingress record | `grafana-loki.local` | -| `gateway.ingress.path` | Default path for the ingress record | `/` | -| `gateway.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | -| `gateway.ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | -| `gateway.ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | -| `gateway.ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | -| `gateway.ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | -| `gateway.ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | -| `gateway.ingress.secrets` | Custom TLS certificates as secrets | `[]` | - -### index-gateway Deployment Parameters - -| Name | Description | Value | -| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | -| `indexGateway.enabled` | Enable index-gateway deployment | `false` | -| `indexGateway.extraEnvVars` | Array with extra environment variables to add to indexGateway nodes | `[]` | -| `indexGateway.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for indexGateway nodes | `""` | -| `indexGateway.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for indexGateway nodes | `""` | -| `indexGateway.command` | Override default container command (useful when using custom images) | `[]` | -| `indexGateway.args` | Override default container args (useful when using custom images) | `[]` | -| `indexGateway.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `indexGateway.replicaCount` | Number of index-gateway replicas to deploy | `1` | -| `indexGateway.podManagementPolicy` | podManagementPolicy to manage scaling operation | `""` | -| `indexGateway.livenessProbe.enabled` | Enable livenessProbe on index-gateway nodes | `true` | -| `indexGateway.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `indexGateway.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `indexGateway.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `indexGateway.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `indexGateway.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `indexGateway.readinessProbe.enabled` | Enable readinessProbe on index-gateway nodes | `true` | -| `indexGateway.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | -| `indexGateway.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `indexGateway.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `indexGateway.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `indexGateway.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `indexGateway.startupProbe.enabled` | Enable startupProbe on index-gateway containers | `false` | -| `indexGateway.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `indexGateway.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `indexGateway.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `indexGateway.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `indexGateway.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `indexGateway.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `indexGateway.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `indexGateway.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `indexGateway.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if indexGateway.resources is set (indexGateway.resources is recommended for production). | `nano` | -| `indexGateway.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `indexGateway.podSecurityContext.enabled` | Enabled index-gateway pods' Security Context | `true` | -| `indexGateway.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `indexGateway.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `indexGateway.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `indexGateway.podSecurityContext.fsGroup` | Set index-gateway pod's Security Context fsGroup | `1001` | -| `indexGateway.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `indexGateway.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `indexGateway.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `indexGateway.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `indexGateway.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `indexGateway.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `indexGateway.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `indexGateway.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `indexGateway.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `indexGateway.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `indexGateway.lifecycleHooks` | for the indexGateway container(s) to automate configuration before or after startup | `{}` | -| `indexGateway.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `indexGateway.hostAliases` | indexGateway pods host aliases | `[]` | -| `indexGateway.podLabels` | Extra labels for indexGateway pods | `{}` | -| `indexGateway.podAnnotations` | Annotations for indexGateway pods | `{}` | -| `indexGateway.podAffinityPreset` | Pod affinity preset. Ignored if `indexGateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `indexGateway.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `indexGateway.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `indexGateway.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `indexGateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `indexGateway.nodeAffinityPreset.key` | Node label key to match. Ignored if `indexGateway.affinity` is set | `""` | -| `indexGateway.nodeAffinityPreset.values` | Node label values to match. Ignored if `indexGateway.affinity` is set | `[]` | -| `indexGateway.affinity` | Affinity for index-gateway pods assignment | `{}` | -| `indexGateway.nodeSelector` | Node labels for index-gateway pods assignment | `{}` | -| `indexGateway.tolerations` | Tolerations for index-gateway pods assignment | `[]` | -| `indexGateway.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `indexGateway.priorityClassName` | index-gateway pods' priorityClassName | `""` | -| `indexGateway.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `indexGateway.updateStrategy.type` | index-gateway statefulset strategy type | `RollingUpdate` | -| `indexGateway.updateStrategy.rollingUpdate` | index-gateway statefulset rolling update configuration parameters | `nil` | -| `indexGateway.extraVolumes` | Optionally specify extra list of additional volumes for the index-gateway pod(s) | `[]` | -| `indexGateway.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the index-gateway container(s) | `[]` | -| `indexGateway.sidecars` | Add additional sidecar containers to the index-gateway pod(s) | `[]` | -| `indexGateway.initContainers` | Add additional init containers to the index-gateway pod(s) | `[]` | - -### index-gateway Persistence Parameters - -| Name | Description | Value | -| --------------------------------------- | ---------------------------------------------------------------------------- | ------------------- | -| `indexGateway.persistence.enabled` | Enable persistence in index-gateway instances | `false` | -| `indexGateway.persistence.storageClass` | PVC Storage Class for index-gateway's data volume | `""` | -| `indexGateway.persistence.subPath` | The subdirectory of the volume to mount to | `""` | -| `indexGateway.persistence.accessModes` | PVC Access modes | `["ReadWriteOnce"]` | -| `indexGateway.persistence.size` | PVC Storage Request for index-gateway's data volume | `8Gi` | -| `indexGateway.persistence.annotations` | Additional PVC annotations | `{}` | -| `indexGateway.persistence.selector` | Selector to match an existing Persistent Volume for index-gateway's data PVC | `{}` | - -### index-gateway Traffic Exposure Parameters - -| Name | Description | Value | -| ---------------------------------------------------- | ---------------------------------------------------------------- | ----------- | -| `indexGateway.service.type` | index-gateway service type | `ClusterIP` | -| `indexGateway.service.ports.http` | index-gateway HTTP service port | `3100` | -| `indexGateway.service.ports.grpc` | index-gateway GRPC service port | `9095` | -| `indexGateway.service.nodePorts.http` | Node port for HTTP | `""` | -| `indexGateway.service.nodePorts.grpc` | Node port for GRPC | `""` | -| `indexGateway.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `indexGateway.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `indexGateway.service.clusterIP` | index-gateway service Cluster IP | `""` | -| `indexGateway.service.loadBalancerIP` | index-gateway service Load Balancer IP | `""` | -| `indexGateway.service.loadBalancerSourceRanges` | index-gateway service Load Balancer sources | `[]` | -| `indexGateway.service.externalTrafficPolicy` | index-gateway service external traffic policy | `Cluster` | -| `indexGateway.service.annotations` | Additional custom annotations for index-gateway service | `{}` | -| `indexGateway.service.extraPorts` | Extra ports to expose in the index-gateway service | `[]` | -| `indexGateway.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `indexGateway.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `indexGateway.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `indexGateway.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `indexGateway.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `indexGateway.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `indexGateway.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | - -### Distributor Deployment Parameters - -| Name | Description | Value | -| --------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | -| `distributor.extraEnvVars` | Array with extra environment variables to add to distributor nodes | `[]` | -| `distributor.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for distributor nodes | `""` | -| `distributor.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for distributor nodes | `""` | -| `distributor.command` | Override default container command (useful when using custom images) | `[]` | -| `distributor.args` | Override default container args (useful when using custom images) | `[]` | -| `distributor.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `distributor.replicaCount` | Number of Distributor replicas to deploy | `1` | -| `distributor.livenessProbe.enabled` | Enable livenessProbe on Distributor nodes | `true` | -| `distributor.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `distributor.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `distributor.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `distributor.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `distributor.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `distributor.readinessProbe.enabled` | Enable readinessProbe on Distributor nodes | `true` | -| `distributor.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `distributor.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `distributor.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `distributor.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `distributor.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `distributor.startupProbe.enabled` | Enable startupProbe on Distributor containers | `false` | -| `distributor.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `distributor.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `distributor.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `distributor.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `distributor.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `distributor.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `distributor.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `distributor.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `distributor.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if distributor.resources is set (distributor.resources is recommended for production). | `nano` | -| `distributor.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `distributor.podSecurityContext.enabled` | Enabled Distributor pods' Security Context | `true` | -| `distributor.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `distributor.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `distributor.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `distributor.podSecurityContext.fsGroup` | Set Distributor pod's Security Context fsGroup | `1001` | -| `distributor.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `distributor.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `distributor.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `distributor.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `distributor.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `distributor.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `distributor.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `distributor.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `distributor.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `distributor.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `distributor.lifecycleHooks` | for the distributor container(s) to automate configuration before or after startup | `{}` | -| `distributor.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `distributor.hostAliases` | distributor pods host aliases | `[]` | -| `distributor.podLabels` | Extra labels for distributor pods | `{}` | -| `distributor.podAnnotations` | Annotations for distributor pods | `{}` | -| `distributor.podAffinityPreset` | Pod affinity preset. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `distributor.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `distributor.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `distributor.nodeAffinityPreset.key` | Node label key to match. Ignored if `distributor.affinity` is set | `""` | -| `distributor.nodeAffinityPreset.values` | Node label values to match. Ignored if `distributor.affinity` is set | `[]` | -| `distributor.affinity` | Affinity for Distributor pods assignment | `{}` | -| `distributor.nodeSelector` | Node labels for Distributor pods assignment | `{}` | -| `distributor.tolerations` | Tolerations for Distributor pods assignment | `[]` | -| `distributor.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `distributor.priorityClassName` | Distributor pods' priorityClassName | `""` | -| `distributor.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `distributor.updateStrategy.type` | Distributor statefulset strategy type | `RollingUpdate` | -| `distributor.updateStrategy.rollingUpdate` | Distributor statefulset rolling update configuration parameters | `nil` | -| `distributor.extraVolumes` | Optionally specify extra list of additional volumes for the Distributor pod(s) | `[]` | -| `distributor.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Distributor container(s) | `[]` | -| `distributor.sidecars` | Add additional sidecar containers to the Distributor pod(s) | `[]` | -| `distributor.initContainers` | Add additional init containers to the Distributor pod(s) | `[]` | - -### Distributor Traffic Exposure Parameters - -| Name | Description | Value | -| --------------------------------------------------- | ---------------------------------------------------------------- | ----------- | -| `distributor.service.type` | Distributor service type | `ClusterIP` | -| `distributor.service.ports.http` | Distributor HTTP service port | `3100` | -| `distributor.service.ports.grpc` | Distributor GRPC service port | `9095` | -| `distributor.service.nodePorts.http` | Node port for HTTP | `""` | -| `distributor.service.nodePorts.grpc` | Node port for GRPC | `""` | -| `distributor.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `distributor.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `distributor.service.clusterIP` | Distributor service Cluster IP | `""` | -| `distributor.service.loadBalancerIP` | Distributor service Load Balancer IP | `""` | -| `distributor.service.loadBalancerSourceRanges` | Distributor service Load Balancer sources | `[]` | -| `distributor.service.externalTrafficPolicy` | Distributor service external traffic policy | `Cluster` | -| `distributor.service.annotations` | Additional custom annotations for Distributor service | `{}` | -| `distributor.service.extraPorts` | Extra ports to expose in the Distributor service | `[]` | -| `distributor.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `distributor.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `distributor.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `distributor.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `distributor.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `distributor.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `distributor.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | - -### Ingester Deployment Parameters - -| Name | Description | Value | -| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | -| `ingester.extraEnvVars` | Array with extra environment variables to add to ingester nodes | `[]` | -| `ingester.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ingester nodes | `""` | -| `ingester.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ingester nodes | `""` | -| `ingester.command` | Override default container command (useful when using custom images) | `[]` | -| `ingester.args` | Override default container args (useful when using custom images) | `[]` | -| `ingester.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `ingester.replicaCount` | Number of Ingester replicas to deploy | `1` | -| `ingester.livenessProbe.enabled` | Enable livenessProbe on Ingester nodes | `true` | -| `ingester.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `ingester.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `ingester.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `ingester.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `ingester.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `ingester.readinessProbe.enabled` | Enable readinessProbe on Ingester nodes | `true` | -| `ingester.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `ingester.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `ingester.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `ingester.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `ingester.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `ingester.startupProbe.enabled` | Enable startupProbe on Ingester containers | `false` | -| `ingester.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `ingester.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `ingester.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `ingester.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `ingester.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `ingester.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `ingester.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `ingester.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `ingester.lifecycleHooks` | for the ingester container(s) to automate configuration before or after startup | `{}` | -| `ingester.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ingester.resources is set (ingester.resources is recommended for production). | `micro` | -| `ingester.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `ingester.podSecurityContext.enabled` | Enabled Ingester pods' Security Context | `true` | -| `ingester.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `ingester.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `ingester.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `ingester.podSecurityContext.fsGroup` | Set Ingester pod's Security Context fsGroup | `1001` | -| `ingester.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `ingester.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `ingester.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `ingester.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `ingester.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `ingester.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `ingester.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `ingester.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `ingester.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `ingester.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `ingester.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `ingester.hostAliases` | ingester pods host aliases | `[]` | -| `ingester.podLabels` | Extra labels for ingester pods | `{}` | -| `ingester.podAnnotations` | Annotations for ingester pods | `{}` | -| `ingester.podAffinityPreset` | Pod affinity preset. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ingester.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `ingester.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ingester.nodeAffinityPreset.key` | Node label key to match. Ignored if `ingester.affinity` is set | `""` | -| `ingester.nodeAffinityPreset.values` | Node label values to match. Ignored if `ingester.affinity` is set | `[]` | -| `ingester.affinity` | Affinity for ingester pods assignment | `{}` | -| `ingester.nodeSelector` | Node labels for Ingester pods assignment | `{}` | -| `ingester.tolerations` | Tolerations for Ingester pods assignment | `[]` | -| `ingester.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `ingester.podManagementPolicy` | podManagementPolicy to manage scaling operation | `""` | -| `ingester.priorityClassName` | Ingester pods' priorityClassName | `""` | -| `ingester.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `ingester.updateStrategy.type` | Ingester statefulset strategy type | `RollingUpdate` | -| `ingester.updateStrategy.rollingUpdate` | Ingester statefulset rolling update configuration parameters | `nil` | -| `ingester.extraVolumes` | Optionally specify extra list of additional volumes for the Ingester pod(s) | `[]` | -| `ingester.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the ingester container(s) | `[]` | -| `ingester.sidecars` | Add additional sidecar containers to the Ingester pod(s) | `[]` | -| `ingester.initContainers` | Add additional init containers to the Ingester pod(s) | `[]` | - -### Ingester Persistence Parameters - -| Name | Description | Value | -| ----------------------------------- | ----------------------------------------------------------------------- | ------------------- | -| `ingester.persistence.enabled` | Enable persistence in Ingester instances | `true` | -| `ingester.persistence.storageClass` | PVC Storage Class for Memcached data volume | `""` | -| `ingester.persistence.subPath` | The subdirectory of the volume to mount to | `""` | -| `ingester.persistence.accessModes` | PVC Access modes | `["ReadWriteOnce"]` | -| `ingester.persistence.size` | PVC Storage Request for Memcached data volume | `8Gi` | -| `ingester.persistence.annotations` | Additional PVC annotations | `{}` | -| `ingester.persistence.selector` | Selector to match an existing Persistent Volume for Ingester's data PVC | `{}` | - -### Ingester Traffic Exposure Parameters - -| Name | Description | Value | -| ------------------------------------------------ | ---------------------------------------------------------------- | ----------- | -| `ingester.service.type` | Ingester service type | `ClusterIP` | -| `ingester.service.ports.http` | Ingester HTTP service port | `3100` | -| `ingester.service.ports.grpc` | Ingester GRPC service port | `9095` | -| `ingester.service.nodePorts.http` | Node port for HTTP | `""` | -| `ingester.service.nodePorts.grpc` | Node port for GRPC | `""` | -| `ingester.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `ingester.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `ingester.service.clusterIP` | Ingester service Cluster IP | `""` | -| `ingester.service.loadBalancerIP` | Ingester service Load Balancer IP | `""` | -| `ingester.service.loadBalancerSourceRanges` | Ingester service Load Balancer sources | `[]` | -| `ingester.service.externalTrafficPolicy` | Ingester service external traffic policy | `Cluster` | -| `ingester.service.annotations` | Additional custom annotations for Ingester service | `{}` | -| `ingester.service.extraPorts` | Extra ports to expose in the Ingester service | `[]` | -| `ingester.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `ingester.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `ingester.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `ingester.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `ingester.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `ingester.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `ingester.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | - -### Querier Deployment Parameters - -| Name | Description | Value | -| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | -| `querier.replicaCount` | Number of Querier replicas to deploy | `1` | -| `querier.extraEnvVars` | Array with extra environment variables to add to Querier nodes | `[]` | -| `querier.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Querier nodes | `""` | -| `querier.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Querier nodes | `""` | -| `querier.command` | Override default container command (useful when using custom images) | `[]` | -| `querier.args` | Override default container args (useful when using custom images) | `[]` | -| `querier.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `querier.podManagementPolicy` | podManagementPolicy to manage scaling operation | `""` | -| `querier.livenessProbe.enabled` | Enable livenessProbe on Querier nodes | `true` | -| `querier.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `querier.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `querier.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `querier.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `querier.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `querier.readinessProbe.enabled` | Enable readinessProbe on Querier nodes | `true` | -| `querier.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `querier.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `querier.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `querier.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `querier.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `querier.startupProbe.enabled` | Enable startupProbe on Querier containers | `false` | -| `querier.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `querier.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `querier.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `querier.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `querier.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `querier.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `querier.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `querier.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `querier.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if querier.resources is set (querier.resources is recommended for production). | `nano` | -| `querier.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `querier.podSecurityContext.enabled` | Enabled Querier pods' Security Context | `true` | -| `querier.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `querier.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `querier.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `querier.podSecurityContext.fsGroup` | Set Querier pod's Security Context fsGroup | `1001` | -| `querier.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `querier.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `querier.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `querier.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `querier.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `querier.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `querier.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `querier.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `querier.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `querier.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `querier.lifecycleHooks` | for the Querier container(s) to automate configuration before or after startup | `{}` | -| `querier.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `querier.hostAliases` | querier pods host aliases | `[]` | -| `querier.podLabels` | Extra labels for querier pods | `{}` | -| `querier.podAnnotations` | Annotations for querier pods | `{}` | -| `querier.podAffinityPreset` | Pod affinity preset. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `querier.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `querier.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `querier.nodeAffinityPreset.key` | Node label key to match. Ignored if `querier.affinity` is set | `""` | -| `querier.nodeAffinityPreset.values` | Node label values to match. Ignored if `querier.affinity` is set | `[]` | -| `querier.affinity` | Affinity for Querier pods assignment | `{}` | -| `querier.nodeSelector` | Node labels for Querier pods assignment | `{}` | -| `querier.tolerations` | Tolerations for Querier pods assignment | `[]` | -| `querier.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `querier.priorityClassName` | Querier pods' priorityClassName | `""` | -| `querier.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `querier.updateStrategy.type` | Querier statefulset strategy type | `RollingUpdate` | -| `querier.updateStrategy.rollingUpdate` | Querier statefulset rolling update configuration parameters | `nil` | -| `querier.extraVolumes` | Optionally specify extra list of additional volumes for the Querier pod(s) | `[]` | -| `querier.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the querier container(s) | `[]` | -| `querier.sidecars` | Add additional sidecar containers to the Querier pod(s) | `[]` | -| `querier.initContainers` | Add additional init containers to the Querier pod(s) | `[]` | - -### Querier Persistence Parameters - -| Name | Description | Value | -| ---------------------------------- | ---------------------------------------------------------------------- | ------------------- | -| `querier.persistence.enabled` | Enable persistence in Querier instances | `true` | -| `querier.persistence.storageClass` | PVC Storage Class for Memcached data volume | `""` | -| `querier.persistence.subPath` | The subdirectory of the volume to mount to | `""` | -| `querier.persistence.accessModes` | PVC Access modes | `["ReadWriteOnce"]` | -| `querier.persistence.size` | PVC Storage Request for Memcached data volume | `8Gi` | -| `querier.persistence.annotations` | Additional PVC annotations | `{}` | -| `querier.persistence.selector` | Selector to match an existing Persistent Volume for Querier's data PVC | `{}` | - -### Querier Traffic Exposure Parameters - -| Name | Description | Value | -| ----------------------------------------------- | ---------------------------------------------------------------- | ----------- | -| `querier.service.type` | Querier service type | `ClusterIP` | -| `querier.service.ports.http` | Querier HTTP service port | `3100` | -| `querier.service.ports.grpc` | Querier GRPC service port | `9095` | -| `querier.service.nodePorts.http` | Node port for HTTP | `""` | -| `querier.service.nodePorts.grpc` | Node port for GRPC | `""` | -| `querier.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `querier.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `querier.service.clusterIP` | Querier service Cluster IP | `""` | -| `querier.service.loadBalancerIP` | Querier service Load Balancer IP | `""` | -| `querier.service.loadBalancerSourceRanges` | Querier service Load Balancer sources | `[]` | -| `querier.service.externalTrafficPolicy` | Querier service external traffic policy | `Cluster` | -| `querier.service.annotations` | Additional custom annotations for Querier service | `{}` | -| `querier.service.extraPorts` | Extra ports to expose in the Querier service | `[]` | -| `querier.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `querier.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `querier.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `querier.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `querier.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `querier.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `querier.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | - -### Query Frontend Deployment Parameters - -| Name | Description | Value | -| ----------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | -| `queryFrontend.extraEnvVars` | Array with extra environment variables to add to queryFrontend nodes | `[]` | -| `queryFrontend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for queryFrontend nodes | `""` | -| `queryFrontend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for queryFrontend nodes | `""` | -| `queryFrontend.command` | Override default container command (useful when using custom images) | `[]` | -| `queryFrontend.args` | Override default container args (useful when using custom images) | `[]` | -| `queryFrontend.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `queryFrontend.replicaCount` | Number of queryFrontend replicas to deploy | `1` | -| `queryFrontend.livenessProbe.enabled` | Enable livenessProbe on queryFrontend nodes | `true` | -| `queryFrontend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `queryFrontend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `queryFrontend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `queryFrontend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `queryFrontend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `queryFrontend.readinessProbe.enabled` | Enable readinessProbe on queryFrontend nodes | `true` | -| `queryFrontend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `queryFrontend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `queryFrontend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `queryFrontend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `queryFrontend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `queryFrontend.startupProbe.enabled` | Enable startupProbe on queryFrontend containers | `false` | -| `queryFrontend.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `queryFrontend.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `queryFrontend.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `queryFrontend.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `queryFrontend.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `queryFrontend.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `queryFrontend.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `queryFrontend.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `queryFrontend.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if queryFrontend.resources is set (queryFrontend.resources is recommended for production). | `nano` | -| `queryFrontend.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `queryFrontend.podSecurityContext.enabled` | Enabled queryFrontend pods' Security Context | `true` | -| `queryFrontend.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `queryFrontend.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `queryFrontend.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `queryFrontend.podSecurityContext.fsGroup` | Set queryFrontend pod's Security Context fsGroup | `1001` | -| `queryFrontend.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `queryFrontend.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `queryFrontend.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `queryFrontend.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `queryFrontend.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `queryFrontend.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `queryFrontend.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `queryFrontend.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `queryFrontend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `queryFrontend.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `queryFrontend.lifecycleHooks` | for the queryFrontend container(s) to automate configuration before or after startup | `{}` | -| `queryFrontend.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `queryFrontend.hostAliases` | queryFrontend pods host aliases | `[]` | -| `queryFrontend.podLabels` | Extra labels for queryFrontend pods | `{}` | -| `queryFrontend.podAnnotations` | Annotations for queryFrontend pods | `{}` | -| `queryFrontend.podAffinityPreset` | Pod affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `queryFrontend.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `queryFrontend.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `queryFrontend.nodeAffinityPreset.key` | Node label key to match. Ignored if `queryFrontend.affinity` is set | `""` | -| `queryFrontend.nodeAffinityPreset.values` | Node label values to match. Ignored if `queryFrontend.affinity` is set | `[]` | -| `queryFrontend.affinity` | Affinity for queryFrontend pods assignment | `{}` | -| `queryFrontend.nodeSelector` | Node labels for queryFrontend pods assignment | `{}` | -| `queryFrontend.tolerations` | Tolerations for queryFrontend pods assignment | `[]` | -| `queryFrontend.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `queryFrontend.priorityClassName` | queryFrontend pods' priorityClassName | `""` | -| `queryFrontend.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `queryFrontend.updateStrategy.type` | queryFrontend statefulset strategy type | `RollingUpdate` | -| `queryFrontend.updateStrategy.rollingUpdate` | queryFrontend statefulset rolling update configuration parameters | `nil` | -| `queryFrontend.extraVolumes` | Optionally specify extra list of additional volumes for the queryFrontend pod(s) | `[]` | -| `queryFrontend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the queryFrontend container(s) | `[]` | -| `queryFrontend.sidecars` | Add additional sidecar containers to the queryFrontend pod(s) | `[]` | -| `queryFrontend.initContainers` | Add additional init containers to the queryFrontend pod(s) | `[]` | - -### Query Frontend Traffic Exposure Parameters - -| Name | Description | Value | -| ----------------------------------------------------- | ---------------------------------------------------------------- | ----------- | -| `queryFrontend.service.type` | queryFrontend service type | `ClusterIP` | -| `queryFrontend.service.ports.http` | queryFrontend HTTP service port | `3100` | -| `queryFrontend.service.ports.grpc` | queryFrontend GRPC service port | `9095` | -| `queryFrontend.service.nodePorts.http` | Node port for HTTP | `""` | -| `queryFrontend.service.nodePorts.grpc` | Node port for GRPC | `""` | -| `queryFrontend.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `queryFrontend.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `queryFrontend.service.clusterIP` | queryFrontend service Cluster IP | `""` | -| `queryFrontend.service.loadBalancerIP` | queryFrontend service Load Balancer IP | `""` | -| `queryFrontend.service.loadBalancerSourceRanges` | queryFrontend service Load Balancer sources | `[]` | -| `queryFrontend.service.externalTrafficPolicy` | queryFrontend service external traffic policy | `Cluster` | -| `queryFrontend.service.annotations` | Additional custom annotations for queryFrontend service | `{}` | -| `queryFrontend.service.extraPorts` | Extra ports to expose in the queryFrontend service | `[]` | -| `queryFrontend.service.headless.annotations` | Annotations for the headless service. | `{}` | -| `queryFrontend.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `queryFrontend.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `queryFrontend.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `queryFrontend.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `queryFrontend.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `queryFrontend.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `queryFrontend.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | - -### Query Scheduler Deployment Parameters - -| Name | Description | Value | -| ------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | -| `queryScheduler.extraEnvVars` | Array with extra environment variables to add to queryScheduler nodes | `[]` | -| `queryScheduler.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for queryScheduler nodes | `""` | -| `queryScheduler.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for queryScheduler nodes | `""` | -| `queryScheduler.command` | Override default container command (useful when using custom images) | `[]` | -| `queryScheduler.args` | Override default container args (useful when using custom images) | `[]` | -| `queryScheduler.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `queryScheduler.replicaCount` | Number of queryScheduler replicas to deploy | `1` | -| `queryScheduler.livenessProbe.enabled` | Enable livenessProbe on queryScheduler nodes | `true` | -| `queryScheduler.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `queryScheduler.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `queryScheduler.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `queryScheduler.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `queryScheduler.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `queryScheduler.minReadySeconds` | Minimum time to wait before performing readiness check | `10` | -| `queryScheduler.readinessProbe.enabled` | Enable readinessProbe on queryScheduler nodes | `true` | -| `queryScheduler.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `queryScheduler.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `queryScheduler.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `queryScheduler.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `queryScheduler.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `queryScheduler.startupProbe.enabled` | Enable startupProbe on queryScheduler containers | `false` | -| `queryScheduler.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `queryScheduler.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `queryScheduler.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `queryScheduler.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `queryScheduler.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `queryScheduler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `queryScheduler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `queryScheduler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `queryScheduler.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if queryScheduler.resources is set (queryScheduler.resources is recommended for production). | `nano` | -| `queryScheduler.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `queryScheduler.podSecurityContext.enabled` | Enabled queryScheduler pods' Security Context | `true` | -| `queryScheduler.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `queryScheduler.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `queryScheduler.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `queryScheduler.podSecurityContext.fsGroup` | Set queryScheduler pod's Security Context fsGroup | `1001` | -| `queryScheduler.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `queryScheduler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `queryScheduler.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `queryScheduler.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `queryScheduler.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `queryScheduler.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `queryScheduler.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `queryScheduler.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `queryScheduler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `queryScheduler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `queryScheduler.lifecycleHooks` | for the queryScheduler container(s) to automate configuration before or after startup | `{}` | -| `queryScheduler.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `queryScheduler.hostAliases` | queryScheduler pods host aliases | `[]` | -| `queryScheduler.podLabels` | Extra labels for queryScheduler pods | `{}` | -| `queryScheduler.podAnnotations` | Annotations for queryScheduler pods | `{}` | -| `queryScheduler.podAffinityPreset` | Pod affinity preset. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `queryScheduler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `queryScheduler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `queryScheduler.nodeAffinityPreset.key` | Node label key to match. Ignored if `queryScheduler.affinity` is set | `""` | -| `queryScheduler.nodeAffinityPreset.values` | Node label values to match. Ignored if `queryScheduler.affinity` is set | `[]` | -| `queryScheduler.affinity` | Affinity for queryScheduler pods assignment | `{}` | -| `queryScheduler.nodeSelector` | Node labels for queryScheduler pods assignment | `{}` | -| `queryScheduler.tolerations` | Tolerations for queryScheduler pods assignment | `[]` | -| `queryScheduler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `queryScheduler.priorityClassName` | queryScheduler pods' priorityClassName | `""` | -| `queryScheduler.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `queryScheduler.updateStrategy.type` | queryScheduler statefulset strategy type | `RollingUpdate` | -| `queryScheduler.updateStrategy.rollingUpdate` | queryScheduler statefulset rolling update configuration parameters | `nil` | -| `queryScheduler.extraVolumes` | Optionally specify extra list of additional volumes for the queryScheduler pod(s) | `[]` | -| `queryScheduler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the queryScheduler container(s) | `[]` | -| `queryScheduler.sidecars` | Add additional sidecar containers to the queryScheduler pod(s) | `[]` | -| `queryScheduler.initContainers` | Add additional init containers to the queryScheduler pod(s) | `[]` | - -### Query Scheduler Traffic Exposure Parameters - -| Name | Description | Value | -| ------------------------------------------------------ | ---------------------------------------------------------------- | ----------- | -| `queryScheduler.service.type` | queryScheduler service type | `ClusterIP` | -| `queryScheduler.service.ports.http` | queryScheduler HTTP service port | `3100` | -| `queryScheduler.service.ports.grpc` | queryScheduler GRPC service port | `9095` | -| `queryScheduler.service.nodePorts.http` | Node port for HTTP | `""` | -| `queryScheduler.service.nodePorts.grpc` | Node port for GRPC | `""` | -| `queryScheduler.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `queryScheduler.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `queryScheduler.service.clusterIP` | queryScheduler service Cluster IP | `""` | -| `queryScheduler.service.loadBalancerIP` | queryScheduler service Load Balancer IP | `""` | -| `queryScheduler.service.loadBalancerSourceRanges` | queryScheduler service Load Balancer sources | `[]` | -| `queryScheduler.service.externalTrafficPolicy` | queryScheduler service external traffic policy | `Cluster` | -| `queryScheduler.service.annotations` | Additional custom annotations for queryScheduler service | `{}` | -| `queryScheduler.service.extraPorts` | Extra ports to expose in the queryScheduler service | `[]` | -| `queryScheduler.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `queryScheduler.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `queryScheduler.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `queryScheduler.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `queryScheduler.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `queryScheduler.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `queryScheduler.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | - -### Ruler Deployment Parameters - -| Name | Description | Value | -| --------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | -| `ruler.enabled` | Deploy ruler component | `false` | -| `ruler.extraEnvVars` | Array with extra environment variables to add to ruler nodes | `[]` | -| `ruler.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ruler nodes | `""` | -| `ruler.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ruler nodes | `""` | -| `ruler.command` | Override default container command (useful when using custom images) | `[]` | -| `ruler.args` | Override default container args (useful when using custom images) | `[]` | -| `ruler.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `ruler.podManagementPolicy` | podManagementPolicy to manage scaling operation | `""` | -| `ruler.replicaCount` | Number of Ruler replicas to deploy | `1` | -| `ruler.livenessProbe.enabled` | Enable livenessProbe on Ruler nodes | `true` | -| `ruler.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `ruler.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `ruler.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `ruler.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `ruler.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `ruler.readinessProbe.enabled` | Enable readinessProbe on Ruler nodes | `true` | -| `ruler.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `ruler.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `ruler.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `ruler.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `ruler.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `ruler.startupProbe.enabled` | Enable startupProbe on Ruler containers | `false` | -| `ruler.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `ruler.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `ruler.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `ruler.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `ruler.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `ruler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `ruler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `ruler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `ruler.lifecycleHooks` | for the ruler container(s) to automate configuration before or after startup | `{}` | -| `ruler.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ruler.resources is set (ruler.resources is recommended for production). | `nano` | -| `ruler.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `ruler.podSecurityContext.enabled` | Enabled Ruler pods' Security Context | `true` | -| `ruler.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `ruler.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `ruler.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `ruler.podSecurityContext.fsGroup` | Set Ruler pod's Security Context fsGroup | `1001` | -| `ruler.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `ruler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `ruler.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `ruler.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `ruler.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `ruler.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `ruler.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `ruler.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `ruler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `ruler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `ruler.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `ruler.hostAliases` | ruler pods host aliases | `[]` | -| `ruler.podLabels` | Extra labels for ruler pods | `{}` | -| `ruler.podAnnotations` | Annotations for ruler pods | `{}` | -| `ruler.podAffinityPreset` | Pod affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ruler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `ruler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ruler.nodeAffinityPreset.key` | Node label key to match. Ignored if `ruler.affinity` is set | `""` | -| `ruler.nodeAffinityPreset.values` | Node label values to match. Ignored if `ruler.affinity` is set | `[]` | -| `ruler.affinity` | Affinity for ruler pods assignment | `{}` | -| `ruler.nodeSelector` | Node labels for Ruler pods assignment | `{}` | -| `ruler.tolerations` | Tolerations for Ruler pods assignment | `[]` | -| `ruler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `ruler.priorityClassName` | Ruler pods' priorityClassName | `""` | -| `ruler.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `ruler.updateStrategy.type` | Ruler statefulset strategy type | `RollingUpdate` | -| `ruler.updateStrategy.rollingUpdate` | Ruler statefulset rolling update configuration parameters | `nil` | -| `ruler.extraVolumes` | Optionally specify extra list of additional volumes for the Ruler pod(s) | `[]` | -| `ruler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the ruler container(s) | `[]` | -| `ruler.sidecars` | Add additional sidecar containers to the Ruler pod(s) | `[]` | -| `ruler.initContainers` | Add additional init containers to the Ruler pod(s) | `[]` | - -### Ruler Persistence Parameters - -| Name | Description | Value | -| -------------------------------- | -------------------------------------------------------------------- | ------------------- | -| `ruler.persistence.enabled` | Enable persistence in Ruler instances | `true` | -| `ruler.persistence.storageClass` | PVC Storage Class for Memcached data volume | `""` | -| `ruler.persistence.subPath` | The subdirectory of the volume to mount to | `""` | -| `ruler.persistence.accessModes` | PVC Access modes | `["ReadWriteOnce"]` | -| `ruler.persistence.size` | PVC Storage Request for Memcached data volume | `8Gi` | -| `ruler.persistence.annotations` | Additional PVC annotations | `{}` | -| `ruler.persistence.selector` | Selector to match an existing Persistent Volume for Ruler's data PVC | `{}` | - -### Ruler Traffic Exposure Parameters - -| Name | Description | Value | -| --------------------------------------------- | ---------------------------------------------------------------- | ----------- | -| `ruler.service.type` | Ruler service type | `ClusterIP` | -| `ruler.service.ports.http` | Ruler HTTP service port | `3100` | -| `ruler.service.ports.grpc` | Ruler GRPC service port | `9095` | -| `ruler.service.nodePorts.http` | Node port for HTTP | `""` | -| `ruler.service.nodePorts.grpc` | Node port for GRPC | `""` | -| `ruler.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `ruler.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `ruler.service.clusterIP` | Ruler service Cluster IP | `""` | -| `ruler.service.loadBalancerIP` | Ruler service Load Balancer IP | `""` | -| `ruler.service.loadBalancerSourceRanges` | Ruler service Load Balancer sources | `[]` | -| `ruler.service.externalTrafficPolicy` | Ruler service external traffic policy | `Cluster` | -| `ruler.service.annotations` | Additional custom annotations for Ruler service | `{}` | -| `ruler.service.extraPorts` | Extra ports to expose in the Ruler service | `[]` | -| `ruler.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `ruler.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `ruler.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `ruler.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `ruler.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `ruler.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `ruler.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | - -### table-manager Deployment Parameters - -| Name | Description | Value | -| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | -| `tableManager.enabled` | Deploy table-manager | `false` | -| `tableManager.extraEnvVars` | Array with extra environment variables to add to tableManager nodes | `[]` | -| `tableManager.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for tableManager nodes | `""` | -| `tableManager.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for tableManager nodes | `""` | -| `tableManager.command` | Override default container command (useful when using custom images) | `[]` | -| `tableManager.args` | Override default container args (useful when using custom images) | `[]` | -| `tableManager.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `tableManager.replicaCount` | Number of table-manager replicas to deploy | `1` | -| `tableManager.livenessProbe.enabled` | Enable livenessProbe on table-manager nodes | `true` | -| `tableManager.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `tableManager.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `tableManager.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `tableManager.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `tableManager.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `tableManager.readinessProbe.enabled` | Enable readinessProbe on table-manager nodes | `true` | -| `tableManager.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `tableManager.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `tableManager.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `tableManager.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `tableManager.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `tableManager.startupProbe.enabled` | Enable startupProbe on table-manager containers | `false` | -| `tableManager.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `tableManager.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `tableManager.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `tableManager.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `tableManager.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `tableManager.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `tableManager.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `tableManager.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `tableManager.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if tableManager.resources is set (tableManager.resources is recommended for production). | `nano` | -| `tableManager.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `tableManager.podSecurityContext.enabled` | Enabled table-manager pods' Security Context | `true` | -| `tableManager.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `tableManager.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `tableManager.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `tableManager.podSecurityContext.fsGroup` | Set table-manager pod's Security Context fsGroup | `1001` | -| `tableManager.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `tableManager.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `tableManager.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `tableManager.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `tableManager.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `tableManager.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `tableManager.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `tableManager.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `tableManager.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `tableManager.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `tableManager.lifecycleHooks` | for the tableManager container(s) to automate configuration before or after startup | `{}` | -| `tableManager.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `tableManager.hostAliases` | tableManager pods host aliases | `[]` | -| `tableManager.podLabels` | Extra labels for tableManager pods | `{}` | -| `tableManager.podAnnotations` | Annotations for tableManager pods | `{}` | -| `tableManager.podAffinityPreset` | Pod affinity preset. Ignored if `tableManager.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `tableManager.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `tableManager.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `tableManager.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `tableManager.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `tableManager.nodeAffinityPreset.key` | Node label key to match. Ignored if `tableManager.affinity` is set | `""` | -| `tableManager.nodeAffinityPreset.values` | Node label values to match. Ignored if `tableManager.affinity` is set | `[]` | -| `tableManager.affinity` | Affinity for table-manager pods assignment | `{}` | -| `tableManager.nodeSelector` | Node labels for table-manager pods assignment | `{}` | -| `tableManager.tolerations` | Tolerations for table-manager pods assignment | `[]` | -| `tableManager.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `tableManager.priorityClassName` | table-manager pods' priorityClassName | `""` | -| `tableManager.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `tableManager.updateStrategy.type` | table-manager statefulset strategy type | `RollingUpdate` | -| `tableManager.updateStrategy.rollingUpdate` | table-manager statefulset rolling update configuration parameters | `nil` | -| `tableManager.extraVolumes` | Optionally specify extra list of additional volumes for the table-manager pod(s) | `[]` | -| `tableManager.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the table-manager container(s) | `[]` | -| `tableManager.sidecars` | Add additional sidecar containers to the table-manager pod(s) | `[]` | -| `tableManager.initContainers` | Add additional init containers to the table-manager pod(s) | `[]` | - -### table-manager Traffic Exposure Parameters - -| Name | Description | Value | -| ---------------------------------------------------- | ---------------------------------------------------------------- | ----------- | -| `tableManager.service.type` | table-manager service type | `ClusterIP` | -| `tableManager.service.ports.http` | table-manager HTTP service port | `3100` | -| `tableManager.service.ports.grpc` | table-manager GRPC service port | `9095` | -| `tableManager.service.nodePorts.http` | Node port for HTTP | `""` | -| `tableManager.service.nodePorts.grpc` | Node port for GRPC | `""` | -| `tableManager.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `tableManager.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `tableManager.service.clusterIP` | table-manager service Cluster IP | `""` | -| `tableManager.service.loadBalancerIP` | table-manager service Load Balancer IP | `""` | -| `tableManager.service.loadBalancerSourceRanges` | table-manager service Load Balancer sources | `[]` | -| `tableManager.service.externalTrafficPolicy` | table-manager service external traffic policy | `Cluster` | -| `tableManager.service.annotations` | Additional custom annotations for table-manager service | `{}` | -| `tableManager.service.extraPorts` | Extra ports to expose in the table-manager service | `[]` | -| `tableManager.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `tableManager.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `tableManager.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `tableManager.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `tableManager.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `tableManager.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `tableManager.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | - -### Promtail Deployment Parameters - -| Name | Description | Value | -| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `promtail.enabled` | Deploy promtail | `true` | -| `promtail.image.registry` | Grafana Promtail image registry | `REGISTRY_NAME` | -| `promtail.image.repository` | Grafana Promtail image repository | `REPOSITORY_NAME/promtail` | -| `promtail.image.digest` | Grafana Promtail image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `promtail.image.pullPolicy` | Grafana Promtail image pull policy | `IfNotPresent` | -| `promtail.image.pullSecrets` | Grafana Promtail image pull secrets | `[]` | -| `promtail.extraEnvVars` | Array with extra environment variables to add to promtail nodes | `[]` | -| `promtail.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for promtail nodes | `""` | -| `promtail.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for promtail nodes | `""` | -| `promtail.command` | Override default container command (useful when using custom images) | `[]` | -| `promtail.args` | Override default container args (useful when using custom images) | `[]` | -| `promtail.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `promtail.containerPorts.http` | Promtail HTTP port | `8080` | -| `promtail.containerPorts.grpc` | Promtail HTTP port | `9095` | -| `promtail.livenessProbe.enabled` | Enable livenessProbe on Promtail nodes | `true` | -| `promtail.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `promtail.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `promtail.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `promtail.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `promtail.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `promtail.readinessProbe.enabled` | Enable readinessProbe on Promtail nodes | `true` | -| `promtail.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `promtail.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `promtail.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `promtail.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `promtail.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `promtail.startupProbe.enabled` | Enable startupProbe on Promtail containers | `false` | -| `promtail.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `promtail.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `promtail.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `promtail.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `promtail.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `promtail.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `promtail.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `promtail.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `promtail.lifecycleHooks` | for the promtail container(s) to automate configuration before or after startup | `{}` | -| `promtail.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if promtail.resources is set (promtail.resources is recommended for production). | `nano` | -| `promtail.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `promtail.podSecurityContext.enabled` | Enabled Promtail pods' Security Context | `true` | -| `promtail.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `promtail.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `promtail.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `promtail.podSecurityContext.fsGroup` | Set Promtail pod's Security Context fsGroup | `0` | -| `promtail.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `promtail.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `promtail.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `0` | -| `promtail.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` | -| `promtail.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `false` | -| `promtail.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `promtail.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `promtail.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `promtail.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `promtail.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `promtail.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `promtail.hostAliases` | promtail pods host aliases | `[]` | -| `promtail.podLabels` | Extra labels for promtail pods | `{}` | -| `promtail.podAnnotations` | Annotations for promtail pods | `{}` | -| `promtail.podAffinityPreset` | Pod affinity preset. Ignored if `promtail.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `promtail.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `promtail.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `promtail.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `promtail.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `promtail.nodeAffinityPreset.key` | Node label key to match. Ignored if `promtail.affinity` is set | `""` | -| `promtail.nodeAffinityPreset.values` | Node label values to match. Ignored if `promtail.affinity` is set | `[]` | -| `promtail.affinity` | Affinity for promtail pods assignment | `{}` | -| `promtail.nodeSelector` | Node labels for Promtail pods assignment | `{}` | -| `promtail.tolerations` | Tolerations for Promtail pods assignment | `[]` | -| `promtail.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `promtail.priorityClassName` | Promtail pods' priorityClassName | `""` | -| `promtail.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `promtail.updateStrategy.type` | Promtail statefulset strategy type | `RollingUpdate` | -| `promtail.updateStrategy.rollingUpdate` | Promtail statefulset rolling update configuration parameters | `nil` | -| `promtail.extraVolumes` | Optionally specify extra list of additional volumes for the Promtail pod(s) | `[]` | -| `promtail.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the promtail container(s) | `[]` | -| `promtail.sidecars` | Add additional sidecar containers to the Promtail pod(s) | `[]` | -| `promtail.initContainers` | Add additional init containers to the Promtail pod(s) | `[]` | -| `promtail.configuration` | Promtail configuration | `""` | -| `promtail.existingSecret` | Name of a Secret that contains the Promtail configuration | `""` | -| `promtail.logLevel` | Promtail logging level | `info` | - -### Promtail Traffic Exposure Parameters - -| Name | Description | Value | -| ------------------------------------------------------ | -------------------------------------------------------------------------------------------------- | ----------- | -| `promtail.service.type` | Promtail service type | `ClusterIP` | -| `promtail.service.ports.http` | Promtail HTTP service port | `3100` | -| `promtail.service.ports.grpc` | Promtail gRPC service port | `9095` | -| `promtail.service.nodePorts.http` | Node port for HTTP | `""` | -| `promtail.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `promtail.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `promtail.service.clusterIP` | Promtail service Cluster IP | `""` | -| `promtail.service.loadBalancerIP` | Promtail service Load Balancer IP | `""` | -| `promtail.service.loadBalancerSourceRanges` | Promtail service Load Balancer sources | `[]` | -| `promtail.service.externalTrafficPolicy` | Promtail service external traffic policy | `Cluster` | -| `promtail.service.annotations` | Additional custom annotations for Promtail service | `{}` | -| `promtail.service.extraPorts` | Extra ports to expose in the Promtail service | `[]` | -| `promtail.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `promtail.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `promtail.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `promtail.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | -| `promtail.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `promtail.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `promtail.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `promtail.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `promtail.rbac.create` | Create RBAC rules | `true` | -| `promtail.serviceAccount.create` | Enable creation of ServiceAccount for Promtail pods | `true` | -| `promtail.serviceAccount.name` | The name of the ServiceAccount to use | `""` | -| `promtail.serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the promtail.serviceAccount.created | `false` | -| `promtail.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | - -### Init Container Parameters - -| Name | Description | Value | -| ---------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | -| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` | -| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | -| `volumePermissions.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | - -### Other Parameters - -| Name | Description | Value | -| --------------------------------------------- | ---------------------------------------------------------------------- | ------- | -| `serviceAccount.create` | Enable creation of ServiceAccount for Loki pods | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to use | `""` | -| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | -| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | - -### Metrics Parameters - -| Name | Description | Value | -| ------------------------------------------ | ------------------------------------------------------------------------------------- | ------- | -| `metrics.enabled` | Enable metrics | `false` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` | -| `metrics.serviceMonitor.namespace` | Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | -| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | - -### External Memcached (Chunks) Parameters - -| Name | Description | Value | -| ------------------------------ | --------------------------------------------- | ------- | -| `externalMemcachedChunks.host` | Host of a running external memcached instance | `""` | -| `externalMemcachedChunks.port` | Port of a running external memcached instance | `11211` | - -### Memcached Sub-chart Parameters (Chunks) - -| Name | Description | Value | -| ----------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- | -| `memcachedchunks.enabled` | Deploy memcached sub-chart | `true` | -| `memcachedchunks.image.registry` | Memcached image registry | `REGISTRY_NAME` | -| `memcachedchunks.image.repository` | Memcached image repository | `REPOSITORY_NAME/memcached` | -| `memcachedchunks.image.digest` | Memcached image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `memcachedchunks.nameOverride` | override the subchart name | `""` | -| `memcachedchunks.architecture` | Memcached architecture | `high-availability` | -| `memcachedchunks.service.ports.memcached` | Memcached service port | `11211` | -| `memcachedchunks.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` | -| `memcachedchunks.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | - -### External Memcached (Frontend) Parameters - -| Name | Description | Value | -| -------------------------------- | --------------------------------------------- | ------- | -| `externalMemcachedFrontend.host` | Host of a running external memcached instance | `""` | -| `externalMemcachedFrontend.port` | Port of a running external memcached instance | `11211` | - -### Memcached Sub-chart Parameters (Frontend) - -| Name | Description | Value | -| ------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- | -| `memcachedfrontend.enabled` | Deploy memcached sub-chart | `true` | -| `memcachedfrontend.image.registry` | Memcached image registry | `REGISTRY_NAME` | -| `memcachedfrontend.image.repository` | Memcached image repository | `REPOSITORY_NAME/memcached` | -| `memcachedfrontend.image.digest` | Memcached image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `memcachedfrontend.architecture` | Memcached architecture | `high-availability` | -| `memcachedfrontend.nameOverride` | override the subchart name | `""` | -| `memcachedfrontend.service.ports.memcached` | Memcached service port | `11211` | -| `memcachedfrontend.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` | -| `memcachedfrontend.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | - -### External Memcached (Index-Queries) Parameters - -| Name | Description | Value | -| ------------------------------------ | --------------------------------------------- | ------- | -| `externalMemcachedIndexQueries.host` | Host of a running external memcached instance | `""` | -| `externalMemcachedIndexQueries.port` | Port of a running external memcached instance | `11211` | - -### Memcached Sub-chart Parameters (Index-Queries) - -| Name | Description | Value | -| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- | -| `memcachedindexqueries.enabled` | Deploy memcached sub-chart | `false` | -| `memcachedindexqueries.image.registry` | Memcached image registry | `REGISTRY_NAME` | -| `memcachedindexqueries.image.repository` | Memcached image repository | `REPOSITORY_NAME/memcached` | -| `memcachedindexqueries.image.digest` | Memcached image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `memcachedindexqueries.architecture` | Memcached architecture | `high-availability` | -| `memcachedindexqueries.nameOverride` | override the subchart name | `""` | -| `memcachedindexqueries.service.ports.memcached` | Memcached service port | `11211` | -| `memcachedindexqueries.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` | -| `memcachedindexqueries.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | - -### External Memcached (IndexWrites) Parameters - -| Name | Description | Value | -| ----------------------------------- | --------------------------------------------- | ------- | -| `externalMemcachedIndexWrites.host` | Host of a running external memcached instance | `""` | -| `externalMemcachedIndexWrites.port` | Port of a running external memcached instance | `11211` | - -### Memcached Sub-chart Parameters (Index-Writes) - -| Name | Description | Value | -| ---------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- | -| `memcachedindexwrites.enabled` | Deploy memcached sub-chart | `false` | -| `memcachedindexwrites.image.registry` | Memcached image registry | `REGISTRY_NAME` | -| `memcachedindexwrites.image.repository` | Memcached image repository | `REPOSITORY_NAME/memcached` | -| `memcachedindexwrites.image.digest` | Memcached image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `memcachedindexwrites.architecture` | Memcached architecture | `high-availability` | -| `memcachedindexwrites.nameOverride` | override the subchart name | `""` | -| `memcachedindexwrites.service.ports.memcached` | Memcached service port | `11211` | -| `memcachedindexwrites.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` | -| `memcachedindexwrites.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | - -See to create the table. - -The above parameters map to the env variables defined in [bitnami/grafana-loki](https://github.com/bitnami/containers/tree/main/bitnami/grafana-loki). For more information please refer to the [bitnami/grafana-loki](https://github.com/bitnami/containers/tree/main/bitnami/grafana-loki) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -helm install my-release \ - --set loki.traces.jaeger.grpc=true \ - oci://REGISTRY_NAME/REPOSITORY_NAME/grafana-loki -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The above command enables the Jaeger GRPC traces. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/grafana-loki -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. -> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/grafana-loki/values.yaml) - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 4.0.0 - -This major bumps the Grafana Loki version to its newest major, 3.x.x. This version includes a new storage schema, among other features like structured metadata support. These changes could potentially break your deployments. Please refer to the official [release notes](https://grafana.com/docs/loki/latest/release-notes/v3-0/) and documentation website for further details. - -### To 3.0.0 - -This major bump changes the following security defaults: - -- `runAsGroup` is changed from `0` to `1001` -- `readOnlyRootFilesystem` is set to `true` -- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case). -- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`. - -This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones. - -### To 1.0.0 - -This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. - -- `loki.containerPort`, `loki.grpcContainerPort` and `loki.gossipRing.containerPort` have been regrouped under the `loki.containerPorts` map. -- `queryFrontend.query.jaegerMetricsContainerPort` and `queryFrontend.query.jaegerUIContainerPort` have been regrouped under the `queryFrontend.query.containerPorts` map. -- `vulture.containerPort` has been regrouped under the `vulture.containerPorts` map. -- `XXX.service.port` and `XXX.service.grpcPort` have been regrouped under the `XXX.service.ports` map. - -Additionally updates the Memcached subchart to its newest major `6.x.x`, which contains similar changes. - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/.helmignore b/charts/nopo11y-stack/charts/grafana-loki/charts/common/.helmignore deleted file mode 100644 index 7c7c21d..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/.helmignore +++ /dev/null @@ -1,24 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -# img folder -img/ diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/Chart.yaml b/charts/nopo11y-stack/charts/grafana-loki/charts/common/Chart.yaml deleted file mode 100644 index 8d0e546..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Infrastructure - licenses: Apache-2.0 -apiVersion: v2 -appVersion: 2.19.1 -description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. -home: https://bitnami.com -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- name: VMware, Inc. - url: https://github.com/bitnami/charts -name: common -sources: -- https://github.com/bitnami/charts -type: library -version: 2.19.1 diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/README.md b/charts/nopo11y-stack/charts/grafana-loki/charts/common/README.md deleted file mode 100644 index 0d01a1e..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/README.md +++ /dev/null @@ -1,235 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 2.x.x - repository: oci://registry-1.docker.io/bitnamicharts -``` - -```console -helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.23+ -- Helm 3.8.0+ - -## Parameters - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets (evaluated as templates). - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret - -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -#### Example of use - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -#### NOTES.txt - -```console -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) -``` - -## Upgrading - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -#### What changes were introduced in this major version? - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -#### Considerations when upgrading to this version - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -#### Useful links - -- -- -- - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_affinities.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_affinities.tpl deleted file mode 100644 index e85b1df..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_affinities.tpl +++ /dev/null @@ -1,139 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a topologyKey definition -{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} -*/}} -{{- define "common.affinities.topologyKey" -}} -{{ .topologyKey | default "kubernetes.io/hostname" -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: 1 - {{- range $extraPodAffinityTerms }} - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: {{ .weight | default 1 -}} - {{- end -}} -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- range $extraPodAffinityTerms }} - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- end -}} -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_capabilities.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_capabilities.tpl deleted file mode 100644 index 115674a..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,229 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- if .Values.global }} - {{- if .Values.global.kubeVersion }} - {{- .Values.global.kubeVersion -}} - {{- else }} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} - {{- end -}} -{{- else }} -{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for poddisruptionbudget. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for daemonset. -*/}} -{{- define "common.capabilities.daemonset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if .Values.ingress -}} -{{- if .Values.ingress.apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for APIService. -*/}} -{{- define "common.capabilities.apiService.apiVersion" -}} -{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiregistration.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiregistration.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Horizontal Pod Autoscaler. -*/}} -{{- define "common.capabilities.hpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Vertical Pod Autoscaler. -*/}} -{{- define "common.capabilities.vpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if PodSecurityPolicy is supported -*/}} -{{- define "common.capabilities.psp.supported" -}} -{{- if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if AdmissionConfiguration is supported -*/}} -{{- define "common.capabilities.admissionConfiguration.supported" -}} -{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for AdmissionConfiguration. -*/}} -{{- define "common.capabilities.admissionConfiguration.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiserver.config.k8s.io/v1alpha1" -}} -{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiserver.config.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiserver.config.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for PodSecurityConfiguration. -*/}} -{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}} -{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "pod-security.admission.config.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "pod-security.admission.config.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_compatibility.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_compatibility.tpl deleted file mode 100644 index 17665d5..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_compatibility.tpl +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return true if the detected platform is Openshift -Usage: -{{- include "common.compatibility.isOpenshift" . -}} -*/}} -{{- define "common.compatibility.isOpenshift" -}} -{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}} -{{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC -Usage: -{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}} -*/}} -{{- define "common.compatibility.renderSecurityContext" -}} -{{- $adaptedContext := .secContext -}} -{{- if .context.Values.global.compatibility -}} - {{- if .context.Values.global.compatibility.openshift -}} - {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}} - {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}} - {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}} - {{- if not .secContext.seLinuxOptions -}} - {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}} - {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- omit $adaptedContext "enabled" | toYaml -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_errors.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_errors.tpl deleted file mode 100644 index 07ded6f..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_images.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_images.tpl deleted file mode 100644 index 1bcb779..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_images.tpl +++ /dev/null @@ -1,117 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $separator := ":" -}} -{{- $termination := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- if .imageRoot.digest }} - {{- $separator = "@" -}} - {{- $termination = .imageRoot.digest | toString -}} -{{- end -}} -{{- if $registryName }} - {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} -{{- else -}} - {{- printf "%s%s%s" $repositoryName $separator $termination -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets .name -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end }} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets .name -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) -{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} -*/}} -{{- define "common.images.version" -}} -{{- $imageTag := .imageRoot.tag | toString -}} -{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} -{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} - {{- $version := semver $imageTag -}} - {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} -{{- else -}} - {{- print .chart.AppVersion -}} -{{- end -}} -{{- end -}} - diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_ingress.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_ingress.tpl deleted file mode 100644 index efa5b85..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_ingress.tpl +++ /dev/null @@ -1,73 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if cert-manager required annotations for TLS signed -certificates are set in the Ingress annotations -Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations -Usage: -{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} -*/}} -{{- define "common.ingress.certManagerRequest" -}} -{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_labels.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_labels.tpl deleted file mode 100644 index d90a6cd..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Kubernetes standard labels -{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} -*/}} -{{- define "common.labels.standard" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} -{{- with .context.Chart.AppVersion -}} -{{- $_ := set $default "app.kubernetes.io/version" . -}} -{{- end -}} -{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- with .Chart.AppVersion }} -app.kubernetes.io/version: {{ . | quote }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector -{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} - -We don't want to loop over custom labels appending them to the selector -since it's very likely that it will break deployments, services, etc. -However, it's important to overwrite the standard labels if the user -overwrote them on metadata.labels fields. -*/}} -{{- define "common.labels.matchLabels" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_names.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_names.tpl deleted file mode 100644 index a222924..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_names.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "common.names.namespace" -}} -{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified app name adding the installation's namespace. -*/}} -{{- define "common.names.fullname.namespace" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_resources.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_resources.tpl deleted file mode 100644 index 030fa1a..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_resources.tpl +++ /dev/null @@ -1,50 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a resource request/limit object based on a given preset. -These presets are for basic testing and not meant to be used in production -{{ include "common.resources.preset" (dict "type" "nano") -}} -*/}} -{{- define "common.resources.preset" -}} -{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} -{{- $presets := dict - "nano" (dict - "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "1024Mi") - ) - "micro" (dict - "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "1024Mi") - ) - "small" (dict - "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "1024Mi") - ) - "medium" (dict - "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "1024Mi") - ) - "large" (dict - "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi") - ) - "xlarge" (dict - "requests" (dict "cpu" "1.5" "memory" "4096Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi") - ) - "2xlarge" (dict - "requests" (dict "cpu" "1.5" "memory" "4096Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi") - ) - }} -{{- if hasKey $presets .type -}} -{{- index $presets .type | toYaml -}} -{{- else -}} -{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} -{{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_secrets.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_secrets.tpl deleted file mode 100644 index 84dbe38..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,182 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. - - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. - - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted. - - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret. -The order in which this function returns a secret password: - 1. Already existing 'Secret' resource - (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 2. Password provided via the values.yaml - (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 3. Randomly generated secret password - (A new random secret password with the length specified in the 'length' parameter will be generated and returned) - -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} -{{- if $secretData }} - {{- if hasKey $secretData .key }} - {{- $password = index $secretData .key | b64dec }} - {{- else if not (eq .failOnNew false) }} - {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString }} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle }} - {{- else }} - {{- $password = randAlphaNum $passwordLength }} - {{- end }} -{{- end -}} -{{- if not .skipB64enc }} -{{- $password = $password | b64enc }} -{{- end -}} -{{- if .skipQuote -}} -{{- printf "%s" $password -}} -{{- else -}} -{{- printf "%s" $password | quote -}} -{{- end -}} -{{- end -}} - -{{/* -Reuses the value from an existing secret, otherwise sets its value to a default value. - -Usage: -{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - context - Context - Required - Parent context. - -*/}} -{{- define "common.secrets.lookup" -}} -{{- $value := "" -}} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} -{{- if and $secretData (hasKey $secretData .key) -}} - {{- $value = index $secretData .key -}} -{{- else if .defaultValue -}} - {{- $value = .defaultValue | toString | b64enc -}} -{{- end -}} -{{- if $value -}} -{{- printf "%s" $value -}} -{{- end -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_storage.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_storage.tpl deleted file mode 100644 index 16405a0..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_tplvalues.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index a8ed763..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template perhaps with scope if the scope is present. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} -*/}} -{{- define "common.tplvalues.render" -}} -{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} -{{- if contains "{{" (toJson .value) }} - {{- if .scope }} - {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} - {{- else }} - {{- tpl $value .context }} - {{- end }} -{{- else }} - {{- $value }} -{{- end }} -{{- end -}} - -{{/* -Merge a list of values that contains template after rendering them. -Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge -Usage: -{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} -*/}} -{{- define "common.tplvalues.merge" -}} -{{- $dst := dict -}} -{{- range .values -}} -{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} -{{- end -}} -{{ $dst | toYaml }} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_utils.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_utils.tpl deleted file mode 100644 index bfbddf0..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,77 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376). -Usage: -{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }} -*/}} -{{- define "common.utils.checksumTemplate" -}} -{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}} -{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_warnings.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_warnings.tpl deleted file mode 100644 index 0f763cd..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,82 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/tutorials/understand-rolling-tags-containers -{{- end }} -{{- end -}} - -{{/* -Warning about not setting the resource object in all deployments. -Usage: -{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }} -Example: -{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }} -The list in the example assumes that the following values exist: - - csiProvider.provider.resources - - server.resources - - volumePermissions.resources - - resources -*/}} -{{- define "common.warnings.resources" -}} -{{- $values := .context.Values -}} -{{- $printMessage := false -}} -{{ $affectedSections := list -}} -{{- range .sections -}} - {{- if eq . "" -}} - {{/* Case where the resources section is at the root (one main deployment in the chart) */}} - {{- if not (index $values "resources") -}} - {{- $affectedSections = append $affectedSections "resources" -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else -}} - {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}} - {{- $keys := split "." . -}} - {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}} - {{- $section := $values -}} - {{- range $keys -}} - {{- $section = index $section . -}} - {{- end -}} - {{- if not (index $section "resources") -}} - {{/* If the section has enabled=false or replicaCount=0, do not include it */}} - {{- if and (hasKey $section "enabled") -}} - {{- if index $section "enabled" -}} - {{/* enabled=true */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else if and (hasKey $section "replicaCount") -}} - {{/* We need a casting to int because number 0 is not treated as an int by default */}} - {{- if (gt (index $section "replicaCount" | int) 0) -}} - {{/* replicaCount > 0 */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else -}} - {{/* Default case, add it to the affected sections */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- if $printMessage }} - -WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs: -{{- range $affectedSections }} - - {{ . }} -{{- end }} -+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -{{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_cassandra.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_cassandra.tpl deleted file mode 100644 index eda9aad..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,77 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_mariadb.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_mariadb.tpl deleted file mode 100644 index 17d83a2..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_mongodb.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_mongodb.tpl deleted file mode 100644 index bbb445b..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,113 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_mysql.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_mysql.tpl deleted file mode 100644 index ca3953f..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_mysql.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MySQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mysql.passwords" -}} - {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mysql.values.enabled" . -}} - {{- $architecture := include "common.mysql.values.architecture" . -}} - {{- $authPrefix := include "common.mysql.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mysql. - -Usage: -{{ include "common.mysql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mysql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mysql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.key.auth" -}} - {{- if .subchart -}} - mysql.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_postgresql.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 8c9aa57..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,134 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_redis.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_redis.tpl deleted file mode 100644 index fc0d208..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,81 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis® required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_validations.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_validations.tpl deleted file mode 100644 index 31ceda8..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/common/values.yaml b/charts/nopo11y-stack/charts/grafana-loki/charts/common/values.yaml deleted file mode 100644 index 9abe0e1..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/common/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# Copyright VMware, Inc. -# SPDX-License-Identifier: APACHE-2.0 - -## bitnami/common -## It is required by CI/CD tools and processes. -## @skip exampleValue -## -exampleValue: common-chart diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/.helmignore b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/.helmignore deleted file mode 100644 index fb56657..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# img folder -img/ diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/Chart.lock b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/Chart.lock deleted file mode 100644 index e35e33e..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: oci://registry-1.docker.io/bitnamicharts - version: 2.19.1 -digest: sha256:c883732817d9aaa3304f7b3109262aa338959de15b432dc5a2dbde13d2e136a5 -generated: "2024-03-27T22:17:53.212914918Z" diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/Chart.yaml b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/Chart.yaml deleted file mode 100644 index 5b4f9ac..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -annotations: - category: Infrastructure - images: | - - name: memcached - image: docker.io/bitnami/memcached:1.6.26-debian-12-r0 - - name: memcached-exporter - image: docker.io/bitnami/memcached-exporter:0.14.3-debian-12-r0 - - name: os-shell - image: docker.io/bitnami/os-shell:12-debian-12-r17 - licenses: Apache-2.0 -apiVersion: v2 -appVersion: 1.6.26 -dependencies: -- name: common - repository: oci://registry-1.docker.io/bitnamicharts - tags: - - bitnami-common - version: 2.x.x -description: Memcached is an high-performance, distributed memory object caching system, - generic in nature, but intended for use in speeding up dynamic web applications - by alleviating database load. -home: https://bitnami.com -icon: https://bitnami.com/assets/stacks/memcached/img/memcached-stack-220x234.png -keywords: -- memcached -- cache -maintainers: -- name: VMware, Inc. - url: https://github.com/bitnami/charts -name: memcached -sources: -- https://github.com/bitnami/charts/tree/main/bitnami/memcached -version: 7.0.3 diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/README.md b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/README.md deleted file mode 100644 index cce9edd..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/README.md +++ /dev/null @@ -1,453 +0,0 @@ - - -# Bitnami package for Memcached - -Memcached is an high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. - -[Overview of Memcached](http://memcached.org) - -Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - -## TL;DR - -```console -helm install my-release oci://registry-1.docker.io/bitnamicharts/memcached -``` - -Looking to use Memcached in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - -## Introduction - -This chart bootstraps a [Memcached](https://github.com/bitnami/containers/tree/main/bitnami/memcached) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.23+ -- Helm 3.8.0+ - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/memcached -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -These commands deploy Memcached on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Configuration and installation details - -### Resource requests and limits - -Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. - -To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). - -### [Rolling vs Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Use Sidecars and Init Containers - -If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. - -```yaml -sidecars: -- name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: - -```yaml -service: - extraPorts: - - name: extraPort - port: 11311 - targetPort: 11311 -``` - -> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. - -If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: - -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). - -### Set Pod affinity - -This chart allows you to set your custom affinity using the `affinity` parameter(s). Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Persistence - -When using `architecture: "high-availability"` the [Bitnami Memcached](https://github.com/bitnami/containers/tree/main/bitnami/memcached) image stores the cache-state at the `/cache-state` path of the container if enabled. - -Persistent Volume Claims (PVCs) are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. - -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | -| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | - -### Common parameters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Override Kubernetes version | `""` | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | -| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | -| `extraDeploy` | Extra objects to deploy (evaluated as a template) | `[]` | -| `commonLabels` | Add labels to all the deployed resources | `{}` | -| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment/statefulset | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment/statefulset | `["infinity"]` | - -### Memcached parameters - -| Name | Description | Value | -| ----------------------------- | --------------------------------------------------------------------------------------------------------- | --------------------------- | -| `image.registry` | Memcached image registry | `REGISTRY_NAME` | -| `image.repository` | Memcached image repository | `REPOSITORY_NAME/memcached` | -| `image.digest` | Memcached image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | Memcached image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug values should be set | `false` | -| `architecture` | Memcached architecture. Allowed values: standalone or high-availability | `standalone` | -| `auth.enabled` | Enable Memcached authentication | `false` | -| `auth.username` | Memcached admin user | `""` | -| `auth.password` | Memcached admin password | `""` | -| `auth.existingPasswordSecret` | Existing secret with Memcached credentials (must contain a value for `memcached-password` key) | `""` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `extraEnvVars` | Array with extra environment variables to add to Memcached nodes | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Memcached nodes | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Memcached nodes | `""` | - -### Deployment/Statefulset parameters - -| Name | Description | Value | -| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | -| `replicaCount` | Number of Memcached nodes | `1` | -| `containerPorts.memcached` | Memcached container port | `11211` | -| `livenessProbe.enabled` | Enable livenessProbe on Memcached containers | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe on Memcached containers | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `startupProbe.enabled` | Enable startupProbe on Memcached containers | `false` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `lifecycleHooks` | for the Memcached container(s) to automate configuration before or after startup | `{}` | -| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` | -| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `podSecurityContext.enabled` | Enabled Memcached pods' Security Context | `true` | -| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `podSecurityContext.fsGroup` | Set Memcached pod's Security Context fsGroup | `1001` | -| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `podLabels` | Extra labels for Memcached pods | `{}` | -| `podAnnotations` | Annotations for Memcached pods | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `podManagementPolicy` | StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: `OrderedReady` and `Parallel` | `Parallel` | -| `priorityClassName` | Name of the existing priority class to be used by Memcached pods, priority class needs to be created beforehand | `""` | -| `schedulerName` | Kubernetes pod scheduler registry | `""` | -| `terminationGracePeriodSeconds` | In seconds, time the given to the memcached pod needs to terminate gracefully | `""` | -| `updateStrategy.type` | Memcached statefulset strategy type | `RollingUpdate` | -| `updateStrategy.rollingUpdate` | Memcached statefulset rolling update configuration parameters | `{}` | -| `extraVolumes` | Optionally specify extra list of additional volumes for the Memcached pod(s) | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Memcached container(s) | `[]` | -| `sidecars` | Add additional sidecar containers to the Memcached pod(s) | `[]` | -| `initContainers` | Add additional init containers to the Memcached pod(s) | `[]` | -| `autoscaling.enabled` | Enable memcached statefulset autoscaling (requires architecture: "high-availability") | `false` | -| `autoscaling.minReplicas` | memcached statefulset autoscaling minimum number of replicas | `3` | -| `autoscaling.maxReplicas` | memcached statefulset autoscaling maximum number of replicas | `6` | -| `autoscaling.targetCPU` | memcached statefulset autoscaling target CPU percentage | `50` | -| `autoscaling.targetMemory` | memcached statefulset autoscaling target CPU memory | `50` | -| `pdb.create` | Deploy a pdb object for the Memcached pod | `false` | -| `pdb.minAvailable` | Minimum available Memcached replicas | `""` | -| `pdb.maxUnavailable` | Maximum unavailable Memcached replicas | `1` | - -### Traffic Exposure parameters - -| Name | Description | Value | -| --------------------------------------- | --------------------------------------------------------------------------------------- | ----------- | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.ports.memcached` | Memcached service port | `11211` | -| `service.nodePorts.memcached` | Node port for Memcached | `""` | -| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `""` | -| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `service.clusterIP` | Memcached service Cluster IP | `""` | -| `service.loadBalancerIP` | Memcached service Load Balancer IP | `""` | -| `service.loadBalancerSourceRanges` | Memcached service Load Balancer sources | `[]` | -| `service.externalTrafficPolicy` | Memcached service external traffic policy | `Cluster` | -| `service.annotations` | Additional custom annotations for Memcached service | `{}` | -| `service.extraPorts` | Extra ports to expose in the Memcached service (normally used with the `sidecar` value) | `[]` | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | -| `networkPolicy.allowExternal` | The Policy model to apply | `true` | -| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | - -### Other Parameters - -| Name | Description | Value | -| --------------------------------------------- | ---------------------------------------------------------------------- | ------- | -| `serviceAccount.create` | Enable creation of ServiceAccount for Memcached pod | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | -| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | - -### Persistence parameters - -| Name | Description | Value | -| -------------------------- | ------------------------------------------------------------------------ | ------------------- | -| `persistence.enabled` | Enable Memcached data persistence using PVC. If false, use emptyDir | `false` | -| `persistence.storageClass` | PVC Storage Class for Memcached data volume | `""` | -| `persistence.accessModes` | PVC Access modes | `["ReadWriteOnce"]` | -| `persistence.size` | PVC Storage Request for Memcached data volume | `8Gi` | -| `persistence.annotations` | Annotations for the PVC | `{}` | -| `persistence.labels` | Labels for the PVC | `{}` | -| `persistence.selector` | Selector to match an existing Persistent Volume for Memcached's data PVC | `{}` | - -### Volume Permissions parameters - -| Name | Description | Value | -| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | -| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | -| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` | -| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Memcached exporter image registry | `REGISTRY_NAME` | -| `metrics.image.repository` | Memcached exporter image repository | `REPOSITORY_NAME/memcached-exporter` | -| `metrics.image.digest` | Memcached exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.containerPorts.metrics` | Memcached Prometheus Exporter container port | `9150` | -| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `nano` | -| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `metrics.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `metrics.livenessProbe.enabled` | Enable livenessProbe on Memcached Prometheus exporter containers | `true` | -| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` | -| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `metrics.readinessProbe.enabled` | Enable readinessProbe on Memcached Prometheus exporter containers | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `metrics.startupProbe.enabled` | Enable startupProbe on Memcached Prometheus exporter containers | `false` | -| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `metrics.podAnnotations` | Memcached Prometheus exporter pod Annotation and Labels | `{}` | -| `metrics.service.ports.metrics` | Prometheus metrics service port | `9150` | -| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` | -| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `metrics.service.annotations` | Annotations for the Prometheus metrics service | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` | -| `metrics.serviceMonitor.namespace` | Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | -| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | - -The above parameters map to the environment variables defined in the [bitnami/memcached](https://github.com/bitnami/containers/tree/main/bitnami/memcached) container image. For more information please refer to the [bitnami/memcached](https://github.com/bitnami/containers/tree/main/bitnami/memcached) container image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -helm install my-release --set auth.username=user,auth.password=password oci://REGISTRY_NAME/REPOSITORY_NAME/memcached -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The above command sets the Memcached admin account username and password to `user` and `password` respectively. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/memcached -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. -> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/memcached/values.yaml) - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 7.0.0 - -This major bump changes the following security defaults: - -- `runAsGroup` is changed from `0` to `1001` -- `readOnlyRootFilesystem` is set to `true` -- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case). -- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`. - -This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones. - -### To 6.0.0 - -This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. - -Some affected values are: - -- `memcachedUsername` and `memcachedPassword` have regrouped under the `auth` map. -- `arguments` has been renamed to `args`. -- `extraEnv` has been renamed to `extraEnvVars`. -- `service.port`, `service.internalPort` and `service.externalPort` have been regrouped under the `service.ports` map. -- `metrics.kafka.service.port` has been regrouped under the `metrics.kafka.service.ports` map. -- `metrics.jmx.service.port` has been regrouped under the `metrics.jmx.service.ports` map. -- `updateStrategy` (string) and `rollingUpdatePartition` are regrouped under the `updateStrategy` map. - -### To 5.3.0 - -This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/main/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -### To 5.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -### To 4.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 4.0.0. The following example assumes that the release name is memcached: - -```console -kubectl delete deployment memcached --cascade=false -helm upgrade memcached oci://REGISTRY_NAME/REPOSITORY_NAME/memcached -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -### To 3.0.0 - -This release uses the new bash based `bitnami/memcached` container which uses bash scripts for the start up logic of the container and is smaller in size. - -### To 1.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 1.0.0. The following example assumes that the release name is memcached: - -```console -kubectl patch deployment memcached --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -``` - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/.helmignore b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/.helmignore deleted file mode 100644 index 7c7c21d..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/.helmignore +++ /dev/null @@ -1,24 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -# img folder -img/ diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/Chart.yaml b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/Chart.yaml deleted file mode 100644 index 8d0e546..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Infrastructure - licenses: Apache-2.0 -apiVersion: v2 -appVersion: 2.19.1 -description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. -home: https://bitnami.com -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- name: VMware, Inc. - url: https://github.com/bitnami/charts -name: common -sources: -- https://github.com/bitnami/charts -type: library -version: 2.19.1 diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/README.md b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/README.md deleted file mode 100644 index 0d01a1e..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/README.md +++ /dev/null @@ -1,235 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 2.x.x - repository: oci://registry-1.docker.io/bitnamicharts -``` - -```console -helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.23+ -- Helm 3.8.0+ - -## Parameters - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets (evaluated as templates). - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret - -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -#### Example of use - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -#### NOTES.txt - -```console -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) -``` - -## Upgrading - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -#### What changes were introduced in this major version? - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -#### Considerations when upgrading to this version - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -#### Useful links - -- -- -- - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_affinities.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_affinities.tpl deleted file mode 100644 index e85b1df..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_affinities.tpl +++ /dev/null @@ -1,139 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a topologyKey definition -{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} -*/}} -{{- define "common.affinities.topologyKey" -}} -{{ .topologyKey | default "kubernetes.io/hostname" -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: 1 - {{- range $extraPodAffinityTerms }} - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: {{ .weight | default 1 -}} - {{- end -}} -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- range $extraPodAffinityTerms }} - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- end -}} -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_capabilities.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_capabilities.tpl deleted file mode 100644 index 115674a..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,229 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- if .Values.global }} - {{- if .Values.global.kubeVersion }} - {{- .Values.global.kubeVersion -}} - {{- else }} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} - {{- end -}} -{{- else }} -{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for poddisruptionbudget. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for daemonset. -*/}} -{{- define "common.capabilities.daemonset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if .Values.ingress -}} -{{- if .Values.ingress.apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for APIService. -*/}} -{{- define "common.capabilities.apiService.apiVersion" -}} -{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiregistration.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiregistration.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Horizontal Pod Autoscaler. -*/}} -{{- define "common.capabilities.hpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Vertical Pod Autoscaler. -*/}} -{{- define "common.capabilities.vpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if PodSecurityPolicy is supported -*/}} -{{- define "common.capabilities.psp.supported" -}} -{{- if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if AdmissionConfiguration is supported -*/}} -{{- define "common.capabilities.admissionConfiguration.supported" -}} -{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for AdmissionConfiguration. -*/}} -{{- define "common.capabilities.admissionConfiguration.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiserver.config.k8s.io/v1alpha1" -}} -{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiserver.config.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiserver.config.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for PodSecurityConfiguration. -*/}} -{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}} -{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "pod-security.admission.config.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "pod-security.admission.config.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_compatibility.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_compatibility.tpl deleted file mode 100644 index 17665d5..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_compatibility.tpl +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return true if the detected platform is Openshift -Usage: -{{- include "common.compatibility.isOpenshift" . -}} -*/}} -{{- define "common.compatibility.isOpenshift" -}} -{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}} -{{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC -Usage: -{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}} -*/}} -{{- define "common.compatibility.renderSecurityContext" -}} -{{- $adaptedContext := .secContext -}} -{{- if .context.Values.global.compatibility -}} - {{- if .context.Values.global.compatibility.openshift -}} - {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}} - {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}} - {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}} - {{- if not .secContext.seLinuxOptions -}} - {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}} - {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- omit $adaptedContext "enabled" | toYaml -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_errors.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_errors.tpl deleted file mode 100644 index 07ded6f..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_images.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_images.tpl deleted file mode 100644 index 1bcb779..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_images.tpl +++ /dev/null @@ -1,117 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $separator := ":" -}} -{{- $termination := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- if .imageRoot.digest }} - {{- $separator = "@" -}} - {{- $termination = .imageRoot.digest | toString -}} -{{- end -}} -{{- if $registryName }} - {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} -{{- else -}} - {{- printf "%s%s%s" $repositoryName $separator $termination -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets .name -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end }} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets .name -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) -{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} -*/}} -{{- define "common.images.version" -}} -{{- $imageTag := .imageRoot.tag | toString -}} -{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} -{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} - {{- $version := semver $imageTag -}} - {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} -{{- else -}} - {{- print .chart.AppVersion -}} -{{- end -}} -{{- end -}} - diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_ingress.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_ingress.tpl deleted file mode 100644 index efa5b85..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_ingress.tpl +++ /dev/null @@ -1,73 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if cert-manager required annotations for TLS signed -certificates are set in the Ingress annotations -Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations -Usage: -{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} -*/}} -{{- define "common.ingress.certManagerRequest" -}} -{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_labels.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_labels.tpl deleted file mode 100644 index d90a6cd..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Kubernetes standard labels -{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} -*/}} -{{- define "common.labels.standard" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} -{{- with .context.Chart.AppVersion -}} -{{- $_ := set $default "app.kubernetes.io/version" . -}} -{{- end -}} -{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- with .Chart.AppVersion }} -app.kubernetes.io/version: {{ . | quote }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector -{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} - -We don't want to loop over custom labels appending them to the selector -since it's very likely that it will break deployments, services, etc. -However, it's important to overwrite the standard labels if the user -overwrote them on metadata.labels fields. -*/}} -{{- define "common.labels.matchLabels" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_names.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_names.tpl deleted file mode 100644 index a222924..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_names.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "common.names.namespace" -}} -{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified app name adding the installation's namespace. -*/}} -{{- define "common.names.fullname.namespace" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_resources.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_resources.tpl deleted file mode 100644 index 030fa1a..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_resources.tpl +++ /dev/null @@ -1,50 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a resource request/limit object based on a given preset. -These presets are for basic testing and not meant to be used in production -{{ include "common.resources.preset" (dict "type" "nano") -}} -*/}} -{{- define "common.resources.preset" -}} -{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} -{{- $presets := dict - "nano" (dict - "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "1024Mi") - ) - "micro" (dict - "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "1024Mi") - ) - "small" (dict - "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "1024Mi") - ) - "medium" (dict - "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "1024Mi") - ) - "large" (dict - "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi") - ) - "xlarge" (dict - "requests" (dict "cpu" "1.5" "memory" "4096Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi") - ) - "2xlarge" (dict - "requests" (dict "cpu" "1.5" "memory" "4096Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi") - ) - }} -{{- if hasKey $presets .type -}} -{{- index $presets .type | toYaml -}} -{{- else -}} -{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} -{{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_secrets.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_secrets.tpl deleted file mode 100644 index 84dbe38..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,182 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. - - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. - - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted. - - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret. -The order in which this function returns a secret password: - 1. Already existing 'Secret' resource - (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 2. Password provided via the values.yaml - (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 3. Randomly generated secret password - (A new random secret password with the length specified in the 'length' parameter will be generated and returned) - -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} -{{- if $secretData }} - {{- if hasKey $secretData .key }} - {{- $password = index $secretData .key | b64dec }} - {{- else if not (eq .failOnNew false) }} - {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString }} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle }} - {{- else }} - {{- $password = randAlphaNum $passwordLength }} - {{- end }} -{{- end -}} -{{- if not .skipB64enc }} -{{- $password = $password | b64enc }} -{{- end -}} -{{- if .skipQuote -}} -{{- printf "%s" $password -}} -{{- else -}} -{{- printf "%s" $password | quote -}} -{{- end -}} -{{- end -}} - -{{/* -Reuses the value from an existing secret, otherwise sets its value to a default value. - -Usage: -{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - context - Context - Required - Parent context. - -*/}} -{{- define "common.secrets.lookup" -}} -{{- $value := "" -}} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} -{{- if and $secretData (hasKey $secretData .key) -}} - {{- $value = index $secretData .key -}} -{{- else if .defaultValue -}} - {{- $value = .defaultValue | toString | b64enc -}} -{{- end -}} -{{- if $value -}} -{{- printf "%s" $value -}} -{{- end -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_storage.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_storage.tpl deleted file mode 100644 index 16405a0..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_tplvalues.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index a8ed763..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template perhaps with scope if the scope is present. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} -*/}} -{{- define "common.tplvalues.render" -}} -{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} -{{- if contains "{{" (toJson .value) }} - {{- if .scope }} - {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} - {{- else }} - {{- tpl $value .context }} - {{- end }} -{{- else }} - {{- $value }} -{{- end }} -{{- end -}} - -{{/* -Merge a list of values that contains template after rendering them. -Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge -Usage: -{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} -*/}} -{{- define "common.tplvalues.merge" -}} -{{- $dst := dict -}} -{{- range .values -}} -{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} -{{- end -}} -{{ $dst | toYaml }} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_utils.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_utils.tpl deleted file mode 100644 index bfbddf0..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,77 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376). -Usage: -{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }} -*/}} -{{- define "common.utils.checksumTemplate" -}} -{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}} -{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_warnings.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_warnings.tpl deleted file mode 100644 index 0f763cd..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,82 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/tutorials/understand-rolling-tags-containers -{{- end }} -{{- end -}} - -{{/* -Warning about not setting the resource object in all deployments. -Usage: -{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }} -Example: -{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }} -The list in the example assumes that the following values exist: - - csiProvider.provider.resources - - server.resources - - volumePermissions.resources - - resources -*/}} -{{- define "common.warnings.resources" -}} -{{- $values := .context.Values -}} -{{- $printMessage := false -}} -{{ $affectedSections := list -}} -{{- range .sections -}} - {{- if eq . "" -}} - {{/* Case where the resources section is at the root (one main deployment in the chart) */}} - {{- if not (index $values "resources") -}} - {{- $affectedSections = append $affectedSections "resources" -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else -}} - {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}} - {{- $keys := split "." . -}} - {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}} - {{- $section := $values -}} - {{- range $keys -}} - {{- $section = index $section . -}} - {{- end -}} - {{- if not (index $section "resources") -}} - {{/* If the section has enabled=false or replicaCount=0, do not include it */}} - {{- if and (hasKey $section "enabled") -}} - {{- if index $section "enabled" -}} - {{/* enabled=true */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else if and (hasKey $section "replicaCount") -}} - {{/* We need a casting to int because number 0 is not treated as an int by default */}} - {{- if (gt (index $section "replicaCount" | int) 0) -}} - {{/* replicaCount > 0 */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else -}} - {{/* Default case, add it to the affected sections */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- if $printMessage }} - -WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs: -{{- range $affectedSections }} - - {{ . }} -{{- end }} -+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -{{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_cassandra.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_cassandra.tpl deleted file mode 100644 index eda9aad..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,77 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_mariadb.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_mariadb.tpl deleted file mode 100644 index 17d83a2..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_mongodb.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_mongodb.tpl deleted file mode 100644 index bbb445b..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,113 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_mysql.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_mysql.tpl deleted file mode 100644 index ca3953f..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_mysql.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MySQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mysql.passwords" -}} - {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mysql.values.enabled" . -}} - {{- $architecture := include "common.mysql.values.architecture" . -}} - {{- $authPrefix := include "common.mysql.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mysql. - -Usage: -{{ include "common.mysql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mysql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mysql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.key.auth" -}} - {{- if .subchart -}} - mysql.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_postgresql.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 8c9aa57..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,134 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_redis.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_redis.tpl deleted file mode 100644 index fc0d208..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,81 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis® required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_validations.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_validations.tpl deleted file mode 100644 index 31ceda8..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/values.yaml b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/values.yaml deleted file mode 100644 index 9abe0e1..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/charts/common/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# Copyright VMware, Inc. -# SPDX-License-Identifier: APACHE-2.0 - -## bitnami/common -## It is required by CI/CD tools and processes. -## @skip exampleValue -## -exampleValue: common-chart diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/NOTES.txt b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/NOTES.txt deleted file mode 100644 index 626d0da..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/NOTES.txt +++ /dev/null @@ -1,44 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -{{- if and (not .Values.auth.enabled) (contains .Values.service.type "LoadBalancer") }} -------------------------------------------------------------------------------- - WARNING - - By specifying "serviceType=LoadBalancer" and not specifying "auth.enabled=true" - you have most likely exposed the Memcached service externally without any - authentication mechanism. - - For security reasons, we strongly suggest that you switch to "ClusterIP" or - "NodePort". As alternative, you can also specify valid credentials using the - "auth.username" and "auth.password" parameters. - -------------------------------------------------------------------------------- -{{- end }} - -** Please be patient while the chart is being deployed ** - -Memcached can be accessed via port {{ .Values.service.ports.memcached }} on the following DNS name from within your cluster: - - {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - -{{- if eq .Values.architecture "high-availability" }} - -Please see https://github.com/memcached/memcached/wiki/ConfiguringClient to understand the Memcached model and need for client-based consistent hashing. -You might also want to consider more advanced routing/replication approaches with mcrouter: https://github.com/facebook/mcrouter/wiki/Replicated-pools-setup - -{{- end }} - -{{- if .Values.metrics.enabled }} - -To access the Memcached Prometheus metrics from outside the cluster execute the following commands: - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-metrics" (include "common.names.fullname" .) }} {{ .Values.metrics.service.ports.metrics }}:{{ .Values.metrics.service.ports.metrics }} & - curl http://127.0.0.1:{{ .Values.metrics.service.ports.metrics }}/metrics - -{{- end }} - -{{- include "memcached.validateValues" . }} -{{- include "memcached.checkRollingTags" . }} -{{- include "common.warnings.resources" (dict "sections" (list "metrics" "" "volumePermissions") "context" $) }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/_helpers.tpl b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/_helpers.tpl deleted file mode 100644 index 1614397..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/_helpers.tpl +++ /dev/null @@ -1,121 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Memcached image name -*/}} -{{- define "memcached.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "memcached.metrics.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} -{{- end -}} - - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "memcached.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "memcached.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* - Create the name of the service account to use - */}} -{{- define "memcached.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Check if there are rolling tags in the images -*/}} -{{- define "memcached.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "memcached.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "memcached.validateValues.architecture" .) -}} -{{- $messages := append $messages (include "memcached.validateValues.replicaCount" .) -}} -{{- $messages := append $messages (include "memcached.validateValues.auth" .) -}} -{{- $messages := append $messages (include "memcached.validateValues.readOnlyRootFilesystem" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Memcached - must provide a valid architecture */}} -{{- define "memcached.validateValues.architecture" -}} -{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "high-availability") -}} -memcached: architecture - Invalid architecture selected. Valid values are "standalone" and - "high-availability". Please set a valid architecture (--set architecture="xxxx") -{{- end -}} -{{- end -}} - -{{/* Validate values of Memcached - number of replicas */}} -{{- define "memcached.validateValues.replicaCount" -}} -{{- $replicaCount := int .Values.replicaCount }} -{{- if and (eq .Values.architecture "standalone") (gt $replicaCount 1) -}} -memcached: replicaCount - The standalone architecture doesn't allow to run more than 1 replica. - Please set a valid number of replicas (--set memcached.replicaCount=1) or - use the "high-availability" architecture (--set architecture="high-availability") -{{- end -}} -{{- end -}} - -{{/* Validate values of Memcached - authentication */}} -{{- define "memcached.validateValues.auth" -}} -{{- if and .Values.auth.enabled (empty .Values.auth.username) -}} -memcached: auth.username - Enabling authentication requires setting a valid admin username. - Please set a valid username (--set auth.username="xxxx") -{{- end -}} -{{- end -}} - -{{/* Validate values of Memcached - containerSecurityContext.readOnlyRootFilesystem */}} -{{- define "memcached.validateValues.readOnlyRootFilesystem" -}} -{{- if and .Values.containerSecurityContext.enabled .Values.containerSecurityContext.readOnlyRootFilesystem .Values.auth.enabled -}} -memcached: containerSecurityContext.readOnlyRootFilesystem - Enabling authentication is not compatible with using a read-only filesystem. - Please disable it (--set containerSecurityContext.readOnlyRootFilesystem=false) -{{- end -}} -{{- end -}} - -{{/* -Get the password secret. -*/}} -{{- define "memcached.secretPasswordName" -}} - {{- if .Values.auth.existingPasswordSecret -}} - {{- printf "%s" (tpl .Values.auth.existingPasswordSecret $) -}} - {{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} - {{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/deployment.yaml b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/deployment.yaml deleted file mode 100644 index 33ea05b..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/deployment.yaml +++ /dev/null @@ -1,221 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if eq .Values.architecture "standalone" }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - replicas: {{ .Values.replicaCount }} - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - annotations: - {{- if .Values.auth.enabled }} - checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "memcached.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - serviceAccountName: {{ template "memcached.serviceAccountName" . }} - {{- if .Values.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: memcached - image: {{ template "memcached.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: MEMCACHED_PORT_NUMBER - value: {{ .Values.containerPorts.memcached | quote }} - {{- if .Values.auth.enabled }} - - name: MEMCACHED_USERNAME - value: {{ .Values.auth.username | quote }} - - name: MEMCACHED_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "memcached.secretPasswordName" . }} - key: memcached-password - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - ports: - - name: memcache - containerPort: {{ .Values.containerPorts.memcached }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: memcache - {{- end }} - {{- if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: memcache - {{- end }} - {{- if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: memcache - {{- end }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- else if ne .Values.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /opt/bitnami/memcached/conf - subPath: app-conf-dir - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "memcached.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.metrics.containerPorts.metrics }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics - port: {{ .Values.metrics.containerPorts.metrics }} - {{- end }} - {{- if .Values.metrics.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics - port: {{ .Values.metrics.containerPorts.metrics }} - {{- end }} - {{- if .Values.metrics.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} - port: memcache - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- else if ne .Values.metrics.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.metrics.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/extra-list.yaml b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/extra-list.yaml deleted file mode 100644 index 2d35a58..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/extra-list.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/hpa.yaml b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/hpa.yaml deleted file mode 100644 index 16f1e3b..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/hpa.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.autoscaling.enabled (eq .Values.architecture "high-availability") }} -apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} - kind: StatefulSet - name: {{ template "common.names.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemory }} - {{- end }} - {{- end }} - {{- if .Values.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPU }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/metrics-svc.yaml b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/metrics-svc.yaml deleted file mode 100644 index f0db234..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/metrics-svc.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: metrics - {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} - {{- if .Values.metrics.service.clusterIP }} - clusterIP: {{ .Values.metrics.service.clusterIP }} - {{- end }} - ports: - - name: metrics - port: {{ .Values.metrics.service.ports.metrics }} - targetPort: metrics - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/networkpolicy.yaml b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/networkpolicy.yaml deleted file mode 100644 index 879c63f..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/networkpolicy.yaml +++ /dev/null @@ -1,74 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - policyTypes: - - Ingress - - Egress - {{- if .Values.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - # Allow connection to other cluster pods - - ports: - - port: {{ .Values.containerPorts.memcached }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - {{- if .Values.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.rts.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - - ports: - - port: {{ .Values.containerPorts.memcached }} - {{- if .Values.metrics.enabled }} - - port: {{ .Values.metrics.containerPorts.metrics }} - {{- end }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - {{- if .Values.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/pdb.yaml b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/pdb.yaml deleted file mode 100644 index f2d7bed..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/pdb.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.pdb.create (eq .Values.architecture "high-availability") }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.pdb.maxUnavailable }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/secrets.yaml b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/secrets.yaml deleted file mode 100644 index d989dab..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (.Values.auth.enabled) (not .Values.auth.existingPasswordSecret) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - memcached-password: {{ default (randAlphaNum 10) .Values.auth.password | b64enc | quote }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/service.yaml b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/service.yaml deleted file mode 100644 index d131219..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/service.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if .Values.service.sessionAffinity }} - sessionAffinity: {{ .Values.service.sessionAffinity }} - {{- end }} - {{- if .Values.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - ports: - - name: memcache - port: {{ .Values.service.ports.memcached }} - targetPort: memcache - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.memcached)) }} - nodePort: {{ .Values.service.nodePorts.memcached }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/serviceaccount.yaml b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/serviceaccount.yaml deleted file mode 100644 index c865d8e..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -metadata: - name: {{ template "memcached.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/servicemonitor.yaml b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/servicemonitor.yaml deleted file mode 100644 index cb0d197..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/servicemonitor.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: - {{- end }} -spec: - {{- if .Values.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} - app.kubernetes.io/component: metrics - endpoints: - - port: metrics - path: /metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/statefulset.yaml b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/statefulset.yaml deleted file mode 100644 index d5f3d54..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/templates/statefulset.yaml +++ /dev/null @@ -1,291 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if eq .Values.architecture "high-availability" }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - {{- if not (and .Values.autoscaling.enabled (eq .Values.architecture "high-availability")) }} - replicas: {{ .Values.replicaCount }} - {{- end }} - {{- if .Values.podManagementPolicy }} - podManagementPolicy: {{ .Values.podManagementPolicy | quote }} - {{- end }} - serviceName: {{ template "common.names.fullname" . }} - {{- if .Values.updateStrategy }} - updateStrategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - annotations: - {{- if .Values.auth.enabled }} - checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "memcached.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - serviceAccountName: {{ template "memcached.serviceAccountName" . }} - {{- if or .Values.persistence.enabled .Values.initContainers }} - initContainers: - {{- if and .Values.persistence.enabled .Values.volumePermissions.enabled }} - - name: volume-permissions - image: {{ include "memcached.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - mkdir -p /cache-state - touch /cache-state/memory_file - find /cache-state -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} - securityContext: - runAsUser: {{ .Values.volumePermissions.containerSecurityContext.runAsUser }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /cache-state - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- end }} - containers: - - name: memcached - image: {{ template "memcached.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- else if .Values.persistence.enabled }} - args: - - /run.sh - - --memory-file=/cache-state/memory_file - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: MEMCACHED_PORT_NUMBER - value: {{ .Values.containerPorts.memcached | quote }} - {{- if .Values.auth.enabled }} - - name: MEMCACHED_USERNAME - value: {{ .Values.auth.username | quote }} - - name: MEMCACHED_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "memcached.secretPasswordName" . }} - key: memcached-password - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - ports: - - name: memcache - containerPort: {{ .Values.containerPorts.memcached }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: memcache - {{- end }} - {{- if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: memcache - {{- end }} - {{- if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: memcache - {{- end }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- else if .Values.persistence.enabled }} - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -ec - - | - /usr/bin/pkill -10 memcached - sleep 60s - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- else if ne .Values.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.persistence.enabled }} - - name: data - mountPath: /cache-state - {{- end }} - - name: empty-dir - mountPath: /opt/bitnami/memcached/conf - subPath: app-conf-dir - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "memcached.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.metrics.containerPorts.metrics }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics - port: {{ .Values.metrics.containerPorts.metrics }} - {{- end }} - {{- if .Values.metrics.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics - port: {{ .Values.metrics.containerPorts.metrics }} - {{- end }} - {{- if .Values.metrics.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- else if ne .Values.metrics.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $ ) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: data - {{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.labels .Values.commonLabels ) "context" . ) }} - labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }} - {{- if or .Values.persistence.annotations .Values.commonAnnotations }} - {{- $claimAnnotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $claimAnnotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- if .Values.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/values.yaml b/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/values.yaml deleted file mode 100644 index 193ccb7..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/charts/memcached/values.yaml +++ /dev/null @@ -1,831 +0,0 @@ -# Copyright VMware, Inc. -# SPDX-License-Identifier: APACHE-2.0 - -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - ## Compatibility adaptations for Kubernetes platforms - ## - compatibility: - ## Compatibility adaptations for Openshift - ## - openshift: - ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) - ## - adaptSecurityContext: auto -## @section Common parameters - -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: "" -## @param clusterDomain Kubernetes Cluster Domain -## -clusterDomain: cluster.local -## @param extraDeploy Extra objects to deploy (evaluated as a template) -## -extraDeploy: [] -## @param commonLabels Add labels to all the deployed resources -## -commonLabels: {} -## @param commonAnnotations Add annotations to all the deployed resources -## -commonAnnotations: {} -## Enable diagnostic mode in the deployment/statefulset -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment/statefulset - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment/statefulset - ## - args: - - infinity -## @section Memcached parameters - -## Bitnami Memcached image version -## ref: https://hub.docker.com/r/bitnami/memcached/tags/ -## @param image.registry [default: REGISTRY_NAME] Memcached image registry -## @param image.repository [default: REPOSITORY_NAME/memcached] Memcached image repository -## @skip image.tag Memcached image tag (immutable tags are recommended) -## @param image.digest Memcached image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag -## @param image.pullPolicy Memcached image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug values should be set -## -image: - registry: docker.io - repository: bitnami/memcached - tag: 1.6.26-debian-12-r0 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false -## @param architecture Memcached architecture. Allowed values: standalone or high-availability -## -architecture: standalone -## Authentication parameters -## ref: https://github.com/bitnami/containers/tree/main/bitnami/memcached#creating-the-memcached-admin-user -## -auth: - ## @param auth.enabled Enable Memcached authentication - ## - enabled: false - ## @param auth.username Memcached admin user - ## - username: "" - ## @param auth.password Memcached admin password - ## - password: "" - ## @param auth.existingPasswordSecret Existing secret with Memcached credentials (must contain a value for `memcached-password` key) - ## - existingPasswordSecret: "" -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## e.g: -## args: -## - /run.sh -## - -m -## - -I -## - -vv -## -args: [] -## @param extraEnvVars Array with extra environment variables to add to Memcached nodes -## e.g: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] -## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Memcached nodes -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for Memcached nodes -## -extraEnvVarsSecret: "" -## @section Deployment/Statefulset parameters - -## @param replicaCount Number of Memcached nodes -## -replicaCount: 1 -## @param containerPorts.memcached Memcached container port -## -containerPorts: - memcached: 11211 -## Configure extra options for Memcached containers' liveness, readiness and startup probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe on Memcached containers -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## @param readinessProbe.enabled Enable readinessProbe on Memcached containers -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 6 - successThreshold: 1 -## @param startupProbe.enabled Enable startupProbe on Memcached containers -## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe -## @param startupProbe.periodSeconds Period seconds for startupProbe -## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe -## @param startupProbe.failureThreshold Failure threshold for startupProbe -## @param startupProbe.successThreshold Success threshold for startupProbe -## -startupProbe: - enabled: false - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 -## @param customLivenessProbe Custom livenessProbe that overrides the default one -## -customLivenessProbe: {} -## @param customReadinessProbe Custom readinessProbe that overrides the default one -## -customReadinessProbe: {} -## @param customStartupProbe Custom startupProbe that overrides the default one -## -customStartupProbe: {} -## @param lifecycleHooks for the Memcached container(s) to automate configuration before or after startup -## -lifecycleHooks: {} -## Memcached resource requests and limits -## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ -## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). -## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 -## -resourcesPreset: "nano" -## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) -## Example: -## resources: -## requests: -## cpu: 2 -## memory: 512Mi -## limits: -## cpu: 3 -## memory: 1024Mi -## -resources: {} -## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enabled Memcached pods' Security Context -## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy -## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface -## @param podSecurityContext.supplementalGroups Set filesystem extra groups -## @param podSecurityContext.fsGroup Set Memcached pod's Security Context fsGroup -## -podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 -## Configure Container Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled containers' Security Context -## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container -## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser -## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup -## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot -## @param containerSecurityContext.privileged Set container's Security Context privileged -## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem -## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation -## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped -## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile -## -containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" -## @param automountServiceAccountToken Mount Service Account token in pod -## -automountServiceAccountToken: false -## @param hostAliases Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param podLabels Extra labels for Memcached pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations Annotations for Memcached pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods -## -topologySpreadConstraints: [] -## @param podManagementPolicy StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: `OrderedReady` and `Parallel` -## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy -## -podManagementPolicy: Parallel -## @param priorityClassName Name of the existing priority class to be used by Memcached pods, priority class needs to be created beforehand -## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -priorityClassName: "" -## @param schedulerName Kubernetes pod scheduler registry -## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" -## @param terminationGracePeriodSeconds In seconds, time the given to the memcached pod needs to terminate gracefully -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## -terminationGracePeriodSeconds: "" -## @param updateStrategy.type Memcached statefulset strategy type -## @param updateStrategy.rollingUpdate Memcached statefulset rolling update configuration parameters -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -## -updateStrategy: - type: RollingUpdate - rollingUpdate: {} -## @param extraVolumes Optionally specify extra list of additional volumes for the Memcached pod(s) -## Example Use Case: mount certificates to enable TLS -## e.g: -## extraVolumes: -## - name: zookeeper-keystore -## secret: -## defaultMode: 288 -## secretName: zookeeper-keystore -## - name: zookeeper-truststore -## secret: -## defaultMode: 288 -## secretName: zookeeper-truststore -## -extraVolumes: [] -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Memcached container(s) -## Example Use Case: mount certificates to enable TLS -## e.g: -## extraVolumeMounts: -## - name: zookeeper-keystore -## mountPath: /certs/keystore -## readOnly: true -## - name: zookeeper-truststore -## mountPath: /certs/truststore -## readOnly: true -## -extraVolumeMounts: [] -## @param sidecars Add additional sidecar containers to the Memcached pod(s) -## e.g: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] -## @param initContainers Add additional init containers to the Memcached pod(s) -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## Memcached Autoscaling -## @param autoscaling.enabled Enable memcached statefulset autoscaling (requires architecture: "high-availability") -## @param autoscaling.minReplicas memcached statefulset autoscaling minimum number of replicas -## @param autoscaling.maxReplicas memcached statefulset autoscaling maximum number of replicas -## @param autoscaling.targetCPU memcached statefulset autoscaling target CPU percentage -## @param autoscaling.targetMemory memcached statefulset autoscaling target CPU memory -## -autoscaling: - enabled: false - minReplicas: 3 - maxReplicas: 6 - targetCPU: 50 - targetMemory: 50 -## Memcached Pod Disruption Budget -## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ -## @param pdb.create Deploy a pdb object for the Memcached pod -## @param pdb.minAvailable Minimum available Memcached replicas -## @param pdb.maxUnavailable Maximum unavailable Memcached replicas -## -pdb: - create: false - minAvailable: "" - maxUnavailable: 1 -## @section Traffic Exposure parameters -service: - ## @param service.type Kubernetes Service type - ## - type: ClusterIP - ## @param service.ports.memcached Memcached service port - ## - ports: - memcached: 11211 - ## Node ports to expose - ## NOTE: choose port between <30000-32767> - ## @param service.nodePorts.memcached Node port for Memcached - ## - nodePorts: - memcached: "" - ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ - ## - sessionAffinity: "" - ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param service.clusterIP Memcached service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.loadBalancerIP Memcached service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges Memcached service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy Memcached service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for Memcached service - ## - annotations: {} - ## @param service.extraPorts Extra ports to expose in the Memcached service (normally used with the `sidecar` value) - ## - extraPorts: [] -## Network Policy configuration -## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -## -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources - ## - enabled: true - ## @param networkPolicy.allowExternal The Policy model to apply - ## When set to false, only pods with the correct client label will have network access to the ports Memcached is - ## listening on. When true, Memcached will accept connections from any source (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraIngress: [] - ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## @section Other Parameters - -## Service account for Memcached to use. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## @param serviceAccount.create Enable creation of ServiceAccount for Memcached pod - ## - create: true - ## @param serviceAccount.name The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the common.names.fullname template - ## - name: "" - ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created - ## Can be set to false if pods using this serviceAccount do not need to use K8s API - ## - automountServiceAccountToken: false - ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount - ## - annotations: {} -## @section Persistence parameters - -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable Memcached data persistence using PVC. If false, use emptyDir - ## - enabled: false - ## @param persistence.storageClass PVC Storage Class for Memcached data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.accessModes PVC Access modes - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size PVC Storage Request for Memcached data volume - ## - size: 8Gi - ## @param persistence.annotations Annotations for the PVC - ## - annotations: {} - ## @param persistence.labels Labels for the PVC - ## - labels: {} - ## @param persistence.selector Selector to match an existing Persistent Volume for Memcached's data PVC - ## If set, the PVC can't have a PV dynamically provisioned for it - ## E.g. - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} -## @section Volume Permissions parameters -## - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume - ## - enabled: false - ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry - ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository - ## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets - ## - image: - registry: docker.io - repository: bitnami/os-shell - tag: 12-debian-12-r17 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init container resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Init container' Security Context - ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser - ## and not the below volumePermissions.containerSecurityContext.runAsUser - ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container - ## - containerSecurityContext: - seLinuxOptions: {} - runAsUser: 0 -## Prometheus Exporter / Metrics -## -metrics: - ## @param metrics.enabled Start a side-car prometheus exporter - ## - enabled: false - ## Bitnami Memcached Prometheus Exporter image - ## ref: https://hub.docker.com/r/bitnami/memcached-exporter/tags/ - ## @param metrics.image.registry [default: REGISTRY_NAME] Memcached exporter image registry - ## @param metrics.image.repository [default: REPOSITORY_NAME/memcached-exporter] Memcached exporter image repository - ## @skip metrics.image.tag Memcached exporter image tag (immutable tags are recommended) - ## @param metrics.image.digest Memcached exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param metrics.image.pullPolicy Image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/memcached-exporter - tag: 0.14.3-debian-12-r0 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.containerPorts.metrics Memcached Prometheus Exporter container port - ## - containerPorts: - metrics: 9150 - ## Memcached Prometheus exporter container resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Metrics Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context - ## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param metrics.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged - ## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## Configure extra options for Memcached Prometheus exporter containers' liveness, readiness and startup probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes - ## @param metrics.livenessProbe.enabled Enable livenessProbe on Memcached Prometheus exporter containers - ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - ## @param metrics.readinessProbe.enabled Enable readinessProbe on Memcached Prometheus exporter containers - ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 3 - failureThreshold: 3 - successThreshold: 1 - ## @param metrics.startupProbe.enabled Enable startupProbe on Memcached Prometheus exporter containers - ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe - ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - ## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param metrics.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param metrics.podAnnotations [object] Memcached Prometheus exporter pod Annotation and Labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.metrics.containerPorts.metrics }}" - ## Service configuration - ## - service: - ## @param metrics.service.ports.metrics Prometheus metrics service port - ## - ports: - metrics: 9150 - ## @param metrics.service.clusterIP Static clusterIP or None for headless services - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address - ## - clusterIP: "" - ## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ - ## - sessionAffinity: None - ## @param metrics.service.annotations [object] Annotations for the Prometheus metrics service - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) - ## - namespace: "" - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - interval: "" - ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus - ## - labels: {} - ## @param metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration - ## - selector: {} - ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping - ## - relabelings: [] - ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion - ## - metricRelabelings: [] - ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. - ## - jobLabel: "" diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/NOTES.txt b/charts/nopo11y-stack/charts/grafana-loki/templates/NOTES.txt deleted file mode 100644 index 7eea1aa..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/NOTES.txt +++ /dev/null @@ -1,105 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -** Please be patient while the chart is being deployed ** - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash - -In order to replicate the container startup execute this command: - - loki -config.file=/bitnami/grafana-loki/conf/loki.yaml - -{{- else }} - -Installed components: - - * ingester - * distributor - * querier - * query-frontend - {{- if .Values.promtail.enabled }} - * promtail - {{- end }} - {{- if .Values.compactor.enabled }} - * compactor - {{- end }} - {{- if .Values.indexGateway.enabled }} - * index-gateway - {{- end }} - {{- if .Values.gateway.enabled }} - * gateway - {{- end }} - {{- if .Values.ruler.enabled }} - * ruler - {{- end }} - {{- if .Values.tableManager.enabled }} - * table-manager - {{- end }} - -{{- if .Values.gateway.enabled }} -{{- if .Values.gateway.ingress.enabled }} - -1. Get the gateway URL and associate the gateway hostname to your cluster external IP: - - export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters - echo "Gateway URL: http{{ if .Values.gateway.ingress.tls }}s{{ end }}://{{ .Values.gateway.ingress.hostname }}/" - echo "$CLUSTER_IP {{ .Values.gateway.ingress.hostname }}" | sudo tee -a /etc/hosts -{{- else }} - -1. Get the gateway URL by running these commands: - -{{- if contains "NodePort" .Values.gateway.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana-loki.gateway.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.gateway.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ template "common.names.fullname" . }} - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.gateway.service.ports.http }} -{{- else if contains "ClusterIP" .Values.gateway.service.type }} - echo "The Gateway is available at http://127.0.0.1:{{ .Values.gateway.service.ports.http }}" - kubectl port-forward svc/{{ template "grafana-loki.gateway.fullname" . }} {{ .Values.gateway.service.ports.http }}:{{ .Values.gateway.service.ports.http }} & -{{- end }} -{{- end }} -{{- if .Values.gateway.auth.enabled }} -2. Login with the following credentials below to see your blog: - - echo Username: {{ .Values.gateway.auth.username }} - echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "grafana-loki.gateway.secretName" . }} -o jsonpath="{.data.password}" | base64 -d) -{{- end }} -{{- else }} -1. Get the query-frontend URL by running these commands: - -{{- if contains "NodePort" .Values.queryFrontend.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana-loki.query-frontend.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.queryFrontend.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ template "common.names.fullname" . }} - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.queryFrontend.service.ports.http }} -{{- else if contains "ClusterIP" .Values.queryFrontend.service.type }} - echo "The Query Frontend is available at http://127.0.0.1:{{ .Values.queryFrontend.service.ports.http }}" - kubectl port-forward svc/{{ template "grafana-loki.query-frontend.fullname" . }} {{ .Values.queryFrontend.service.ports.http }}:{{ .Values.queryFrontend.service.ports.http }} & -{{- end }} -{{- end }} -{{- end }} - -{{- include "grafana-loki.checkRollingTags" . }} -{{- include "grafana-loki.validateValues" . }} -{{- include "common.warnings.resources" (dict "sections" (list "compactor" "distributor" "gateway" "indexGateway" "ingester" "promtail" "querier" "queryFrontend" "queryScheduler" "ruler" "tableManager" "volumePermissions") "context" $) }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/_helpers.tpl b/charts/nopo11y-stack/charts/grafana-loki/templates/_helpers.tpl deleted file mode 100644 index 63b285c..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/_helpers.tpl +++ /dev/null @@ -1,348 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* -Return the proper Grafana Loki image name -*/}} -{{- define "grafana-loki.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.loki.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Grafana Loki compactor fullname -*/}} -{{- define "grafana-loki.compactor.fullname" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) "compactor" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper Grafana Loki distributor fullname -*/}} -{{- define "grafana-loki.distributor.fullname" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) "distributor" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper Grafana Loki gateway fullname -*/}} -{{- define "grafana-loki.gateway.fullname" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) "gateway" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper Grafana Loki index-gateway fullname -*/}} -{{- define "grafana-loki.index-gateway.fullname" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) "index-gateway" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper Grafana Loki ingester fullname -*/}} -{{- define "grafana-loki.ingester.fullname" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) "ingester" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper Grafana Loki querier fullname -*/}} -{{- define "grafana-loki.querier.fullname" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) "querier" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper Grafana Loki query-frontend fullname -*/}} -{{- define "grafana-loki.query-frontend.fullname" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) "query-frontend" | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{/* -Return the proper Grafana Loki query-scheduler fullname -*/}} -{{- define "grafana-loki.query-scheduler.fullname" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) "query-scheduler" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper Grafana Loki ruler fullname -*/}} -{{- define "grafana-loki.ruler.fullname" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) "ruler" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper Grafana Loki table-manager fullname -*/}} -{{- define "grafana-loki.table-manager.fullname" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) "table-manager" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper Grafana Loki gossip-ring fullname -*/}} -{{- define "grafana-loki.gossip-ring.fullname" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) "gossip-ring" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper Grafana Loki promtail fullname -*/}} -{{- define "grafana-loki.promtail.fullname" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) "promtail" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper Grafana Loki image name -*/}} -{{- define "grafana-loki.promtail.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.promtail.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Grafana Loki image name -*/}} -{{- define "grafana-loki.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Grafana Loki image name -*/}} -{{- define "grafana-loki.gateway.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.gateway.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "grafana-loki.imagePullSecrets" -}} -{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.loki.image .Values.gateway.image .Values.promtail.image .Values.volumePermissions.image) "context" $) -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "grafana-loki.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Get the Loki configuration configmap. -*/}} -{{- define "grafana-loki.loki.configmapName" -}} -{{- if .Values.loki.existingConfigmap -}} - {{- .Values.loki.existingConfigmap -}} -{{- else }} - {{- printf "%s" (include "common.names.fullname" . ) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the promtail configuration configmap. -*/}} -{{- define "grafana-loki.promtail.secretName" -}} -{{- if .Values.promtail.existingSecret -}} - {{- .Values.promtail.existingSecret -}} -{{- else }} - {{- include "grafana-loki.promtail.fullname" . -}} -{{- end -}} -{{- end -}} - -{{/* -Get the promtail configuration configmap. -*/}} -{{- define "grafana-loki.gateway.secretName" -}} -{{- if .Values.gateway.auth.existingSecret -}} - {{- .Values.gateway.auth.existingSecret -}} -{{- else }} - {{- include "grafana-loki.gateway.fullname" . -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "grafana-loki.promtail.serviceAccountName" -}} -{{- if .Values.promtail.serviceAccount.create -}} - {{ default (printf "%s" (include "grafana-loki.promtail.fullname" .)) .Values.promtail.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.promtail.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified memcached (chunks) name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "grafana-loki.memcached-chunks.fullname" -}} -{{- $name := default "memcachedchunks" .Values.memcachedchunks.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified memcached (chunks) name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "grafana-loki.memcached-chunks.host" -}} -{{- $port := "" -}} -{{- if .Values.externalMemcachedChunks.host -}} - {{- $servicePortString := printf "%v" .Values.externalMemcachedChunks.port -}} - {{- $port = printf ":%s" $servicePortString -}} - {{- printf "%s%s" .Values.externalMemcachedChunks.host $port }} -{{- else -}} - {{- $servicePortString := printf "%v" .Values.memcachedchunks.service.ports.memcached -}} - {{- $port = printf ":%s" $servicePortString -}} - {{- printf "%s%s" (include "grafana-loki.memcached-chunks.fullname" .) $port }} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified memcached (index-queries) name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "grafana-loki.memcached-index-queries.fullname" -}} -{{- $name := default "memcachedindexqueries" .Values.memcachedindexqueries.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified memcached (index-queries) name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "grafana-loki.memcached-index-queries.host" -}} -{{- $port := "" -}} -{{- if .Values.externalMemcachedIndexQueries.host -}} - {{- $servicePortString := printf "%v" .Values.externalMemcachedIndexQueries.port -}} - {{- $port = printf ":%s" $servicePortString -}} - {{- printf "%s%s" .Values.externalMemcachedIndexQueries.host $port }} -{{- else -}} - {{- $servicePortString := printf "%v" .Values.memcachedindexqueries.service.ports.memcached -}} - {{- $port = printf ":%s" $servicePortString -}} - {{- printf "%s%s" (include "grafana-loki.memcached-index-queries.fullname" .) $port }} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified memcached (frontend) name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "grafana-loki.memcached-frontend.fullname" -}} -{{- $name := default "memcachedfrontend" .Values.memcachedfrontend.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified memcached (frontend) name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "grafana-loki.memcached-frontend.host" -}} -{{- $port := "" -}} -{{- if .Values.externalMemcachedFrontend.host -}} - {{- $servicePortString := printf "%v" .Values.externalMemcachedFrontend.port -}} - {{- $port = printf ":%s" $servicePortString -}} - {{- printf "%s%s" .Values.externalMemcachedFrontend.host $port }} -{{- else -}} - {{- $servicePortString := printf "%v" .Values.memcachedfrontend.service.ports.memcached -}} - {{- $port = printf ":%s" $servicePortString -}} - {{- printf "%s%s" (include "grafana-loki.memcached-frontend.fullname" .) $port }} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified memcached (index-writes) name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "grafana-loki.memcached-index-writes.fullname" -}} -{{- $name := default "memcachedindexwrites" .Values.memcachedindexwrites.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified memcached (index-writes) name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "grafana-loki.memcached-index-writes.host" -}} -{{- $port := "" -}} -{{- if .Values.externalMemcachedIndexWrites.host -}} - {{- $servicePortString := printf "%v" .Values.externalMemcachedIndexWrites.port -}} - {{- $port = printf ":%s" $servicePortString -}} - {{- printf "%s%s" .Values.externalMemcachedIndexWrites.host $port }} -{{- else -}} - {{- $servicePortString := printf "%v" .Values.memcachedindexwrites.service.ports.memcached -}} - {{- $port = printf ":%s" $servicePortString -}} - {{- printf "%s%s" (include "grafana-loki.memcached-index-writes.fullname" .) $port }} -{{- end -}} -{{- end -}} - -{{/* -Check if there are rolling tags in the images -*/}} -{{- define "grafana-loki.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.loki.image }} -{{- include "common.warnings.rollingTag" .Values.promtail.image }} -{{- include "common.warnings.rollingTag" .Values.gateway.image }} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "grafana-loki.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "grafana-loki.validateValues.memcachedChunks" .) -}} -{{- $messages := append $messages (include "grafana-loki.validateValues.memcachedIndexWrites" .) -}} -{{- $messages := append $messages (include "grafana-loki.validateValues.memcachedIndexQueries" .) -}} -{{- $messages := append $messages (include "grafana-loki.validateValues.memcachedFrontend" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Grafana Loki - Memcached (Chunks) */}} -{{- define "grafana-loki.validateValues.memcachedChunks" -}} -{{- if and .Values.memcachedchunks.enabled .Values.externalMemcachedChunks.host -}} -grafana-loki: Memcached Chunks - You can only use one chunk cache. - Please choose installing a Memcached chart (--set memcachedChunks.enabled=true) or - using an external database (--set externalMemcachedChunks.host) -{{- end -}} -{{- end -}} - -{{/* Validate values of Grafana Loki - Memcached (IndexWrites) */}} -{{- define "grafana-loki.validateValues.memcachedIndexWrites" -}} -{{- if and .Values.memcachedindexwrites.enabled .Values.externalMemcachedIndexWrites.host -}} -grafana-loki: Memcached Index Writes - You can only use one index-write cache. - Please choose installing a Memcached chart (--set memcachedIndexWrites.enabled=true) or - using an external database (--set externalMemcachedIndexWrites.host) -{{- end -}} -{{- end -}} - -{{/* Validate values of Grafana Loki - Memcached (IndexQueries) */}} -{{- define "grafana-loki.validateValues.memcachedIndexQueries" -}} -{{- if and .Values.memcachedindexqueries.enabled .Values.externalMemcachedIndexQueries.host -}} -grafana-loki: Memcached Index Queries - You can only use one chunk cache. - Please choose installing a Memcached chart (--set memcachedIndexQueries.enabled=true) or - using an external database (--set externalMemcachedIndexQueries.host) -{{- end -}} -{{- end -}} - -{{/* Validate values of Grafana Loki - Memcached (Frontend) */}} -{{- define "grafana-loki.validateValues.memcachedFrontend" -}} -{{- if and .Values.memcachedfrontend.enabled .Values.externalMemcachedFrontend.host -}} -grafana-loki: Memcached Frontend - You can only use one frontend cache. - Please choose installing a Memcached chart (--set memcachedFrontend.enabled=true) or - using an external database (--set externalMemcachedFrontend.host) -{{- end -}} -{{- end -}} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/compactor/deployment.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/compactor/deployment.yaml deleted file mode 100644 index 086d407..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/compactor/deployment.yaml +++ /dev/null @@ -1,189 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.compactor.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "grafana-loki.compactor.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: compactor - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.compactor.replicaCount }} - {{- if .Values.compactor.updateStrategy }} - strategy: {{- toYaml .Values.compactor.updateStrategy | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: compactor - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/loki-configmap.yaml") . | sha256sum }} - {{- if .Values.compactor.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.compactor.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: compactor - loki-gossip-member: "true" - spec: - serviceAccountName: {{ template "grafana-loki.serviceAccountName" . }} - {{- include "grafana-loki.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.compactor.automountServiceAccountToken }} - {{- if .Values.compactor.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.compactor.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.compactor.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.compactor.podAffinityPreset "component" "compactor" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.compactor.podAntiAffinityPreset "component" "compactor" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.compactor.nodeAffinityPreset.type "key" .Values.compactor.nodeAffinityPreset.key "values" .Values.compactor.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.compactor.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.compactor.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.compactor.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.compactor.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.compactor.priorityClassName }} - priorityClassName: {{ .Values.compactor.priorityClassName | quote }} - {{- end }} - {{- if .Values.compactor.schedulerName }} - schedulerName: {{ .Values.compactor.schedulerName }} - {{- end }} - {{- if .Values.compactor.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.compactor.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.compactor.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.compactor.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: grafana-loki-compactor - image: {{ template "grafana-loki.image" . }} - imagePullPolicy: {{ .Values.loki.image.pullPolicy }} - {{- if .Values.compactor.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.compactor.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.compactor.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.compactor.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.args "context" $) | nindent 12 }} - {{- else }} - args: - - -target=compactor - - -config.file={{ .Values.loki.dataDir }}/conf/loki.yaml - - -compactor.working-directory={{ .Values.loki.dataDir }}/loki/compactor - {{- if .Values.compactor.extraArgs }} - {{- include "common.tplvalues.render" (dict "value" .Values.compactor.extraArgs "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.compactor.extraEnvVars }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.compactor.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.compactor.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.compactor.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.compactor.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - containerPort: {{ .Values.loki.containerPorts.http }} - name: http - - containerPort: {{ .Values.loki.containerPorts.gossipRing }} - name: http-memberlist - - containerPort: {{ .Values.loki.containerPorts.grpc }} - name: grpc - {{- if .Values.compactor.resources }} - resources: {{- toYaml .Values.compactor.resources | nindent 12 }} - {{- else if ne .Values.compactor.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.compactor.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.compactor.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.compactor.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.compactor.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /ready - port: http - {{- end }} - {{- if .Values.compactor.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.compactor.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.compactor.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /ready - port: http - {{- end }} - {{- if .Values.compactor.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.compactor.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.compactor.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- end }} - {{- if .Values.compactor.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: empty-dir - mountPath: /bitnami/grafana-loki/chunks - subPath: app-chunks-dir - - name: loki-config - mountPath: {{ .Values.loki.dataDir }}/conf/loki.yaml - subPath: loki.yaml - - name: data - mountPath: {{ .Values.loki.dataDir }}/loki/compactor - {{- if .Values.compactor.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.compactor.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.compactor.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.compactor.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: data - {{- if .Values.compactor.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.compactor.persistence.existingClaim | default (include "grafana-loki.compactor.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end }} - - name: loki-config - configMap: - name: {{ template "grafana-loki.loki.configmapName" . }} - {{- if .Values.compactor.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.compactor.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/compactor/networkpolicy.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/compactor/networkpolicy.yaml deleted file mode 100644 index a8322a8..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/compactor/networkpolicy.yaml +++ /dev/null @@ -1,146 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.compactor.enabled .Values.compactor.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "grafana-loki.compactor.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: compactor - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: compactor - policyTypes: - - Ingress - - Egress - {{- if .Values.compactor.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - # Allow outbound connections to loki cluster - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - # Allow outbound connections to gateway - - ports: - - port: {{ .Values.gateway.containerPorts.http }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: grafana-loki - # Allow outbound connections to gateway - - ports: - - port: {{ .Values.gateway.containerPorts.http }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - # Allow outbound connections to Memcached Chunks - - ports: - {{- if .Values.memcachedchunks.enabled }} - - port: {{ .Values.memcachedchunks.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedchunks - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedChunks.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexqueries.enabled }} - - port: {{ .Values.memcachedindexqueries.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexqueries - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexQueries.port }} - {{- end }} - # Allow outbound connections to Memcached Frontend - - ports: - {{- if .Values.memcachedfrontend.enabled }} - - port: {{ .Values.memcachedfrontend.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedfrontend - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedFrontend.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexwrites.enabled }} - - port: {{ .Values.memcachedindexwrites.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexwrites - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexWrites.port }} - {{- end }} - {{- if .Values.compactor.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.compactor.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - {{- if not .Values.compactor.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - - podSelector: - matchLabels: - {{ template "grafana-loki.compactor.fullname" . }}-compactor: "true" - {{- if .Values.compactor.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.compactor.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.compactor.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.compactor.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.compactor.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.compactor.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/compactor/pvc.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/compactor/pvc.yaml deleted file mode 100644 index c8853e5..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/compactor/pvc.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.compactor.enabled .Values.compactor.persistence.enabled (not .Values.compactor.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "grafana-loki.compactor.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - {{- if or .Values.compactor.persistence.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.persistence.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - accessModes: - {{- range .Values.compactor.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.compactor.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.compactor.persistence "global" .Values.global) | nindent 2 }} - {{- if .Values.compactor.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.persistence.dataSource "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.compactor.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.persistence.selector "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/compactor/service.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/compactor/service.yaml deleted file mode 100644 index 8af4519..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/compactor/service.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.compactor.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana-loki.compactor.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: compactor - {{- if or .Values.commonAnnotations .Values.compactor.service.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.compactor.service.type }} - {{- if .Values.compactor.service.sessionAffinity }} - sessionAffinity: {{ .Values.compactor.service.sessionAffinity }} - {{- end }} - {{- if .Values.compactor.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.compactor.service.clusterIP }} - clusterIP: {{ .Values.compactor.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.compactor.service.type "LoadBalancer") (eq .Values.compactor.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.compactor.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.compactor.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.compactor.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.compactor.service.type "LoadBalancer") (not (empty .Values.compactor.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.compactor.service.loadBalancerIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.compactor.service.ports.http }} - targetPort: http - protocol: TCP - {{- if (and (or (eq .Values.compactor.service.type "NodePort") (eq .Values.compactor.service.type "LoadBalancer")) (not (empty .Values.compactor.service.nodePorts.http))) }} - nodePort: {{ .Values.compactor.service.nodePorts.http }} - {{- else if eq .Values.compactor.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: grpc - port: {{ .Values.compactor.service.ports.grpc }} - targetPort: grpc - protocol: TCP - {{- if (and (or (eq .Values.compactor.service.type "NodePort") (eq .Values.compactor.service.type "LoadBalancer")) (not (empty .Values.compactor.service.nodePorts.grpc))) }} - nodePort: {{ .Values.compactor.service.nodePorts.grpc }} - {{- else if eq .Values.compactor.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.compactor.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.compactor.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: compactor -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/compactor/servicemonitor.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/compactor/servicemonitor.yaml deleted file mode 100644 index 1ddba6d..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/compactor/servicemonitor.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.compactor.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "grafana-loki.compactor.fullname" . }} - namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: compactor - {{- if or .Values.commonAnnotations .Values.metrics.serviceMonitor.annotations }} - {{- $annotations := merge.Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: compactor - endpoints: - - port: http - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace | quote }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/distributor/deployment.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/distributor/deployment.yaml deleted file mode 100644 index 3ea4bac..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/distributor/deployment.yaml +++ /dev/null @@ -1,176 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "grafana-loki.distributor.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: distributor - loki-gossip-member: "true" - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.distributor.replicaCount }} - {{- if .Values.distributor.updateStrategy }} - strategy: {{- toYaml .Values.distributor.updateStrategy | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.distributor.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: distributor - loki-gossip-member: "true" - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/loki-configmap.yaml") . | sha256sum }} - {{- if .Values.distributor.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.distributor.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: distributor - loki-gossip-member: "true" - spec: - serviceAccountName: {{ template "grafana-loki.serviceAccountName" . }} - {{- include "grafana-loki.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.distributor.automountServiceAccountToken }} - {{- if .Values.distributor.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.distributor.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.distributor.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.distributor.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.distributor.podAffinityPreset "component" "distributor" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.distributor.podAntiAffinityPreset "component" "distributor" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.distributor.nodeAffinityPreset.type "key" .Values.distributor.nodeAffinityPreset.key "values" .Values.distributor.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.distributor.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.distributor.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.distributor.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.distributor.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.distributor.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.distributor.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.distributor.priorityClassName }} - priorityClassName: {{ .Values.distributor.priorityClassName | quote }} - {{- end }} - {{- if .Values.distributor.schedulerName }} - schedulerName: {{ .Values.distributor.schedulerName }} - {{- end }} - {{- if .Values.distributor.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.distributor.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.distributor.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.distributor.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: grafana-loki-distributor - image: {{ template "grafana-loki.image" . }} - imagePullPolicy: {{ .Values.loki.image.pullPolicy }} - {{- if .Values.distributor.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.distributor.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.distributor.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.distributor.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.distributor.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.distributor.args "context" $) | nindent 12 }} - {{- else }} - args: - - -target=distributor - - -config.file={{ .Values.loki.dataDir }}/conf/loki.yaml - {{- if .Values.distributor.extraArgs }} - {{- include "common.tplvalues.render" (dict "value" .Values.distributor.extraArgs "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.distributor.extraEnvVars }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.distributor.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.distributor.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.distributor.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.distributor.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.distributor.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - containerPort: {{ .Values.loki.containerPorts.http }} - name: http - - containerPort: {{ .Values.loki.containerPorts.gossipRing }} - name: http-memberlist - - containerPort: {{ .Values.loki.containerPorts.grpc }} - name: grpc - {{- if .Values.distributor.resources }} - resources: {{- toYaml .Values.distributor.resources | nindent 12 }} - {{- else if ne .Values.distributor.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.distributor.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.distributor.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.distributor.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.distributor.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.distributor.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /ready - port: http - {{- end }} - {{- if .Values.distributor.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.distributor.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.distributor.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.distributor.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /ready - port: http - {{- end }} - {{- if .Values.distributor.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.distributor.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.distributor.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.distributor.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- end }} - {{- if .Values.distributor.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.distributor.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: loki-config - mountPath: {{ .Values.loki.dataDir }}/conf/loki.yaml - subPath: loki.yaml - {{- if .Values.distributor.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.distributor.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.distributor.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.distributor.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: loki-config - configMap: - name: {{ template "grafana-loki.loki.configmapName" . }} - {{- if .Values.distributor.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.distributor.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/distributor/networkpolicy.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/distributor/networkpolicy.yaml deleted file mode 100644 index 736da72..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/distributor/networkpolicy.yaml +++ /dev/null @@ -1,138 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.distributor.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "grafana-loki.distributor.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: distributor - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.distributor.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: distributor - policyTypes: - - Ingress - - Egress - {{- if .Values.distributor.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - # Allow outbound connections to loki cluster - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - # Allow outbound connections to gateway - - ports: - - port: {{ .Values.gateway.containerPorts.http }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - # Allow outbound connections to Memcached Chunks - - ports: - {{- if .Values.memcachedchunks.enabled }} - - port: {{ .Values.memcachedchunks.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedchunks - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedChunks.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexqueries.enabled }} - - port: {{ .Values.memcachedindexqueries.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexqueries - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexQueries.port }} - {{- end }} - # Allow outbound connections to Memcached Frontend - - ports: - {{- if .Values.memcachedfrontend.enabled }} - - port: {{ .Values.memcachedfrontend.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedfrontend - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedFrontend.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexwrites.enabled }} - - port: {{ .Values.memcachedindexwrites.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexwrites - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexWrites.port }} - {{- end }} - {{- if .Values.distributor.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.distributor.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - {{- if not .Values.distributor.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - - podSelector: - matchLabels: - {{ template "grafana-loki.distributor.fullname" . }}-distributor: "true" - {{- if .Values.distributor.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.distributor.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.distributor.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.distributor.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.distributor.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.distributor.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/distributor/service.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/distributor/service.yaml deleted file mode 100644 index 2603ff7..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/distributor/service.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana-loki.distributor.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: distributor - {{- if or .Values.commonAnnotations .Values.distributor.service.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.distributor.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.distributor.service.type }} - {{- if .Values.distributor.service.sessionAffinity }} - sessionAffinity: {{ .Values.distributor.service.sessionAffinity }} - {{- end }} - {{- if .Values.distributor.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.distributor.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.distributor.service.clusterIP }} - clusterIP: {{ .Values.distributor.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.distributor.service.type "LoadBalancer") (eq .Values.distributor.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.distributor.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.distributor.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.distributor.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.distributor.service.type "LoadBalancer") (not (empty .Values.distributor.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.distributor.service.loadBalancerIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.distributor.service.ports.http }} - targetPort: http - protocol: TCP - {{- if (and (or (eq .Values.distributor.service.type "NodePort") (eq .Values.distributor.service.type "LoadBalancer")) (not (empty .Values.distributor.service.nodePorts.http))) }} - nodePort: {{ .Values.distributor.service.nodePorts.http }} - {{- else if eq .Values.distributor.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: grpc - port: {{ .Values.distributor.service.ports.grpc }} - protocol: TCP - targetPort: grpc - {{- if (and (or (eq .Values.distributor.service.type "NodePort") (eq .Values.distributor.service.type "LoadBalancer")) (not (empty .Values.distributor.service.nodePorts.grpc))) }} - nodePort: {{ .Values.distributor.service.nodePorts.grpc }} - {{- else if eq .Values.distributor.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.distributor.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.distributor.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.distributor.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: distributor diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/distributor/servicemonitor.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/distributor/servicemonitor.yaml deleted file mode 100644 index e3c1c5b..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/distributor/servicemonitor.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "grafana-loki.distributor.fullname" . }} - namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: distributor - {{- if or .Values.commonAnnotations .Values.metrics.serviceMonitor.annotations }} - {{- $annotations := merge.Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: distributor - endpoints: - - port: http - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace | quote }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/extra-list.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/extra-list.yaml deleted file mode 100644 index 2d35a58..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/extra-list.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/configmap-http.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/configmap-http.yaml deleted file mode 100644 index cc7294f..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/configmap-http.yaml +++ /dev/null @@ -1,113 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.gateway.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "grafana-loki.gateway.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.gateway.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - nginx.conf: |+ - worker_processes 5; ## Default: 1 - error_log /dev/stderr; - pid /tmp/nginx.pid; - worker_rlimit_nofile 8192; - - events { - worker_connections 4096; ## Default: 1024 - } - - http { - client_body_temp_path /tmp/client_temp; - proxy_temp_path /tmp/proxy_temp_path; - fastcgi_temp_path /tmp/fastcgi_temp; - uwsgi_temp_path /tmp/uwsgi_temp; - scgi_temp_path /tmp/scgi_temp; - - default_type application/octet-stream; - log_format main '$remote_addr - $remote_user [$time_local] $status ' '"$request" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; - - include /opt/bitnami/nginx/conf/resolvers.conf; - - {{- if .Values.gateway.verboseLogging }} - access_log /dev/stderr main; - {{- else }} - - map $status $loggable { - ~^[23] 0; - default 1; - } - access_log /dev/stderr main if=$loggable; - {{- end }} - - sendfile on; - tcp_nopush on; - - server { - listen 8080; - - {{- if .Values.gateway.auth.enabled }} - auth_basic "Loki"; - auth_basic_user_file /bitnami/nginx/secrets/.htpasswd; - {{- end }} - - location = / { - return 200 'OK'; - auth_basic off; - } - - location = /api/prom/push { - proxy_pass http://{{ include "grafana-loki.distributor.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:3100$request_uri; - } - - location = /api/prom/tail { - proxy_pass http://{{ include "grafana-loki.querier.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:3100$request_uri; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - - # Ruler - location ~ /prometheus/api/v1/alerts.* { - proxy_pass http://{{ include "grafana-loki.ruler.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:3100$request_uri; - } - location ~ /prometheus/api/v1/rules.* { - proxy_pass http://{{ include "grafana-loki.ruler.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:3100$request_uri; - } - location ~ /api/prom/rules.* { - proxy_pass http://{{ include "grafana-loki.ruler.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:3100$request_uri; - } - location ~ /api/prom/alerts.* { - proxy_pass http://{{ include "grafana-loki.ruler.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:3100$request_uri; - } - - location ~ /api/prom/.* { - proxy_pass http://{{ include "grafana-loki.query-frontend.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:3100$request_uri; - } - - location = /loki/api/v1/push { - proxy_pass http://{{ include "grafana-loki.distributor.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:3100$request_uri; - } - - location = /loki/api/v1/tail { - proxy_pass http://{{ include "grafana-loki.querier.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:3100$request_uri; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - - location ~ /loki/api/.* { - proxy_pass http://{{ include "grafana-loki.query-frontend.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:3100$request_uri; - } - } - } -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/deployment.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/deployment.yaml deleted file mode 100644 index 4786c6c..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/deployment.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.gateway.enabled }} -apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "grafana-loki.gateway.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.gateway.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.gateway.replicaCount }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.gateway.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - {{- if .Values.gateway.updateStrategy }} - strategy: {{- toYaml .Values.gateway.updateStrategy | nindent 4 }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - annotations: - checksum/configmap: {{ include (print $.Template.BasePath "/gateway/configmap-http.yaml") . | sha256sum }} - {{- if .Values.gateway.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.gateway.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "grafana-loki.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.gateway.automountServiceAccountToken }} - {{- if .Values.gateway.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.gateway.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.gateway.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.gateway.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.gateway.podAffinityPreset "component" "gateway" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.gateway.podAntiAffinityPreset "component" "gateway" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.gateway.nodeAffinityPreset.type "key" .Values.gateway.nodeAffinityPreset.key "values" .Values.gateway.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.gateway.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.gateway.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.gateway.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.gateway.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.gateway.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.gateway.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.gateway.priorityClassName }} - priorityClassName: {{ .Values.gateway.priorityClassName | quote }} - {{- end }} - {{- if .Values.gateway.schedulerName }} - schedulerName: {{ .Values.gateway.schedulerName }} - {{- end }} - {{- if .Values.gateway.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.gateway.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.gateway.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.gateway.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: gateway - image: {{ include "grafana-loki.gateway.image" . }} - imagePullPolicy: {{ .Values.gateway.image.pullPolicy | quote }} - {{- if .Values.gateway.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.gateway.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.gateway.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.gateway.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -ec - - | - # Generate resolver data - echo resolver $(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) ";" > /opt/bitnami/nginx/conf/resolvers.conf - /opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.gateway.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.gateway.args "context" $) | nindent 12 }} - {{- if .Values.gateway.extraArgs }} - {{- include "common.tplvalues.render" (dict "value" .Values.gateway.extraArgs "context" $) | nindent 12 }} - {{- end }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.gateway.image.debug | quote }} - {{- if .Values.gateway.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.gateway.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.gateway.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.gateway.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.gateway.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.gateway.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.gateway.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.gateway.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - ports: - - containerPort: {{ .Values.gateway.containerPorts.http }} - name: http - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.gateway.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.gateway.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.gateway.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.gateway.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- if .Values.gateway.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.gateway.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.gateway.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.gateway.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: / - port: http - {{- end }} - {{- if .Values.gateway.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.gateway.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.gateway.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.gateway.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: / - port: http - {{- end }} - {{- end }} - {{- if .Values.gateway.resources }} - resources: {{- toYaml .Values.gateway.resources | nindent 12 }} - {{- else if ne .Values.gateway.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.gateway.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: empty-dir - mountPath: /opt/bitnami/nginx/conf - subPath: app-conf-dir - - name: config - mountPath: /opt/bitnami/nginx/conf/nginx.conf - subPath: nginx.conf - {{- if .Values.gateway.auth.enabled }} - - name: htpasswd - mountPath: /bitnami/nginx/secrets/ - {{- end }} - {{- if .Values.gateway.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.gateway.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.gateway.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.gateway.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: config - configMap: - name: {{ include "grafana-loki.gateway.fullname" . }} - {{- if .Values.gateway.auth.enabled }} - - name: htpasswd - secret: - secretName: {{ include "grafana-loki.gateway.secretName" . }} - items: - - key: htpasswd - path: .htpasswd - {{- end }} - {{- if .Values.gateway.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.gateway.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/ingress.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/ingress.yaml deleted file mode 100644 index b2d8371..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/ingress.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.gateway.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "grafana-loki.gateway.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.gateway.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - {{- if or .Values.gateway.ingress.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.gateway.ingress.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.gateway.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} - ingressClassName: {{ .Values.gateway.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.gateway.ingress.hostname }} - - host: {{ .Values.gateway.ingress.hostname | quote }} - http: - paths: - {{- if .Values.gateway.ingress.extraPaths }} - {{- toYaml .Values.gateway.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.gateway.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.gateway.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "grafana-loki.gateway.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.gateway.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "grafana-loki.gateway.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or (and .Values.gateway.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.gateway.ingress.annotations )) .Values.gateway.ingress.selfSigned)) .Values.gateway.ingress.extraTls }} - tls: - {{- if and .Values.gateway.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.gateway.ingress.annotations )) .Values.gateway.ingress.selfSigned) }} - - hosts: - - {{ .Values.gateway.ingress.hostname | quote }} - secretName: {{ printf "%s-tls" .Values.gateway.ingress.hostname }} - {{- end }} - {{- if .Values.gateway.ingress.extraTls }} - {{- include "common.tplvalues.render" (dict "value" .Values.gateway.ingress.extraTls "context" $) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/networkpolicy.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/networkpolicy.yaml deleted file mode 100644 index cfa4d97..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/networkpolicy.yaml +++ /dev/null @@ -1,137 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.gateway.enabled .Values.gateway.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "grafana-loki.gateway.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.gateway.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - policyTypes: - - Ingress - - Egress - {{- if .Values.gateway.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - # Allow outbound connections to loki cluster - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - # Allow outbound connections to gateway - - ports: - - port: {{ .Values.gateway.containerPorts.http }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - # Allow outbound connections to Memcached Chunks - - ports: - {{- if .Values.memcachedchunks.enabled }} - - port: {{ .Values.memcachedchunks.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedchunks - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedChunks.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexqueries.enabled }} - - port: {{ .Values.memcachedindexqueries.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexqueries - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexQueries.port }} - {{- end }} - # Allow outbound connections to Memcached Frontend - - ports: - {{- if .Values.memcachedfrontend.enabled }} - - port: {{ .Values.memcachedfrontend.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedfrontend - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedFrontend.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexwrites.enabled }} - - port: {{ .Values.memcachedindexwrites.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexwrites - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexWrites.port }} - {{- end }} - - {{- if .Values.gateway.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.gateway.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - - ports: - - port: {{ .Values.gateway.containerPorts.http }} - {{- if not .Values.gateway.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - - podSelector: - matchLabels: - {{ template "grafana-loki.gateway.fullname" . }}-gateway: "true" - {{- if .Values.gateway.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.gateway.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.gateway.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.gateway.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.gateway.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.gateway.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/secret.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/secret.yaml deleted file mode 100644 index 9992de5..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/secret.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.gateway.enabled .Values.gateway.auth.enabled (not .Values.gateway.auth.existingSecret) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "grafana-loki.gateway.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.gateway.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- $password := (include "common.secrets.passwords.manage" (dict "secret" (include "grafana-loki.gateway.fullname" .) "key" "password" "providedValues" (list "gateway.auth.password") "context" $)) }} - password: {{ $password | quote }} - htpasswd: {{ htpasswd .Values.gateway.auth.username (b64dec $password) | b64enc | quote }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/service.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/service.yaml deleted file mode 100644 index 3897cb0..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/service.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.gateway.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana-loki.gateway.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.gateway.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - {{- if or .Values.commonAnnotations .Values.gateway.service.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.gateway.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.gateway.service.type }} - {{- if .Values.gateway.service.sessionAffinity }} - sessionAffinity: {{ .Values.gateway.service.sessionAffinity }} - {{- end }} - {{- if .Values.gateway.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.gateway.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if and .Values.gateway.service.clusterIP (eq .Values.gateway.service.type "ClusterIP") }} - clusterIP: {{ .Values.gateway.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.gateway.service.type "LoadBalancer") (eq .Values.gateway.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.gateway.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if (and (eq .Values.gateway.service.type "LoadBalancer") .Values.gateway.service.loadBalancerSourceRanges) }} - {{- with .Values.gateway.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} - {{- if (and (eq .Values.gateway.service.type "LoadBalancer") (not (empty .Values.gateway.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.gateway.service.loadBalancerIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.gateway.service.ports.http }} - targetPort: http - {{- if and (or (eq .Values.gateway.service.type "NodePort") (eq .Values.gateway.service.type "LoadBalancer")) (not (empty .Values.gateway.service.nodePorts.http)) }} - nodePort: {{ .Values.gateway.service.nodePorts.http }} - {{- else if eq .Values.gateway.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.gateway.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.gateway.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.gateway.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/tls-secret.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/tls-secret.yaml deleted file mode 100644 index 2e92e4f..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/gateway/tls-secret.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.gateway.ingress.enabled }} -{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.gateway.image "chart" .Chart ) ) }} -{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} -{{- if .Values.gateway.ingress.secrets }} -{{- range .Values.gateway.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} -{{- if and .Values.gateway.ingress.tls .Values.gateway.ingress.selfSigned }} -{{- $secretName := printf "%s-tls" .Values.gateway.ingress.hostname }} -{{- $ca := genCA "grafana-loki-ca" 365 }} -{{- $cert := genSignedCert .Values.gateway.ingress.hostname nil (list .Values.gateway.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} - tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} - ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} -{{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/gossip-ring-headless-service.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/gossip-ring-headless-service.yaml deleted file mode 100644 index 18f233c..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/gossip-ring-headless-service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana-loki.gossip-ring.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: loki - {{- if or .Values.commonAnnotations .Values.loki.gossipRing.service.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.loki.gossipRing.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - publishNotReadyAddresses: true - clusterIP: None - ports: - - name: http - port: {{ .Values.loki.gossipRing.service.ports.http }} - targetPort: http-memberlist - protocol: TCP - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - loki-gossip-member: "true" diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/index-gateway/networkpolicy.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/index-gateway/networkpolicy.yaml deleted file mode 100644 index a2d6f37..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/index-gateway/networkpolicy.yaml +++ /dev/null @@ -1,138 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.indexGateway.enabled .Values.indexGateway.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "grafana-loki.index-gateway.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: index-gateway - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.indexGateway.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: index-gateway - policyTypes: - - Ingress - - Egress - {{- if .Values.indexGateway.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - # Allow outbound connections to loki cluster - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - # Allow outbound connections to gateway - - ports: - - port: {{ .Values.gateway.containerPorts.http }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - # Allow outbound connections to Memcached Chunks - - ports: - {{- if .Values.memcachedchunks.enabled }} - - port: {{ .Values.memcachedchunks.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedchunks - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedChunks.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexqueries.enabled }} - - port: {{ .Values.memcachedindexqueries.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexqueries - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexQueries.port }} - {{- end }} - # Allow outbound connections to Memcached Frontend - - ports: - {{- if .Values.memcachedfrontend.enabled }} - - port: {{ .Values.memcachedfrontend.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedfrontend - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedFrontend.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexwrites.enabled }} - - port: {{ .Values.memcachedindexwrites.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexwrites - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexWrites.port }} - {{- end }} - {{- if .Values.indexGateway.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.indexGateway.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - {{- if not .Values.indexGateway.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - - podSelector: - matchLabels: - {{ template "grafana-loki.index-gateway.fullname" . }}-index-gateway: "true" - {{- if .Values.indexGateway.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.indexGateway.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.indexGateway.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.indexGateway.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.indexGateway.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.indexGateway.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/index-gateway/service.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/index-gateway/service.yaml deleted file mode 100644 index 69ff3aa..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/index-gateway/service.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.indexGateway.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana-loki.index-gateway.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: index-gateway - {{- if or .Values.commonAnnotations .Values.indexGateway.service.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.indexGateway.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.indexGateway.service.type }} - {{- if .Values.indexGateway.service.sessionAffinity }} - sessionAffinity: {{ .Values.indexGateway.service.sessionAffinity }} - {{- end }} - {{- if .Values.indexGateway.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.indexGateway.service.clusterIP }} - clusterIP: {{ .Values.indexGateway.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.indexGateway.service.type "LoadBalancer") (eq .Values.indexGateway.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.indexGateway.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.indexGateway.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.indexGateway.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.indexGateway.service.type "LoadBalancer") (not (empty .Values.indexGateway.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.indexGateway.service.loadBalancerIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.indexGateway.service.ports.http }} - targetPort: http - protocol: TCP - {{- if (and (or (eq .Values.indexGateway.service.type "NodePort") (eq .Values.indexGateway.service.type "LoadBalancer")) (not (empty .Values.indexGateway.service.nodePorts.http))) }} - nodePort: {{ .Values.indexGateway.service.nodePorts.http }} - {{- else if eq .Values.indexGateway.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: grpc - port: {{ .Values.indexGateway.service.ports.grpc }} - protocol: TCP - targetPort: grpc - {{- if (and (or (eq .Values.indexGateway.service.type "NodePort") (eq .Values.indexGateway.service.type "LoadBalancer")) (not (empty .Values.indexGateway.service.nodePorts.grpc))) }} - nodePort: {{ .Values.indexGateway.service.nodePorts.grpc }} - {{- else if eq .Values.indexGateway.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.indexGateway.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.indexGateway.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: index-gateway -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/index-gateway/servicemonitor.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/index-gateway/servicemonitor.yaml deleted file mode 100644 index 7fee336..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/index-gateway/servicemonitor.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.indexGateway.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "grafana-loki.index-gateway.fullname" . }} - namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: index-gateway - {{- if or .Values.commonAnnotations .Values.metrics.serviceMonitor.annotations }} - {{- $annotations := merge.Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: index-gateway - endpoints: - - port: http - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace | quote }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/index-gateway/statefulset.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/index-gateway/statefulset.yaml deleted file mode 100644 index b38adf8..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/index-gateway/statefulset.yaml +++ /dev/null @@ -1,209 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.indexGateway.enabled }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "grafana-loki.index-gateway.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: index-gateway - loki-gossip-member: "true" - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.indexGateway.replicaCount }} - {{- if .Values.indexGateway.updateStrategy }} - updateStrategy: {{- toYaml .Values.indexGateway.updateStrategy | nindent 4 }} - {{- end }} - podManagementPolicy: {{ .Values.indexGateway.podManagementPolicy }} - serviceName: {{ template "grafana-loki.index-gateway.fullname" . }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.indexGateway.podLabels .Values.commonLabels ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: index-gateway - loki-gossip-member: "true" - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/loki-configmap.yaml") . | sha256sum }} - {{- if .Values.indexGateway.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: index-gateway - loki-gossip-member: "true" - spec: - serviceAccountName: {{ template "grafana-loki.serviceAccountName" . }} - {{- include "grafana-loki.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.indexGateway.automountServiceAccountToken }} - {{- if .Values.indexGateway.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.indexGateway.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.indexGateway.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.indexGateway.podAffinityPreset "component" "indexGateway" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.indexGateway.podAntiAffinityPreset "component" "index-gateway" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.indexGateway.nodeAffinityPreset.type "key" .Values.indexGateway.nodeAffinityPreset.key "values" .Values.indexGateway.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.indexGateway.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.indexGateway.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.indexGateway.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.indexGateway.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.indexGateway.priorityClassName }} - priorityClassName: {{ .Values.indexGateway.priorityClassName | quote }} - {{- end }} - {{- if .Values.indexGateway.schedulerName }} - schedulerName: {{ .Values.indexGateway.schedulerName }} - {{- end }} - {{- if .Values.indexGateway.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.indexGateway.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.indexGateway.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: grafana-loki-index-gateway - image: {{ template "grafana-loki.image" . }} - imagePullPolicy: {{ .Values.loki.image.pullPolicy }} - {{- if .Values.indexGateway.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.indexGateway.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.indexGateway.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.indexGateway.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.args "context" $) | nindent 12 }} - {{- else }} - args: - - -target=index-gateway - - -config.file={{ .Values.loki.dataDir }}/conf/loki.yaml - {{- if .Values.indexGateway.extraArgs }} - {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.extraArgs "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.indexGateway.extraEnvVars }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.indexGateway.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.indexGateway.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.indexGateway.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.indexGateway.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - containerPort: {{ .Values.loki.containerPorts.http }} - name: http - - containerPort: {{ .Values.loki.containerPorts.grpc }} - name: grpc - {{- if .Values.indexGateway.resources }} - resources: {{- toYaml .Values.indexGateway.resources | nindent 12 }} - {{- else if ne .Values.indexGateway.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.indexGateway.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.indexGateway.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.indexGateway.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.indexGateway.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /ready - port: http - {{- end }} - {{- if .Values.indexGateway.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.indexGateway.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.indexGateway.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /ready - port: http - {{- end }} - {{- if .Values.indexGateway.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.indexGateway.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.indexGateway.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- end }} - {{- if .Values.indexGateway.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: loki-config - mountPath: {{ .Values.loki.dataDir }}/conf/loki.yaml - subPath: loki.yaml - - name: data - mountPath: {{ .Values.loki.dataDir }} - {{- if .Values.indexGateway.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.indexGateway.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.indexGateway.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: loki-config - configMap: - name: {{ template "grafana-loki.loki.configmapName" . }} - {{- if .Values.indexGateway.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if not .Values.indexGateway.persistence.enabled }} - - name: data - emptyDir: {} - {{- else }} - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: data - {{- if .Values.commonLabels }} - labels: {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 10 }} - {{- end }} - {{- if or .Values.indexGateway.persistence.annotations .Values.commonAnnotations }} - {{- $claimAnnotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.indexGateway.persistence.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $claimAnnotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.indexGateway.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.indexGateway.persistence.size | quote }} - {{- if .Values.indexGateway.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.indexGateway.persistence "global" .Values.global) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/ingester/networkpolicy.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/ingester/networkpolicy.yaml deleted file mode 100644 index dc27133..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/ingester/networkpolicy.yaml +++ /dev/null @@ -1,138 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.ingester.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "grafana-loki.ingester.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ingester - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingester.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ingester - policyTypes: - - Ingress - - Egress - {{- if .Values.ingester.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - # Allow outbound connections to loki cluster - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - # Allow outbound connections to gateway - - ports: - - port: {{ .Values.gateway.containerPorts.http }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - # Allow outbound connections to Memcached Chunks - - ports: - {{- if .Values.memcachedchunks.enabled }} - - port: {{ .Values.memcachedchunks.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedchunks - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedChunks.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexqueries.enabled }} - - port: {{ .Values.memcachedindexqueries.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexqueries - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexQueries.port }} - {{- end }} - # Allow outbound connections to Memcached Frontend - - ports: - {{- if .Values.memcachedfrontend.enabled }} - - port: {{ .Values.memcachedfrontend.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedfrontend - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedFrontend.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexwrites.enabled }} - - port: {{ .Values.memcachedindexwrites.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexwrites - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexWrites.port }} - {{- end }} - {{- if .Values.ingester.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingester.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - {{- if not .Values.ingester.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - - podSelector: - matchLabels: - {{ template "grafana-loki.ingester.fullname" . }}-ingester: "true" - {{- if .Values.ingester.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.ingester.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.ingester.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.ingester.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.ingester.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingester.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/ingester/service.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/ingester/service.yaml deleted file mode 100644 index 6b9ca1a..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/ingester/service.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana-loki.ingester.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ingester - {{- if or .Values.commonAnnotations .Values.ingester.service.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingester.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.ingester.service.type }} - {{- if .Values.ingester.service.sessionAffinity }} - sessionAffinity: {{ .Values.ingester.service.sessionAffinity }} - {{- end }} - {{- if .Values.ingester.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.ingester.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.ingester.service.clusterIP }} - clusterIP: {{ .Values.ingester.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.ingester.service.type "LoadBalancer") (eq .Values.ingester.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.ingester.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.ingester.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.ingester.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.ingester.service.type "LoadBalancer") (not (empty .Values.ingester.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.ingester.service.loadBalancerIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.ingester.service.ports.http }} - targetPort: http - protocol: TCP - {{- if (and (or (eq .Values.ingester.service.type "NodePort") (eq .Values.ingester.service.type "LoadBalancer")) (not (empty .Values.ingester.service.nodePorts.http))) }} - nodePort: {{ .Values.ingester.service.nodePorts.http }} - {{- else if eq .Values.ingester.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: grpc - port: {{ .Values.ingester.service.ports.grpc }} - targetPort: grpc - protocol: TCP - {{- if (and (or (eq .Values.ingester.service.type "NodePort") (eq .Values.ingester.service.type "LoadBalancer")) (not (empty .Values.ingester.service.nodePorts.grpc))) }} - nodePort: {{ .Values.ingester.service.nodePorts.grpc }} - {{- else if eq .Values.ingester.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.ingester.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingester.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingester.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ingester diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/ingester/servicemonitor.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/ingester/servicemonitor.yaml deleted file mode 100644 index 9c90dc9..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/ingester/servicemonitor.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "grafana-loki.ingester.fullname" . }} - namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ingester - {{- if or .Values.commonAnnotations .Values.metrics.serviceMonitor.annotations }} - {{- $annotations := merge.Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ingester - endpoints: - - port: http - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace | quote }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/ingester/statefulset.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/ingester/statefulset.yaml deleted file mode 100644 index 8a4844c..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/ingester/statefulset.yaml +++ /dev/null @@ -1,235 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "grafana-loki.ingester.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ingester - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.ingester.replicaCount }} - {{- if .Values.ingester.updateStrategy }} - updateStrategy: {{- toYaml .Values.ingester.updateStrategy | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingester.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ingester - serviceName: {{ template "grafana-loki.ingester.fullname" . }} - podManagementPolicy: {{ .Values.ingester.podManagementPolicy }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/loki-configmap.yaml") . | sha256sum }} - {{- if .Values.ingester.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingester.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ingester - loki-gossip-member: "true" - spec: - serviceAccountName: {{ template "grafana-loki.serviceAccountName" . }} - {{- include "grafana-loki.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.ingester.automountServiceAccountToken }} - {{- if .Values.ingester.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.ingester.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.ingester.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.ingester.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.ingester.podAffinityPreset "component" "ingester" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.ingester.podAntiAffinityPreset "component" "ingester" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.ingester.nodeAffinityPreset.type "key" .Values.ingester.nodeAffinityPreset.key "values" .Values.ingester.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.ingester.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.ingester.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.ingester.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.ingester.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.ingester.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.ingester.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.ingester.priorityClassName }} - priorityClassName: {{ .Values.ingester.priorityClassName | quote }} - {{- end }} - {{- if .Values.ingester.schedulerName }} - schedulerName: {{ .Values.ingester.schedulerName }} - {{- end }} - {{- if .Values.ingester.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.ingester.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.ingester.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingester.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.ingester.persistence.enabled }} - - name: volume-permissions - image: {{ include "grafana-loki.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - mkdir -p {{ .Values.loki.dataDir }}{{- if .Values.ingester.persistence.subPath }}/{{ .Values.ingester.persistence.subPath }}{{- end }} - {{- if and .Values.ingester.podSecurityContext.enabled .Values.ingester.containerSecurityContext.enabled }} - find {{ .Values.loki.dataDir }}{{- if .Values.ingester.persistence.subPath }}/{{ .Values.ingester.persistence.subPath }}{{- end }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.ingester.containerSecurityContext.runAsUser }}:{{ .Values.ingester.podSecurityContext.fsGroup }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.loki.dataDir }} - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- end }} - containers: - - name: grafana-loki-ingester - image: {{ template "grafana-loki.image" . }} - imagePullPolicy: {{ .Values.loki.image.pullPolicy }} - {{- if .Values.ingester.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.ingester.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.ingester.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.ingester.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.ingester.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.ingester.args "context" $) | nindent 12 }} - {{- else }} - args: - - -target=ingester - - -config.file={{ .Values.loki.dataDir }}/conf/loki.yaml - {{- if .Values.ingester.extraArgs }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingester.extraArgs "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.ingester.extraEnvVars }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.ingester.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.ingester.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.ingester.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.ingester.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.ingester.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - containerPort: {{ .Values.loki.containerPorts.http }} - name: http - - containerPort: {{ .Values.loki.containerPorts.gossipRing }} - name: http-memberlist - - containerPort: {{ .Values.loki.containerPorts.grpc }} - name: grpc - {{- if .Values.ingester.resources }} - resources: {{- toYaml .Values.ingester.resources | nindent 12 }} - {{- else if ne .Values.ingester.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.ingester.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.ingester.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ingester.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.ingester.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.ingester.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- if .Values.ingester.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ingester.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.ingester.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.ingester.readinessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- if .Values.ingester.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ingester.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.ingester.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.ingester.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- end }} - {{- if .Values.ingester.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.ingester.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: loki-config - mountPath: {{ .Values.loki.dataDir }}/conf/loki.yaml - subPath: loki.yaml - - name: data - mountPath: {{ .Values.loki.dataDir }} - {{- if .Values.ingester.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingester.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.ingester.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingester.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: loki-config - configMap: - name: {{ template "grafana-loki.loki.configmapName" . }} - {{- if .Values.ingester.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingester.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if not .Values.ingester.persistence.enabled }} - - name: data - emptyDir: {} - {{- else }} - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: data - {{- if .Values.commonLabels }} - labels: {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 10 }} - {{- end }} - {{- if or .Values.ingester.persistence.annotations .Values.commonAnnotations }} - {{- $claimAnnotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingester.persistence.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $claimAnnotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.ingester.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.ingester.persistence.size | quote }} - {{- if .Values.ingester.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.ingester.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.ingester.persistence "global" .Values.global) | nindent 8 }} - {{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/loki-configmap.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/loki-configmap.yaml deleted file mode 100644 index 0964292..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/loki-configmap.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: loki - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - loki.yaml: |- - {{- mergeOverwrite (include "common.tplvalues.render" (dict "value" .Values.loki.configuration "context" $) | fromYaml) .Values.loki.overrideConfiguration | toYaml | nindent 4 }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/clusterrole.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/clusterrole.yaml deleted file mode 100644 index 67d202d..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/clusterrole.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.promtail.enabled .Values.promtail.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.promtail.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: promtail - name: {{ printf "%s-%s" (include "common.names.fullname.namespace" .) "promtail" }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - nodes - - nodes/proxy - - services - - endpoints - - pods - verbs: - - get - - watch - - list -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/clusterrolebinding.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/clusterrolebinding.yaml deleted file mode 100644 index e5254fe..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/clusterrolebinding.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.promtail.enabled .Values.promtail.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.promtail.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: promtail - name: {{ printf "%s-%s" (include "common.names.fullname.namespace" .) "promtail" }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ printf "%s-%s" (include "common.names.fullname.namespace" .) "promtail" }} -subjects: - - kind: ServiceAccount - name: {{ template "grafana-loki.promtail.serviceAccountName" . }} - namespace: {{ include "common.names.namespace" . | quote }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/daemonset.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/daemonset.yaml deleted file mode 100644 index ce48d6f..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/daemonset.yaml +++ /dev/null @@ -1,206 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.promtail.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: DaemonSet -metadata: - name: {{ template "grafana-loki.promtail.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.promtail.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: promtail - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.promtail.updateStrategy }} - updateStrategy: {{- toYaml .Values.promtail.updateStrategy | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.promtail.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: promtail - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/loki-configmap.yaml") . | sha256sum }} - {{- if .Values.promtail.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.promtail.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: promtail - spec: - serviceAccountName: {{ template "grafana-loki.promtail.serviceAccountName" . }} - {{- include "grafana-loki.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.promtail.automountServiceAccountToken }} - {{- if .Values.promtail.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.promtail.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.promtail.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.promtail.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.promtail.podAffinityPreset "component" "promtail" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.promtail.podAntiAffinityPreset "component" "promtail" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.promtail.nodeAffinityPreset.type "key" .Values.promtail.nodeAffinityPreset.key "values" .Values.promtail.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.promtail.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.promtail.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.promtail.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.promtail.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.promtail.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.promtail.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.promtail.priorityClassName }} - priorityClassName: {{ .Values.promtail.priorityClassName | quote }} - {{- end }} - {{- if .Values.promtail.schedulerName }} - schedulerName: {{ .Values.promtail.schedulerName }} - {{- end }} - {{- if .Values.promtail.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.promtail.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.promtail.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.promtail.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: promtail - image: {{ template "grafana-loki.promtail.image" . }} - imagePullPolicy: {{ .Values.loki.image.pullPolicy }} - {{- if .Values.promtail.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.promtail.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.promtail.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.promtail.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.promtail.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.promtail.args "context" $) | nindent 12 }} - {{- else }} - args: - - -config.file=/bitnami/promtail/conf/promtail.yaml - {{- if .Values.promtail.extraArgs }} - {{- include "common.tplvalues.render" (dict "value" .Values.promtail.extraArgs "context" $) | nindent 12 }} - {{- end }} - {{- end }} - env: - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- if .Values.promtail.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.promtail.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.promtail.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.promtail.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.promtail.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.promtail.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - containerPort: {{ .Values.promtail.containerPorts.http }} - name: http - - containerPort: {{ .Values.promtail.containerPorts.grpc }} - name: grpc - {{- if .Values.promtail.resources }} - resources: {{- toYaml .Values.promtail.resources | nindent 12 }} - {{- else if ne .Values.promtail.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.promtail.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.promtail.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.promtail.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.promtail.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.promtail.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /ready - port: http - {{- end }} - {{- if .Values.promtail.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.promtail.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.promtail.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.promtail.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /ready - port: http - {{- end }} - {{- if .Values.promtail.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.promtail.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.promtail.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.promtail.startupProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /ready - port: http - {{- end }} - {{- end }} - {{- if .Values.promtail.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.promtail.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: loki-config - mountPath: /bitnami/promtail/conf/promtail.yaml - subPath: promtail.yaml - - name: containers - mountPath: /var/lib/docker/containers - readOnly: true - - name: pods - mountPath: /var/log/pods - readOnly: true - - name: run - mountPath: /run/promtail - {{- if .Values.gateway.auth.enabled }} - - name: gateway-password - mountPath: /bitnami/promtail/conf/secrets - {{- end }} - {{- if .Values.promtail.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.promtail.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.promtail.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.promtail.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: loki-config - secret: - secretName: {{ template "grafana-loki.promtail.secretName" . }} - - name: containers - hostPath: - path: /var/lib/docker/containers - - name: pods - hostPath: - path: /var/log/pods - - name: run - hostPath: - path: /run/promtail - {{- if .Values.gateway.auth.enabled }} - - name: gateway-password - secret: - secretName: {{ include "grafana-loki.gateway.secretName" . }} - items: - - key: password - path: password - {{- end }} - {{- if .Values.promtail.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.promtail.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/networkpolicy.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/networkpolicy.yaml deleted file mode 100644 index d73483e..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/networkpolicy.yaml +++ /dev/null @@ -1,140 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.promtail.enabled .Values.promtail.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "grafana-loki.promtail.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: promtail - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.promtail.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: promtail - policyTypes: - - Ingress - - Egress - {{- if .Values.promtail.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - {{- range $port := .Values.promtail.networkPolicy.kubeAPIServerPorts }} - - port: {{ $port }} - {{- end }} - # Allow outbound connections to loki cluster - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - # Allow outbound connections to gateway - - ports: - - port: {{ .Values.gateway.containerPorts.http }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - # Allow outbound connections to Memcached Chunks - - ports: - {{- if .Values.memcachedchunks.enabled }} - - port: {{ .Values.memcachedchunks.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedchunks - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedChunks.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexqueries.enabled }} - - port: {{ .Values.memcachedindexqueries.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexqueries - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexQueries.port }} - {{- end }} - # Allow outbound connections to Memcached Frontend - - ports: - {{- if .Values.memcachedfrontend.enabled }} - - port: {{ .Values.memcachedfrontend.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedfrontend - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedFrontend.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexwrites.enabled }} - - port: {{ .Values.memcachedindexwrites.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexwrites - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexWrites.port }} - {{- end }} - {{- if .Values.promtail.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.promtail.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - - ports: - - port: {{ .Values.promtail.containerPorts.http }} - - port: {{ .Values.promtail.containerPorts.grpc }} - {{- if not .Values.promtail.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - - podSelector: - matchLabels: - {{ template "grafana-loki.promtail.fullname" . }}-promtail: "true" - {{- if .Values.promtail.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.promtail.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.promtail.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.promtail.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.promtail.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.promtail.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/secret.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/secret.yaml deleted file mode 100644 index 0c597af..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.promtail.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "grafana-loki.promtail.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.promtail.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: loki - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -stringData: - promtail.yaml: |- - {{- include "common.tplvalues.render" (dict "value" .Values.promtail.configuration "context" $) | nindent 4 }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/service-account.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/service-account.yaml deleted file mode 100644 index dd9d929..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/service-account.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.promtail.enabled .Values.promtail.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "grafana-loki.promtail.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.promtail.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: loki - {{- if or .Values.promtail.serviceAccount.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.promtail.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.promtail.serviceAccount.automountServiceAccountToken }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/service.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/service.yaml deleted file mode 100644 index 884a433..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/service.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.promtail.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana-loki.promtail.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.promtail.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: promtail - {{- if or .Values.commonAnnotations .Values.promtail.service.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.promtail.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.promtail.service.type }} - {{- if .Values.promtail.service.sessionAffinity }} - sessionAffinity: {{ .Values.promtail.service.sessionAffinity }} - {{- end }} - {{- if .Values.promtail.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.promtail.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.promtail.service.clusterIP }} - clusterIP: {{ .Values.promtail.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.promtail.service.type "LoadBalancer") (eq .Values.promtail.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.promtail.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.promtail.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.promtail.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.promtail.service.type "LoadBalancer") (not (empty .Values.promtail.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.promtail.service.loadBalancerIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.promtail.service.ports.http }} - targetPort: http - protocol: TCP - {{- if (and (or (eq .Values.promtail.service.type "NodePort") (eq .Values.promtail.service.type "LoadBalancer")) (not (empty .Values.promtail.service.nodePorts.http))) }} - nodePort: {{ .Values.promtail.service.nodePorts.http }} - {{- else if eq .Values.promtail.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: grpc - port: {{ .Values.promtail.service.ports.grpc }} - targetPort: grpc - protocol: TCP - {{- if (and (or (eq .Values.promtail.service.type "NodePort") (eq .Values.promtail.service.type "LoadBalancer")) (not (empty .Values.promtail.service.nodePorts.grpc))) }} - nodePort: {{ .Values.promtail.service.nodePorts.grpc }} - {{- else if eq .Values.promtail.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.promtail.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.promtail.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.promtail.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: promtail -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/servicemonitor.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/servicemonitor.yaml deleted file mode 100644 index d3f7085..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/promtail/servicemonitor.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.promtail.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "grafana-loki.promtail.fullname" . }} - namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.promtail.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: promtail - {{- if or .Values.commonAnnotations .Values.metrics.serviceMonitor.annotations }} - {{- $annotations := merge.Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: promtail - endpoints: - - port: http - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace | quote }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/querier/networkpolicy.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/querier/networkpolicy.yaml deleted file mode 100644 index ddd9ff4..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/querier/networkpolicy.yaml +++ /dev/null @@ -1,138 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.querier.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "grafana-loki.querier.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: querier - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.querier.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: querier - policyTypes: - - Ingress - - Egress - {{- if .Values.querier.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - # Allow outbound connections to loki cluster - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - # Allow outbound connections to gateway - - ports: - - port: {{ .Values.gateway.containerPorts.http }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - # Allow outbound connections to Memcached Chunks - - ports: - {{- if .Values.memcachedchunks.enabled }} - - port: {{ .Values.memcachedchunks.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedchunks - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedChunks.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexqueries.enabled }} - - port: {{ .Values.memcachedindexqueries.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexqueries - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexQueries.port }} - {{- end }} - # Allow outbound connections to Memcached Frontend - - ports: - {{- if .Values.memcachedfrontend.enabled }} - - port: {{ .Values.memcachedfrontend.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedfrontend - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedFrontend.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexwrites.enabled }} - - port: {{ .Values.memcachedindexwrites.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexwrites - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexWrites.port }} - {{- end }} - {{- if .Values.querier.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.querier.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - {{- if not .Values.querier.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - - podSelector: - matchLabels: - {{ template "grafana-loki.querier.fullname" . }}-querier: "true" - {{- if .Values.querier.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.querier.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.querier.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.querier.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.querier.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.querier.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/querier/service.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/querier/service.yaml deleted file mode 100644 index 51b8e65..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/querier/service.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana-loki.querier.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: querier - {{- if or .Values.commonAnnotations .Values.querier.service.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.querier.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.querier.service.type }} - {{- if .Values.querier.service.sessionAffinity }} - sessionAffinity: {{ .Values.querier.service.sessionAffinity }} - {{- end }} - {{- if .Values.querier.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.querier.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.querier.service.clusterIP }} - clusterIP: {{ .Values.querier.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.querier.service.type "LoadBalancer") (eq .Values.querier.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.querier.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.querier.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.querier.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.querier.service.type "LoadBalancer") (not (empty .Values.querier.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.querier.service.loadBalancerIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.querier.service.ports.http }} - targetPort: http - protocol: TCP - {{- if (and (or (eq .Values.querier.service.type "NodePort") (eq .Values.querier.service.type "LoadBalancer")) (not (empty .Values.querier.service.nodePorts.http))) }} - nodePort: {{ .Values.querier.service.nodePorts.http }} - {{- else if eq .Values.querier.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: grpc - port: {{ .Values.querier.service.ports.grpc }} - targetPort: grpc - protocol: TCP - {{- if (and (or (eq .Values.querier.service.type "NodePort") (eq .Values.querier.service.type "LoadBalancer")) (not (empty .Values.querier.service.nodePorts.grpc))) }} - nodePort: {{ .Values.querier.service.nodePorts.grpc }} - {{- else if eq .Values.querier.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.querier.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.querier.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.querier.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: querier diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/querier/servicemonitor.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/querier/servicemonitor.yaml deleted file mode 100644 index 53dda9e..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/querier/servicemonitor.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "grafana-loki.querier.fullname" . }} - namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: querier - {{- if or .Values.commonAnnotations .Values.metrics.serviceMonitor.annotations }} - {{- $annotations := merge.Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: querier - endpoints: - - port: http - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace | quote }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/querier/statefulset.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/querier/statefulset.yaml deleted file mode 100644 index 29ed30d..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/querier/statefulset.yaml +++ /dev/null @@ -1,240 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "grafana-loki.querier.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: querier - loki-gossip-member: "true" - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.querier.replicaCount }} - {{- if .Values.querier.updateStrategy }} - updateStrategy: {{- toYaml .Values.querier.updateStrategy | nindent 4 }} - {{- end }} - podManagementPolicy: {{ .Values.querier.podManagementPolicy }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.querier.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: querier - loki-gossip-member: "true" - serviceName: {{ template "grafana-loki.querier.fullname" . }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/loki-configmap.yaml") . | sha256sum }} - {{- if .Values.querier.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.querier.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: querier - loki-gossip-member: "true" - spec: - serviceAccountName: {{ template "grafana-loki.serviceAccountName" . }} - {{- include "grafana-loki.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.querier.automountServiceAccountToken }} - {{- if .Values.querier.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.querier.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.querier.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.querier.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.querier.podAffinityPreset "component" "querier" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.querier.podAntiAffinityPreset "component" "querier" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.querier.nodeAffinityPreset.type "key" .Values.querier.nodeAffinityPreset.key "values" .Values.querier.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.querier.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.querier.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.querier.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.querier.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.querier.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.querier.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.querier.priorityClassName }} - priorityClassName: {{ .Values.querier.priorityClassName | quote }} - {{- end }} - {{- if .Values.querier.schedulerName }} - schedulerName: {{ .Values.querier.schedulerName }} - {{- end }} - {{- if .Values.querier.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.querier.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.querier.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.querier.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.querier.persistence.enabled }} - - name: volume-permissions - image: {{ include "grafana-loki.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - mkdir -p {{ .Values.loki.dataDir }}{{- if .Values.querier.persistence.subPath }}/{{ .Values.querier.persistence.subPath }}{{- end }} - {{- if and .Values.querier.podSecurityContext.enabled .Values.querier.containerSecurityContext.enabled }} - find {{ .Values.loki.dataDir }}{{- if .Values.querier.persistence.subPath }}/{{ .Values.querier.persistence.subPath }}{{- end }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.querier.containerSecurityContext.runAsUser }}:{{ .Values.querier.podSecurityContext.fsGroup }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.loki.dataDir }} - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- end }} - containers: - - name: grafana-loki-querier - image: {{ template "grafana-loki.image" . }} - imagePullPolicy: {{ .Values.loki.image.pullPolicy }} - {{- if .Values.querier.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.querier.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.querier.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.querier.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.querier.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.querier.args "context" $) | nindent 12 }} - {{- else }} - args: - - -target=querier - - -config.file={{ .Values.loki.dataDir }}/conf/loki.yaml - {{- if .Values.queryScheduler.enabled }} - - -querier.scheduler-address={{ template "grafana-loki.query-scheduler.fullname" . }}:{{ .Values.queryScheduler.service.ports.grpc }} - {{- end }} - {{- if .Values.querier.extraArgs }} - {{- include "common.tplvalues.render" (dict "value" .Values.querier.extraArgs "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.querier.extraEnvVars }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.querier.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.querier.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.querier.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.querier.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.querier.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - containerPort: {{ .Values.loki.containerPorts.http }} - name: http - - containerPort: {{ .Values.loki.containerPorts.gossipRing }} - name: http-memberlist - - containerPort: {{ .Values.loki.containerPorts.grpc }} - name: grpc - {{- if .Values.querier.resources }} - resources: {{- toYaml .Values.querier.resources | nindent 12 }} - {{- else if ne .Values.querier.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.querier.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.querier.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.querier.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.querier.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.querier.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- if .Values.querier.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.querier.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.querier.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.querier.readinessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- if .Values.querier.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.querier.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.querier.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.querier.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- end }} - {{- if .Values.querier.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.querier.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: loki-config - mountPath: {{ .Values.loki.dataDir }}/conf/loki.yaml - subPath: loki.yaml - - name: data - mountPath: {{ .Values.loki.dataDir }} - {{- if .Values.querier.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.querier.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.querier.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.querier.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: loki-config - configMap: - name: {{ template "grafana-loki.loki.configmapName" . }} - {{- if .Values.querier.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.querier.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if not .Values.querier.persistence.enabled }} - - name: data - emptyDir: {} - {{- else }} - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: data - {{- if .Values.commonLabels }} - labels: {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 10 }} - {{- end }} - {{- if or .Values.querier.persistence.annotations .Values.commonAnnotations }} - {{- $claimAnnotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.querier.persistence.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $claimAnnotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.querier.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.querier.persistence.size | quote }} - {{- if .Values.querier.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.querier.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.querier.persistence "global" .Values.global) | nindent 8 }} - {{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/query-frontend/deployment.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/query-frontend/deployment.yaml deleted file mode 100644 index 6cd1ee1..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/query-frontend/deployment.yaml +++ /dev/null @@ -1,175 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "grafana-loki.query-frontend.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-frontend - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.queryFrontend.replicaCount }} - {{- if .Values.queryFrontend.updateStrategy }} - strategy: {{- toYaml .Values.queryFrontend.updateStrategy | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-frontend - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/loki-configmap.yaml") . | sha256sum }} - {{- if .Values.queryFrontend.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-frontend - loki-gossip-member: "true" - spec: - serviceAccountName: {{ template "grafana-loki.serviceAccountName" . }} - {{- include "grafana-loki.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.queryFrontend.automountServiceAccountToken }} - {{- if .Values.queryFrontend.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.queryFrontend.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.queryFrontend.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.queryFrontend.podAffinityPreset "component" "query-frontend" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.queryFrontend.podAntiAffinityPreset "component" "query-frontend" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.queryFrontend.nodeAffinityPreset.type "key" .Values.queryFrontend.nodeAffinityPreset.key "values" .Values.queryFrontend.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.queryFrontend.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.queryFrontend.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.queryFrontend.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.queryFrontend.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.queryFrontend.priorityClassName }} - priorityClassName: {{ .Values.queryFrontend.priorityClassName | quote }} - {{- end }} - {{- if .Values.queryFrontend.schedulerName }} - schedulerName: {{ .Values.queryFrontend.schedulerName }} - {{- end }} - {{- if .Values.queryFrontend.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.queryFrontend.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.queryFrontend.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: grafana-loki-query-frontend - image: {{ template "grafana-loki.image" . }} - imagePullPolicy: {{ .Values.loki.image.pullPolicy }} - {{- if .Values.queryFrontend.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.queryFrontend.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.queryFrontend.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.queryFrontend.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.args "context" $) | nindent 12 }} - {{- else }} - args: - - -target=query-frontend - - -config.file={{ .Values.loki.dataDir }}/conf/loki.yaml - {{- if .Values.queryScheduler.enabled }} - - -frontend.scheduler-address={{ template "grafana-loki.query-scheduler.fullname" . }}:{{ .Values.queryScheduler.service.ports.grpc }} - {{- end }} - {{- if .Values.queryFrontend.extraArgs }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.extraArgs "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.queryFrontend.extraEnvVars }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.queryFrontend.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.queryFrontend.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.queryFrontend.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.queryFrontend.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - containerPort: {{ .Values.loki.containerPorts.http }} - name: http - - containerPort: {{ .Values.loki.containerPorts.grpc }} - name: grpc - {{- if .Values.queryFrontend.resources }} - resources: {{- toYaml .Values.queryFrontend.resources | nindent 12 }} - {{- else if ne .Values.queryFrontend.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.queryFrontend.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.queryFrontend.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.queryFrontend.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.queryFrontend.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /ready - port: http - {{- end }} - {{- if .Values.queryFrontend.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.queryFrontend.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.queryFrontend.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /ready - port: http - {{- end }} - {{- if .Values.queryFrontend.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.queryFrontend.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.queryFrontend.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- end }} - {{- if .Values.queryFrontend.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: loki-config - mountPath: {{ .Values.loki.dataDir }}/conf/loki.yaml - subPath: loki.yaml - {{- if .Values.queryFrontend.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.queryFrontend.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.queryFrontend.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: loki-config - configMap: - name: {{ template "grafana-loki.loki.configmapName" . }} - {{- if .Values.queryFrontend.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/query-frontend/headless-service.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/query-frontend/headless-service.yaml deleted file mode 100644 index 850a778..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/query-frontend/headless-service.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana-loki.query-frontend.fullname" . }}-headless - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-frontend - {{- if or .Values.commonAnnotations .Values.queryFrontend.service.headless.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - # NOTE: this is based on this https://github.com/grafana/helm-charts/pull/451. Should be reviewed if it is actually necessary in the future - publishNotReadyAddresses: true - type: ClusterIP - clusterIP: None - ports: - - name: http - port: {{ .Values.queryFrontend.service.ports.http }} - targetPort: http - protocol: TCP - - name: grpc - port: {{ .Values.queryFrontend.service.ports.grpc }} - targetPort: grpc - protocol: TCP - {{- if .Values.queryFrontend.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-frontend diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/query-frontend/networkpolicy.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/query-frontend/networkpolicy.yaml deleted file mode 100644 index 9c29217..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/query-frontend/networkpolicy.yaml +++ /dev/null @@ -1,138 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.queryFrontend.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "grafana-loki.query-frontend.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-frontend - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-frontend - policyTypes: - - Ingress - - Egress - {{- if .Values.queryFrontend.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - # Allow outbound connections to loki cluster - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - # Allow outbound connections to gateway - - ports: - - port: {{ .Values.gateway.containerPorts.http }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - # Allow outbound connections to Memcached Chunks - - ports: - {{- if .Values.memcachedchunks.enabled }} - - port: {{ .Values.memcachedchunks.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedchunks - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedChunks.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexqueries.enabled }} - - port: {{ .Values.memcachedindexqueries.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexqueries - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexQueries.port }} - {{- end }} - # Allow outbound connections to Memcached Frontend - - ports: - {{- if .Values.memcachedfrontend.enabled }} - - port: {{ .Values.memcachedfrontend.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedfrontend - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedFrontend.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexwrites.enabled }} - - port: {{ .Values.memcachedindexwrites.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexwrites - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexWrites.port }} - {{- end }} - {{- if .Values.queryFrontend.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.queryFrontend.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - {{- if not .Values.queryFrontend.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - - podSelector: - matchLabels: - {{ template "grafana-loki.query-frontend.fullname" . }}-query-frontend: "true" - {{- if .Values.queryFrontend.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.queryFrontend.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.queryFrontend.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.queryFrontend.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.queryFrontend.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.queryFrontend.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/query-frontend/service.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/query-frontend/service.yaml deleted file mode 100644 index 23db31a..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/query-frontend/service.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana-loki.query-frontend.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-frontend - {{- if or .Values.commonAnnotations .Values.queryFrontend.service.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.queryFrontend.service.type }} - {{- if .Values.queryFrontend.service.sessionAffinity }} - sessionAffinity: {{ .Values.queryFrontend.service.sessionAffinity }} - {{- end }} - {{- if .Values.queryFrontend.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.queryFrontend.service.clusterIP }} - clusterIP: {{ .Values.queryFrontend.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.queryFrontend.service.type "LoadBalancer") (eq .Values.queryFrontend.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.queryFrontend.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.queryFrontend.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.queryFrontend.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.queryFrontend.service.type "LoadBalancer") (not (empty .Values.queryFrontend.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.queryFrontend.service.loadBalancerIP }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: http - port: {{ .Values.queryFrontend.service.ports.http }} - targetPort: http - protocol: TCP - {{- if (and (or (eq .Values.queryFrontend.service.type "NodePort") (eq .Values.queryFrontend.service.type "LoadBalancer")) (not (empty .Values.queryFrontend.service.nodePorts.http))) }} - nodePort: {{ .Values.queryFrontend.service.nodePorts.http }} - {{- else if eq .Values.queryFrontend.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: grpc - port: {{ .Values.queryFrontend.service.ports.grpc }} - targetPort: grpc - protocol: TCP - {{- if (and (or (eq .Values.queryFrontend.service.type "NodePort") (eq .Values.queryFrontend.service.type "LoadBalancer")) (not (empty .Values.queryFrontend.service.nodePorts.grpc))) }} - nodePort: {{ .Values.queryFrontend.service.nodePorts.grpc }} - {{- else if eq .Values.queryFrontend.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.queryFrontend.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-frontend diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/query-frontend/servicemonitor.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/query-frontend/servicemonitor.yaml deleted file mode 100644 index 57c7717..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/query-frontend/servicemonitor.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "grafana-loki.query-frontend.fullname" . }} - namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-frontend - {{- if or .Values.commonAnnotations .Values.metrics.serviceMonitor.annotations }} - {{- $annotations := merge.Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-frontend - endpoints: - - port: http - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace | quote }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/query-scheduler/deployment.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/query-scheduler/deployment.yaml deleted file mode 100644 index 45855fa..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/query-scheduler/deployment.yaml +++ /dev/null @@ -1,177 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.queryScheduler.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "grafana-loki.query-scheduler.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-scheduler - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - minReadySeconds: 10 - replicas: {{ .Values.queryScheduler.replicaCount }} - {{- if .Values.queryScheduler.updateStrategy }} - strategy: {{- toYaml .Values.queryScheduler.updateStrategy | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryScheduler.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-scheduler - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/loki-configmap.yaml") . | sha256sum }} - {{- if .Values.queryScheduler.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - name: {{ template "grafana-loki.query-scheduler.fullname" . }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-scheduler - loki-gossip-member: "true" - spec: - serviceAccountName: {{ template "grafana-loki.serviceAccountName" . }} - {{- include "grafana-loki.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.queryScheduler.automountServiceAccountToken }} - {{- if .Values.queryScheduler.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.queryScheduler.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.queryScheduler.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.queryScheduler.podAffinityPreset "component" "query-scheduler" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.queryScheduler.podAntiAffinityPreset "component" "query-scheduler" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.queryScheduler.nodeAffinityPreset.type "key" .Values.queryScheduler.nodeAffinityPreset.key "values" .Values.queryScheduler.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.queryScheduler.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.queryScheduler.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.queryScheduler.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.queryScheduler.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.queryScheduler.priorityClassName }} - priorityClassName: {{ .Values.queryScheduler.priorityClassName | quote }} - {{- end }} - {{- if .Values.queryScheduler.schedulerName }} - schedulerName: {{ .Values.queryScheduler.schedulerName }} - {{- end }} - {{- if .Values.queryScheduler.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.queryScheduler.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.queryScheduler.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: grafana-loki-query-scheduler - image: {{ template "grafana-loki.image" . }} - imagePullPolicy: {{ .Values.loki.image.pullPolicy }} - {{- if .Values.queryScheduler.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.queryScheduler.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.queryScheduler.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.queryScheduler.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.args "context" $) | nindent 12 }} - {{- else }} - args: - - -target=query-scheduler - - -config.file={{ .Values.loki.dataDir }}/conf/loki.yaml - - -log.level=debug - {{- if .Values.queryScheduler.extraArgs }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.extraArgs "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.queryScheduler.extraEnvVars }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.queryScheduler.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.queryScheduler.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.queryScheduler.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.queryScheduler.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - containerPort: {{ .Values.loki.containerPorts.http }} - name: http - - containerPort: {{ .Values.loki.containerPorts.grpc }} - name: grpc - {{- if .Values.queryScheduler.resources }} - resources: {{- toYaml .Values.queryScheduler.resources | nindent 12 }} - {{- else if ne .Values.queryScheduler.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.queryScheduler.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.queryScheduler.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.queryScheduler.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.queryScheduler.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /ready - port: http - {{- end }} - {{- if .Values.queryScheduler.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.queryScheduler.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.queryScheduler.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /ready - port: http - {{- end }} - {{- if .Values.queryScheduler.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.queryScheduler.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.queryScheduler.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- end }} - {{- if .Values.queryScheduler.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: loki-config - mountPath: {{ .Values.loki.dataDir }}/conf/loki.yaml - subPath: loki.yaml - {{- if .Values.queryScheduler.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.queryScheduler.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.queryScheduler.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: loki-config - configMap: - name: {{ template "grafana-loki.loki.configmapName" . }} - {{- if .Values.queryScheduler.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/query-scheduler/networkpolicy.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/query-scheduler/networkpolicy.yaml deleted file mode 100644 index 4dac71b..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/query-scheduler/networkpolicy.yaml +++ /dev/null @@ -1,138 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.queryScheduler.enabled .Values.queryScheduler.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "grafana-loki.query-scheduler.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-scheduler - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryScheduler.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-scheduler - policyTypes: - - Ingress - - Egress - {{- if .Values.queryScheduler.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - # Allow outbound connections to loki cluster - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - # Allow outbound connections to gateway - - ports: - - port: {{ .Values.gateway.containerPorts.http }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - # Allow outbound connections to Memcached Chunks - - ports: - {{- if .Values.memcachedchunks.enabled }} - - port: {{ .Values.memcachedchunks.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedchunks - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedChunks.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexqueries.enabled }} - - port: {{ .Values.memcachedindexqueries.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexqueries - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexQueries.port }} - {{- end }} - # Allow outbound connections to Memcached Frontend - - ports: - {{- if .Values.memcachedfrontend.enabled }} - - port: {{ .Values.memcachedfrontend.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedfrontend - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedFrontend.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexwrites.enabled }} - - port: {{ .Values.memcachedindexwrites.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexwrites - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexWrites.port }} - {{- end }} - {{- if .Values.queryScheduler.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.queryScheduler.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - {{- if not .Values.queryScheduler.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - - podSelector: - matchLabels: - {{ template "grafana-loki.query-scheduler.fullname" . }}-query-scheduler: "true" - {{- if .Values.queryScheduler.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.queryScheduler.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.queryScheduler.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.queryScheduler.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.queryScheduler.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.queryScheduler.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/query-scheduler/service.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/query-scheduler/service.yaml deleted file mode 100644 index 1b428ea..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/query-scheduler/service.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.queryScheduler.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana-loki.query-scheduler.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-scheduler - {{- if or .Values.commonAnnotations .Values.queryScheduler.service.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryScheduler.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.queryScheduler.service.type }} - {{- if .Values.queryScheduler.service.sessionAffinity }} - sessionAffinity: {{ .Values.queryScheduler.service.sessionAffinity }} - {{- end }} - {{- if .Values.queryScheduler.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.queryScheduler.service.clusterIP }} - clusterIP: {{ .Values.queryScheduler.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.queryScheduler.service.type "LoadBalancer") (eq .Values.queryScheduler.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.queryScheduler.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.queryScheduler.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.queryScheduler.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.queryScheduler.service.type "LoadBalancer") (not (empty .Values.queryScheduler.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.queryScheduler.service.loadBalancerIP }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: http - port: {{ .Values.queryScheduler.service.ports.http }} - targetPort: http - protocol: TCP - {{- if (and (or (eq .Values.queryScheduler.service.type "NodePort") (eq .Values.queryScheduler.service.type "LoadBalancer")) (not (empty .Values.queryScheduler.service.nodePorts.http))) }} - nodePort: {{ .Values.queryScheduler.service.nodePorts.http }} - {{- else if eq .Values.queryScheduler.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: grpc - port: {{ .Values.queryScheduler.service.ports.grpc }} - targetPort: grpc - protocol: TCP - {{- if (and (or (eq .Values.queryScheduler.service.type "NodePort") (eq .Values.queryScheduler.service.type "LoadBalancer")) (not (empty .Values.queryScheduler.service.nodePorts.grpc))) }} - nodePort: {{ .Values.queryScheduler.service.nodePorts.grpc }} - {{- else if eq .Values.queryScheduler.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.queryScheduler.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryScheduler.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: query-scheduler -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/ruler/networkpolicy.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/ruler/networkpolicy.yaml deleted file mode 100644 index 7057437..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/ruler/networkpolicy.yaml +++ /dev/null @@ -1,138 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.ruler.enabled .Values.ruler.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "grafana-loki.ruler.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ruler - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ruler - policyTypes: - - Ingress - - Egress - {{- if .Values.ruler.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - # Allow outbound connections to loki cluster - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - # Allow outbound connections to gateway - - ports: - - port: {{ .Values.gateway.containerPorts.http }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - # Allow outbound connections to Memcached Chunks - - ports: - {{- if .Values.memcachedchunks.enabled }} - - port: {{ .Values.memcachedchunks.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedchunks - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedChunks.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexqueries.enabled }} - - port: {{ .Values.memcachedindexqueries.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexqueries - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexQueries.port }} - {{- end }} - # Allow outbound connections to Memcached Frontend - - ports: - {{- if .Values.memcachedfrontend.enabled }} - - port: {{ .Values.memcachedfrontend.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedfrontend - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedFrontend.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexwrites.enabled }} - - port: {{ .Values.memcachedindexwrites.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexwrites - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexWrites.port }} - {{- end }} - {{- if .Values.ruler.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ruler.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - {{- if not .Values.ruler.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - - podSelector: - matchLabels: - {{ template "grafana-loki.ruler.fullname" . }}-ruler: "true" - {{- if .Values.ruler.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.ruler.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.ruler.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.ruler.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.ruler.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ruler.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/ruler/service.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/ruler/service.yaml deleted file mode 100644 index cf446e3..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/ruler/service.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.ruler.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana-loki.ruler.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ruler - {{- if or .Values.commonAnnotations .Values.ruler.service.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.ruler.service.type }} - {{- if .Values.ruler.service.sessionAffinity }} - sessionAffinity: {{ .Values.ruler.service.sessionAffinity }} - {{- end }} - {{- if .Values.ruler.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.ruler.service.clusterIP }} - clusterIP: {{ .Values.ruler.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.ruler.service.type "LoadBalancer") (eq .Values.ruler.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.ruler.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.ruler.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.ruler.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.ruler.service.type "LoadBalancer") (not (empty .Values.ruler.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.ruler.service.loadBalancerIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.ruler.service.ports.http }} - targetPort: http - protocol: TCP - {{- if (and (or (eq .Values.ruler.service.type "NodePort") (eq .Values.ruler.service.type "LoadBalancer")) (not (empty .Values.ruler.service.nodePorts.http))) }} - nodePort: {{ .Values.ruler.service.nodePorts.http }} - {{- else if eq .Values.ruler.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: grpc - port: {{ .Values.ruler.service.ports.grpc }} - targetPort: grpc - protocol: TCP - {{- if (and (or (eq .Values.ruler.service.type "NodePort") (eq .Values.ruler.service.type "LoadBalancer")) (not (empty .Values.ruler.service.nodePorts.grpc))) }} - nodePort: {{ .Values.ruler.service.nodePorts.grpc }} - {{- else if eq .Values.ruler.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.ruler.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.ruler.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ruler -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/ruler/servicemonitor.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/ruler/servicemonitor.yaml deleted file mode 100644 index e682255..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/ruler/servicemonitor.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.ruler.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "grafana-loki.ruler.fullname" . }} - namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ruler - {{- if or .Values.commonAnnotations .Values.metrics.serviceMonitor.annotations }} - {{- $annotations := merge.Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ruler - endpoints: - - port: http - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace | quote }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/ruler/statefulset.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/ruler/statefulset.yaml deleted file mode 100644 index fca0521..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/ruler/statefulset.yaml +++ /dev/null @@ -1,240 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.ruler.enabled }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "grafana-loki.ruler.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ruler - loki-gossip-member: "true" - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.ruler.replicaCount }} - {{- if .Values.ruler.updateStrategy }} - updateStrategy: {{- toYaml .Values.ruler.updateStrategy | nindent 4 }} - {{- end }} - podManagementPolicy: {{ .Values.ruler.podManagementPolicy }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ruler - loki-gossip-member: "true" - serviceName: {{ template "grafana-loki.ruler.fullname" . }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/loki-configmap.yaml") . | sha256sum }} - {{- if .Values.ruler.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ruler.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: ruler - loki-gossip-member: "true" - spec: - serviceAccountName: {{ template "grafana-loki.serviceAccountName" . }} - {{- include "grafana-loki.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.ruler.automountServiceAccountToken }} - {{- if .Values.ruler.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.ruler.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.ruler.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.ruler.podAffinityPreset "component" "ruler" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.ruler.podAntiAffinityPreset "component" "ruler" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.ruler.nodeAffinityPreset.type "key" .Values.ruler.nodeAffinityPreset.key "values" .Values.ruler.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.ruler.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.ruler.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.ruler.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.ruler.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.ruler.priorityClassName }} - priorityClassName: {{ .Values.ruler.priorityClassName | quote }} - {{- end }} - {{- if .Values.ruler.schedulerName }} - schedulerName: {{ .Values.ruler.schedulerName }} - {{- end }} - {{- if .Values.ruler.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.ruler.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.ruler.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.ruler.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.ruler.persistence.enabled }} - - name: volume-permissions - image: {{ include "grafana-loki.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - mkdir -p {{ .Values.loki.dataDir }}{{- if .Values.ruler.persistence.subPath }}/{{ .Values.ruler.persistence.subPath }}{{- end }} - {{- if and .Values.ruler.podSecurityContext.enabled .Values.ruler.containerSecurityContext.enabled }} - find {{ .Values.loki.dataDir }}{{- if .Values.ruler.persistence.subPath }}/{{ .Values.ruler.persistence.subPath }}{{- end }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.ruler.containerSecurityContext.runAsUser }}:{{ .Values.ruler.podSecurityContext.fsGroup }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.loki.dataDir }} - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- end }} - containers: - - name: grafana-loki-ruler - image: {{ template "grafana-loki.image" . }} - imagePullPolicy: {{ .Values.loki.image.pullPolicy }} - {{- if .Values.ruler.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.ruler.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.ruler.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.ruler.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.args "context" $) | nindent 12 }} - {{- else }} - args: - - -target=ruler - - -config.file={{ .Values.loki.dataDir }}/conf/loki.yaml - {{- if .Values.ruler.extraArgs }} - {{- include "common.tplvalues.render" (dict "value" .Values.ruler.extraArgs "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.ruler.extraEnvVars }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.ruler.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.ruler.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.ruler.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.ruler.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - containerPort: {{ .Values.loki.containerPorts.http }} - name: http - - containerPort: {{ .Values.loki.containerPorts.gossipRing }} - name: http-memberlist - - containerPort: {{ .Values.loki.containerPorts.grpc }} - name: grpc - {{- if .Values.ruler.resources }} - resources: {{- toYaml .Values.ruler.resources | nindent 12 }} - {{- else if ne .Values.ruler.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.ruler.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.ruler.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.ruler.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.ruler.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- if .Values.ruler.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.ruler.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.ruler.readinessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- if .Values.ruler.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.ruler.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.ruler.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- end }} - {{- if .Values.ruler.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: loki-config - mountPath: {{ .Values.loki.dataDir }}/conf/loki.yaml - subPath: loki.yaml - - name: data - mountPath: {{ .Values.loki.dataDir }} - {{- if .Values.ruler.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.ruler.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.ruler.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ruler.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: loki-config - configMap: - name: {{ template "grafana-loki.loki.configmapName" . }} - {{- if .Values.ruler.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.ruler.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if not .Values.ruler.persistence.enabled }} - - name: data - emptyDir: {} - {{- else }} - volumeClaimTemplates: - - metadata: - name: data - {{- if .Values.commonLabels }} - labels: {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 10 }} - {{- end }} - annotations: - {{- if .Values.ruler.persistence.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ruler.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.ruler.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.ruler.persistence.size | quote }} - {{- if .Values.ruler.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.ruler.persistence "global" .Values.global) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/service-account.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/service-account.yaml deleted file mode 100644 index 8d9f95c..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/service-account.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "grafana-loki.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: loki - {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/table-manager/deployment.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/table-manager/deployment.yaml deleted file mode 100644 index dd6307a..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/table-manager/deployment.yaml +++ /dev/null @@ -1,174 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.tableManager.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "grafana-loki.table-manager.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: table-manager - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.tableManager.replicaCount }} - {{- if .Values.tableManager.updateStrategy }} - strategy: {{- toYaml .Values.tableManager.updateStrategy | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.tableManager.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: table-manager - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/loki-configmap.yaml") . | sha256sum }} - {{- if .Values.tableManager.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: table-manager - loki-gossip-member: "true" - spec: - serviceAccountName: {{ template "grafana-loki.serviceAccountName" . }} - {{- include "grafana-loki.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.tableManager.automountServiceAccountToken }} - {{- if .Values.tableManager.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tableManager.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.tableManager.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.tableManager.podAffinityPreset "component" "tableManager" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.tableManager.podAntiAffinityPreset "component" "tableManager" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.tableManager.nodeAffinityPreset.type "key" .Values.tableManager.nodeAffinityPreset.key "values" .Values.tableManager.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.tableManager.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.tableManager.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tableManager.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.tableManager.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.tableManager.priorityClassName }} - priorityClassName: {{ .Values.tableManager.priorityClassName | quote }} - {{- end }} - {{- if .Values.tableManager.schedulerName }} - schedulerName: {{ .Values.tableManager.schedulerName }} - {{- end }} - {{- if .Values.tableManager.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.tableManager.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.tableManager.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: grafana-loki-table-manager - image: {{ template "grafana-loki.image" . }} - imagePullPolicy: {{ .Values.loki.image.pullPolicy }} - {{- if .Values.tableManager.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.tableManager.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.tableManager.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.tableManager.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.args "context" $) | nindent 12 }} - {{- else }} - args: - - -target=table-manager - - -config.file={{ .Values.loki.dataDir }}/conf/loki.yaml - {{- if .Values.tableManager.extraArgs }} - {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.extraArgs "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.tableManager.extraEnvVars }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.tableManager.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.tableManager.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.tableManager.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.tableManager.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - containerPort: {{ .Values.loki.containerPorts.http }} - name: http - - containerPort: {{ .Values.loki.containerPorts.grpc }} - name: grpc - {{- if .Values.tableManager.resources }} - resources: {{- toYaml .Values.tableManager.resources | nindent 12 }} - {{- else if ne .Values.tableManager.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.tableManager.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.tableManager.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.tableManager.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.tableManager.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /ready - port: http - {{- end }} - {{- if .Values.tableManager.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.tableManager.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.tableManager.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /ready - port: http - {{- end }} - {{- if .Values.tableManager.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.tableManager.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.tableManager.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: http - {{- end }} - {{- end }} - {{- if .Values.tableManager.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: loki-config - mountPath: {{ .Values.loki.dataDir }}/conf/loki.yaml - subPath: loki.yaml - {{- if .Values.tableManager.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.tableManager.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.tableManager.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: loki-config - configMap: - name: {{ template "grafana-loki.loki.configmapName" . }} - {{- if .Values.tableManager.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/table-manager/networkpolicy.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/table-manager/networkpolicy.yaml deleted file mode 100644 index fd5bd49..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/table-manager/networkpolicy.yaml +++ /dev/null @@ -1,138 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.tableManager.enabled .Values.tableManager.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "grafana-loki.table-manager.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: table-manager - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.tableManager.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: table-manager - policyTypes: - - Ingress - - Egress - {{- if .Values.tableManager.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - # Allow outbound connections to loki cluster - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - # Allow outbound connections to gateway - - ports: - - port: {{ .Values.gateway.containerPorts.http }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: gateway - # Allow outbound connections to Memcached Chunks - - ports: - {{- if .Values.memcachedchunks.enabled }} - - port: {{ .Values.memcachedchunks.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedchunks - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedChunks.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexqueries.enabled }} - - port: {{ .Values.memcachedindexqueries.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexqueries - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexQueries.port }} - {{- end }} - # Allow outbound connections to Memcached Frontend - - ports: - {{- if .Values.memcachedfrontend.enabled }} - - port: {{ .Values.memcachedfrontend.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedfrontend - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedFrontend.port }} - {{- end }} - # Allow outbound connections to Memcached Metadata - - ports: - {{- if .Values.memcachedindexwrites.enabled }} - - port: {{ .Values.memcachedindexwrites.containerPorts.memcached }} - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: memcachedindexwrites - app.kubernetes.io/instance: {{ .Release.Name }} - {{- else }} - - port: {{ .Values.externalMemcachedIndexWrites.port }} - {{- end }} - {{- if .Values.tableManager.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.tableManager.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - - ports: - - port: {{ .Values.loki.containerPorts.http }} - - port: {{ .Values.loki.containerPorts.gossipRing }} - - port: {{ .Values.loki.containerPorts.grpc }} - {{- if not .Values.tableManager.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/part-of: grafana-loki - - podSelector: - matchLabels: - {{ template "grafana-loki.table-manager.fullname" . }}-table-manager: "true" - {{- if .Values.tableManager.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.tableManager.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.tableManager.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.tableManager.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.tableManager.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.tableManager.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/table-manager/service.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/table-manager/service.yaml deleted file mode 100644 index 03c8601..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/table-manager/service.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.indexGateway.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana-loki.table-manager.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: table-manager - {{- if or .Values.commonAnnotations .Values.tableManager.service.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.tableManager.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.tableManager.service.type }} - {{- if .Values.tableManager.service.sessionAffinity }} - sessionAffinity: {{ .Values.tableManager.service.sessionAffinity }} - {{- end }} - {{- if .Values.tableManager.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.tableManager.service.clusterIP }} - clusterIP: {{ .Values.tableManager.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.tableManager.service.type "LoadBalancer") (eq .Values.tableManager.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.tableManager.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.tableManager.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.tableManager.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.tableManager.service.type "LoadBalancer") (not (empty .Values.tableManager.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.tableManager.service.loadBalancerIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.tableManager.service.ports.http }} - targetPort: http - protocol: TCP - {{- if (and (or (eq .Values.tableManager.service.type "NodePort") (eq .Values.tableManager.service.type "LoadBalancer")) (not (empty .Values.tableManager.service.nodePorts.http))) }} - nodePort: {{ .Values.tableManager.service.nodePorts.http }} - {{- else if eq .Values.tableManager.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: grpc - port: {{ .Values.tableManager.service.ports.grpc }} - protocol: TCP - targetPort: grpc - {{- if (and (or (eq .Values.tableManager.service.type "NodePort") (eq .Values.tableManager.service.type "LoadBalancer")) (not (empty .Values.tableManager.service.nodePorts.grpc))) }} - nodePort: {{ .Values.tableManager.service.nodePorts.grpc }} - {{- else if eq .Values.tableManager.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.tableManager.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.tableManager.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: table-manager -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/templates/table-manager/servicemonitor.yaml b/charts/nopo11y-stack/charts/grafana-loki/templates/table-manager/servicemonitor.yaml deleted file mode 100644 index 6723d7c..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/templates/table-manager/servicemonitor.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.tableManager.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "grafana-loki.table-manager.fullname" . }} - namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.loki.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: table-manager - {{- if or .Values.commonAnnotations .Values.metrics.serviceMonitor.annotations }} - {{- $annotations := merge.Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} - app.kubernetes.io/part-of: grafana-loki - app.kubernetes.io/component: table-manager - endpoints: - - port: http - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace | quote }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/grafana-loki/values.yaml b/charts/nopo11y-stack/charts/grafana-loki/values.yaml deleted file mode 100644 index b7524f2..0000000 --- a/charts/nopo11y-stack/charts/grafana-loki/values.yaml +++ /dev/null @@ -1,5066 +0,0 @@ -# Copyright VMware, Inc. -# SPDX-License-Identifier: APACHE-2.0 - -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - ## Compatibility adaptations for Kubernetes platforms - ## - compatibility: - ## Compatibility adaptations for Openshift - ## - openshift: - ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) - ## - adaptSecurityContext: auto -## @section Common parameters -## - -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param clusterDomain Kubernetes cluster domain name -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] -## Enable diagnostic mode in the deployments/statefulsets -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployments/statefulsets - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployments/statefulsets - ## - args: - - infinity -## @section Common Grafana Loki Parameters -## -loki: - ## Bitnami Grafana Loki image - ## ref: https://hub.docker.com/r/bitnami/grafana-loki/tags/ - ## @param loki.image.registry [default: REGISTRY_NAME] Grafana Loki image registry - ## @param loki.image.repository [default: REPOSITORY_NAME/grafana-loki] Grafana Loki image repository - ## @skip loki.image.tag Grafana Loki image tag (immutable tags are recommended) - ## @param loki.image.digest Grafana Loki image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param loki.image.pullPolicy Grafana Loki image pull policy - ## @param loki.image.pullSecrets Grafana Loki image pull secrets - ## - image: - registry: docker.io - repository: bitnami/grafana-loki - tag: 3.0.0-debian-12-r0 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param loki.configuration [string] Loki components configuration - ## - configuration: | - auth_enabled: false - - server: - http_listen_port: {{ .Values.loki.containerPorts.http }} - grpc_listen_port: {{ .Values.loki.containerPorts.grpc }} - common: - compactor_address: http://{{ include "grafana-loki.compactor.fullname" . }}:{{ .Values.compactor.service.ports.http }} - - distributor: - ring: - kvstore: - store: memberlist - - memberlist: - join_members: - - {{ include "grafana-loki.gossip-ring.fullname" . }} - - ingester: - lifecycler: - ring: - kvstore: - store: memberlist - replication_factor: 1 - chunk_idle_period: 30m - chunk_block_size: 262144 - chunk_encoding: snappy - chunk_retain_period: 1m - wal: - dir: {{ .Values.loki.dataDir }}/wal - - limits_config: - retention_period: 336h - reject_old_samples: true - reject_old_samples_max_age: 168h - max_cache_freshness_per_query: 10m - split_queries_by_interval: 15m - allow_structured_metadata: true - - schema_config: - configs: - - from: 2020-10-24 - store: boltdb-shipper - object_store: filesystem - schema: v11 - index: - prefix: index_ - period: 24h - - from: 2024-03-12 - store: tsdb - object_store: filesystem - schema: v12 - index: - period: 24h - prefix: index_ - - from: 2024-04-23 - object_store: filesystem - store: tsdb - schema: v13 - index: - prefix: index_ - period: 24h - - storage_config: - boltdb_shipper: - active_index_directory: {{ .Values.loki.dataDir }}/loki/index - cache_location: {{ .Values.loki.dataDir }}/loki/cache - cache_ttl: 168h - {{- if .Values.indexGateway.enabled }} - index_gateway_client: - server_address: {{ (printf "dns:///%s:9095" (include "grafana-loki.index-gateway.fullname" .)) }} - {{- end }} - filesystem: - directory: {{ .Values.loki.dataDir }}/chunks - index_queries_cache_config: - {{- if .Values.memcachedindexqueries.enabled }} - memcached: - batch_size: 100 - parallelism: 100 - memcached_client: - consistent_hash: true - addresses: dns+{{ include "grafana-loki.memcached-index-queries.host" . }} - service: http - {{- end }} - tsdb_shipper: - active_index_directory: {{ .Values.loki.dataDir }}/loki/tsdb-index - cache_location: {{ .Values.loki.dataDir }}/loki/tsdb-cache - {{- if .Values.indexGateway.enabled }} - index_gateway_client: - server_address: {{ (printf "dns:///%s:9095" (include "grafana-loki.index-gateway.fullname" .)) }} - {{- end }} - - query_scheduler: - max_outstanding_requests_per_tenant: 32768 - - querier: - max_concurrent: 16 - - chunk_store_config: - {{- if .Values.memcachedchunks.enabled }} - chunk_cache_config: - memcached: - batch_size: 100 - parallelism: 100 - memcached_client: - consistent_hash: true - addresses: dns+{{ include "grafana-loki.memcached-chunks.host" . }} - {{- end }} - {{- if .Values.memcachedindexwrites.enabled }} - write_dedupe_cache_config: - memcached: - batch_size: 100 - parallelism: 100 - memcached_client: - consistent_hash: true - addresses: dns+{{ include "grafana-loki.memcached-index-writes.host" . }} - {{- end }} - - table_manager: - retention_deletes_enabled: false - retention_period: 0s - - query_range: - align_queries_with_step: true - max_retries: 5 - cache_results: true - results_cache: - cache: - {{- if .Values.memcachedfrontend.enabled }} - memcached_client: - consistent_hash: true - addresses: dns+{{ include "grafana-loki.memcached-frontend.host" . }} - max_idle_conns: 16 - timeout: 500ms - update_interval: 1m - {{- else }} - embedded-cache: - enabled: true - max_size_items: 1024 - validity: 24h - {{- end }} - {{- if not .Values.queryScheduler.enabled }} - frontend_worker: - frontend_address: {{ include "grafana-loki.query-frontend.fullname" . }}:{{ .Values.queryFrontend.service.ports.grpc }} - {{- end }} - - frontend: - log_queries_longer_than: 5s - compress_responses: true - tail_proxy_url: http://{{ include "grafana-loki.querier.fullname" . }}:{{ .Values.querier.service.ports.http }} - - compactor: - working_directory: {{ .Values.loki.dataDir }}/loki/retention - compaction_interval: 10m - retention_enabled: true - retention_delete_delay: 2h - retention_delete_worker_count: 150 - delete_request_store: filesystem - - ruler: - storage: - type: local - local: - directory: {{ .Values.loki.dataDir }}/conf/rules - ring: - kvstore: - store: memberlist - rule_path: /tmp/loki/scratch - alertmanager_url: https://alertmanager.xx - external_url: https://alertmanager.xx - ## @param loki.overrideConfiguration [object] Loki components configuration override. Values defined here takes precedence over loki.configuration - ## e.g: - ## overrideConfiguration: - ## auth_enabled: true - ## - overrideConfiguration: {} - ## @param loki.existingConfigmap Name of a ConfigMap with the Loki configuration - ## - existingConfigmap: "" - ## @param loki.dataDir path to the Loki data directory - ## - dataDir: "/bitnami/grafana-loki" - ## @param loki.containerPorts.http Loki components web container port - ## @param loki.containerPorts.grpc Loki components GRPC container port - ## @param loki.containerPorts.gossipRing Loki components Gossip Ring container port - ## - containerPorts: - http: 3100 - grpc: 9095 - gossipRing: 7946 - ## Gossip Ring parameters - ## - gossipRing: - ## Gossip Ring service parameters - ## - service: - ## @param loki.gossipRing.service.ports.http Gossip Ring HTTP headless service port - ## - ports: - http: 7946 - ## @param loki.gossipRing.service.annotations Additional custom annotations for Gossip Ring headless service - ## - annotations: {} -## @section Compactor Deployment Parameters -## -compactor: - ## @param compactor.enabled Enable Compactor deployment - ## - enabled: true - ## @param compactor.extraEnvVars Array with extra environment variables to add to compactor nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param compactor.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for compactor nodes - ## - extraEnvVarsCM: "" - ## @param compactor.extraEnvVarsSecret Name of existing Secret containing extra env vars for compactor nodes - ## - extraEnvVarsSecret: "" - ## @param compactor.command Override default container command (useful when using custom images) - ## - command: [] - ## @param compactor.args Override default container args (useful when using custom images) - ## - args: [] - ## @param compactor.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled) - ## - extraArgs: [] - ## @param compactor.replicaCount Number of Compactor replicas to deploy - ## - replicaCount: 1 - ## Configure extra options for Compactor containers' liveness, readiness and startup probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes - ## @param compactor.livenessProbe.enabled Enable livenessProbe on Compactor nodes - ## @param compactor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param compactor.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param compactor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param compactor.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param compactor.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param compactor.readinessProbe.enabled Enable readinessProbe on Compactor nodes - ## @param compactor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param compactor.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param compactor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param compactor.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param compactor.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param compactor.startupProbe.enabled Enable startupProbe on Compactor containers - ## @param compactor.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param compactor.startupProbe.periodSeconds Period seconds for startupProbe - ## @param compactor.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param compactor.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param compactor.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - ## @param compactor.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param compactor.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param compactor.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## compactor resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param compactor.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if compactor.resources is set (compactor.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param compactor.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param compactor.podSecurityContext.enabled Enabled Compactor pods' Security Context - ## @param compactor.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param compactor.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param compactor.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param compactor.podSecurityContext.fsGroup Set Compactor pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param compactor.containerSecurityContext.enabled Enable containers' Security Context - ## @param compactor.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param compactor.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param compactor.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param compactor.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param compactor.containerSecurityContext.privileged Set container's Security Context privileged - ## @param compactor.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param compactor.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param compactor.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param compactor.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## @param compactor.lifecycleHooks for the compactor container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param compactor.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: false - ## @param compactor.hostAliases compactor pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param compactor.podLabels Extra labels for compactor pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param compactor.podAnnotations Annotations for compactor pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param compactor.podAffinityPreset Pod affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param compactor.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node compactor.affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param compactor.nodeAffinityPreset.type Node affinity preset type. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param compactor.nodeAffinityPreset.key Node label key to match. Ignored if `compactor.affinity` is set - ## - key: "" - ## @param compactor.nodeAffinityPreset.values Node label values to match. Ignored if `compactor.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param compactor.affinity Affinity for Compactor pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `compactor.podAffinityPreset`, `compactor.podAntiAffinityPreset`, and `compactor.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param compactor.nodeSelector Node labels for Compactor pods assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param compactor.tolerations Tolerations for Compactor pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param compactor.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods - ## - topologySpreadConstraints: [] - ## @param compactor.priorityClassName Compactor pods' priorityClassName - ## - priorityClassName: "" - ## @param compactor.schedulerName Kubernetes pod scheduler registry - ## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param compactor.updateStrategy.type Compactor statefulset strategy type - ## @param compactor.updateStrategy.rollingUpdate [object,nullable] Compactor statefulset rolling update configuration parameters - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - type: RollingUpdate - rollingUpdate: null - ## @param compactor.extraVolumes Optionally specify extra list of additional volumes for the Compactor pod(s) - ## - extraVolumes: [] - ## @param compactor.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Compactor container(s) - ## - extraVolumeMounts: [] - ## @param compactor.sidecars Add additional sidecar containers to the Compactor pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param compactor.initContainers Add additional init containers to the Compactor pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Enable persistence using Persistent Volume Claims - ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ - ## - persistence: - ## @param compactor.persistence.enabled Enable persistence in Compactor instances - ## - enabled: true - ## @param compactor.persistence.existingClaim Name of an existing PVC to use - ## - existingClaim: "" - ## @param compactor.persistence.storageClass PVC Storage Class for Memcached data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param compactor.persistence.accessModes PVC Access modes - ## - accessModes: - - ReadWriteOnce - ## @param compactor.persistence.size PVC Storage Request for Memcached data volume - ## - size: 8Gi - ## @param compactor.persistence.annotations Additional PVC annotations - ## - annotations: {} - ## @param compactor.persistence.selector Selector to match an existing Persistent Volume for Compactor's data PVC - ## If set, the PVC can't have a PV dynamically provisioned for it - ## E.g. - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param compactor.persistence.dataSource PVC data source - ## - dataSource: {} - ## @section Compactor Traffic Exposure Parameters - ## - - ## compactor service parameters - ## - service: - ## @param compactor.service.type Compactor service type - ## - type: ClusterIP - ## @param compactor.service.ports.http Compactor HTTP service port - ## @param compactor.service.ports.grpc Compactor gRPC service port - ## - ports: - http: 3100 - grpc: 9095 - ## Node ports to expose - ## NOTE: choose port between <30000-32767> - ## @param compactor.service.nodePorts.http Node port for HTTP - ## - nodePorts: - http: "" - ## @param compactor.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param compactor.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ - ## - sessionAffinity: None - ## @param compactor.service.clusterIP Compactor service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param compactor.service.loadBalancerIP Compactor service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param compactor.service.loadBalancerSourceRanges Compactor service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param compactor.service.externalTrafficPolicy Compactor service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param compactor.service.annotations Additional custom annotations for Compactor service - ## - annotations: {} - ## @param compactor.service.extraPorts Extra ports to expose in the Compactor service - ## - extraPorts: [] - ## Network Policies - ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ - ## - networkPolicy: - ## @param compactor.networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param compactor.networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param compactor.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param compactor.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param compactor.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param compactor.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param compactor.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## @section Gateway Deployment Parameters -## -gateway: - ## @param gateway.enabled Enable Gateway deployment - ## - enabled: true - ## Bitnami Nginx image - ## ref: https://hub.docker.com/r/bitnami/grafana-nginx/tags/ - ## @param gateway.image.registry [default: REGISTRY_NAME] Nginx image registry - ## @param gateway.image.repository [default: REPOSITORY_NAME/nginx] Nginx image repository - ## @skip gateway.image.tag Nginx image tag (immutable tags are recommended) - ## @param gateway.image.digest Nginx image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param gateway.image.pullPolicy Nginx image pull policy - ## @param gateway.image.pullSecrets Nginx image pull secrets - ## @param gateway.image.debug Enable debugging in the initialization process - ## - image: - registry: docker.io - repository: bitnami/nginx - tag: 1.25.5-debian-12-r0 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - debug: false - ## @param gateway.extraEnvVars Array with extra environment variables to add to gateway nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param gateway.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for gateway nodes - ## - extraEnvVarsCM: "" - ## @param gateway.extraEnvVarsSecret Name of existing Secret containing extra env vars for gateway nodes - ## - extraEnvVarsSecret: "" - ## @param gateway.command Override default container command (useful when using custom images) - ## - command: [] - ## @param gateway.args Override default container args (useful when using custom images) - ## - args: [] - ## @param gateway.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled) - ## - extraArgs: [] - ## @param gateway.verboseLogging Show the gateway access_log - ## - verboseLogging: false - ## @param gateway.replicaCount Number of Gateway replicas to deploy - ## - replicaCount: 1 - ## @param gateway.auth.enabled Enable basic auth - ## @param gateway.auth.username Basic auth username - ## @param gateway.auth.password Basic auth password - ## @param gateway.auth.existingSecret Name of a secret containing the Basic auth password - ## - auth: - enabled: false - username: "user" - password: "" - existingSecret: "" - ## Configure extra options for Gateway containers' liveness, readiness and startup probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes - ## @param gateway.livenessProbe.enabled Enable livenessProbe on Gateway nodes - ## @param gateway.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param gateway.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param gateway.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param gateway.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param gateway.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param gateway.readinessProbe.enabled Enable readinessProbe on Gateway nodes - ## @param gateway.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param gateway.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param gateway.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param gateway.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param gateway.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param gateway.startupProbe.enabled Enable startupProbe on Gateway containers - ## @param gateway.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param gateway.startupProbe.periodSeconds Period seconds for startupProbe - ## @param gateway.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param gateway.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param gateway.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - ## @param gateway.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param gateway.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param gateway.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param gateway.containerPorts.http Gateway HTTP port - ## - containerPorts: - http: 8080 - ## gateway resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param gateway.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if gateway.resources is set (gateway.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param gateway.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param gateway.podSecurityContext.enabled Enabled Gateway pods' Security Context - ## @param gateway.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param gateway.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param gateway.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param gateway.podSecurityContext.fsGroup Set Gateway pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param gateway.containerSecurityContext.enabled Enabled containers' Security Context - ## @param gateway.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param gateway.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param gateway.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param gateway.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param gateway.containerSecurityContext.privileged Set container's Security Context privileged - ## @param gateway.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param gateway.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param gateway.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param gateway.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## @param gateway.lifecycleHooks for the gateway container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param gateway.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: false - ## @param gateway.hostAliases gateway pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param gateway.podLabels Extra labels for gateway pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param gateway.podAnnotations Annotations for gateway pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param gateway.podAffinityPreset Pod affinity preset. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param gateway.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node gateway.affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param gateway.nodeAffinityPreset.type Node affinity preset type. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param gateway.nodeAffinityPreset.key Node label key to match. Ignored if `gateway.affinity` is set - ## - key: "" - ## @param gateway.nodeAffinityPreset.values Node label values to match. Ignored if `gateway.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param gateway.affinity Affinity for Gateway pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `gateway.podAffinityPreset`, `gateway.podAntiAffinityPreset`, and `gateway.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param gateway.nodeSelector Node labels for Gateway pods assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param gateway.tolerations Tolerations for Gateway pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param gateway.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods - ## - topologySpreadConstraints: [] - ## @param gateway.priorityClassName Gateway pods' priorityClassName - ## - priorityClassName: "" - ## @param gateway.schedulerName Kubernetes pod scheduler registry - ## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param gateway.updateStrategy.type Gateway statefulset strategy type - ## @param gateway.updateStrategy.rollingUpdate [object,nullable] Gateway statefulset rolling update configuration parameters - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - type: RollingUpdate - rollingUpdate: null - ## @param gateway.extraVolumes Optionally specify extra list of additional volumes for the Gateway pod(s) - ## - extraVolumes: [] - ## @param gateway.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Gateway container(s) - ## - extraVolumeMounts: [] - ## @param gateway.sidecars Add additional sidecar containers to the Gateway pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param gateway.initContainers Add additional init containers to the Gateway pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## @section Gateway Traffic Exposure Parameters - ## - - ## gateway service parameters - ## - service: - ## @param gateway.service.type Gateway service type - ## - type: ClusterIP - ## @param gateway.service.ports.http Gateway HTTP service port - ## - ports: - http: 80 - ## Node ports to expose - ## NOTE: choose port between <30000-32767> - ## @param gateway.service.nodePorts.http Node port for HTTP - ## - nodePorts: - http: "" - ## @param gateway.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param gateway.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ - ## - sessionAffinity: None - ## @param gateway.service.clusterIP Gateway service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param gateway.service.loadBalancerIP Gateway service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param gateway.service.loadBalancerSourceRanges Gateway service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param gateway.service.externalTrafficPolicy Gateway service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param gateway.service.annotations Additional custom annotations for Gateway service - ## - annotations: {} - ## @param gateway.service.extraPorts Extra ports to expose in the Gateway service - ## - extraPorts: [] - ## Network Policies - ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ - ## - networkPolicy: - ## @param gateway.networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param gateway.networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param gateway.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param gateway.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param gateway.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param gateway.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param gateway.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} - ## Configure the ingress resource that allows you to access the Loki Gateway installation - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ - ## - ingress: - ## @param gateway.ingress.enabled Enable ingress record generation for Loki Gateway - ## - enabled: false - ## @param gateway.ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param gateway.ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param gateway.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "" - ## @param gateway.ingress.hostname Default host for the ingress record - ## - hostname: grafana-loki.local - ## @param gateway.ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers - ## - path: / - ## @param gateway.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md - ## Use this parameter to set the required annotations for cert-manager, see - ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations - ## - ## e.g: - ## annotations: - ## kubernetes.io/ingress.class: nginx - ## cert-manager.io/cluster-issuer: cluster-issuer-name - ## - annotations: {} - ## @param gateway.ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Rely on cert-manager to create it by setting the corresponding annotations - ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## - tls: false - ## @param gateway.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## - selfSigned: false - ## @param gateway.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: Loki Gateway.local - ## path: / - ## - extraHosts: [] - ## @param gateway.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host - ## e.g: - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param gateway.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## e.g: - ## extraTls: - ## - hosts: - ## - Loki Gateway.local - ## secretName: Loki Gateway.local-tls - ## - extraTls: [] - ## @param gateway.ingress.secrets Custom TLS certificates as secrets - ## NOTE: 'key' and 'certificate' are expected in PEM format - ## NOTE: 'name' should line up with a 'secretName' set further up - ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## secrets: - ## - name: Loki Gateway.local-tls - ## key: |- - ## -----BEGIN RSA PRIVATE KEY----- - ## ... - ## -----END RSA PRIVATE KEY----- - ## certificate: |- - ## -----BEGIN CERTIFICATE----- - ## ... - ## -----END CERTIFICATE----- - ## - secrets: [] -## @section index-gateway Deployment Parameters -## -indexGateway: - ## @param indexGateway.enabled Enable index-gateway deployment - ## - enabled: false - ## @param indexGateway.extraEnvVars Array with extra environment variables to add to indexGateway nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param indexGateway.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for indexGateway nodes - ## - extraEnvVarsCM: "" - ## @param indexGateway.extraEnvVarsSecret Name of existing Secret containing extra env vars for indexGateway nodes - ## - extraEnvVarsSecret: "" - ## @param indexGateway.command Override default container command (useful when using custom images) - ## - command: [] - ## @param indexGateway.args Override default container args (useful when using custom images) - ## - args: [] - ## @param indexGateway.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled) - ## - extraArgs: [] - ## @param indexGateway.replicaCount Number of index-gateway replicas to deploy - ## - replicaCount: 1 - ## @param indexGateway.podManagementPolicy podManagementPolicy to manage scaling operation - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies - ## - podManagementPolicy: "" - ## Configure extra options for index-gateway containers' liveness, readiness and startup probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes - ## @param indexGateway.livenessProbe.enabled Enable livenessProbe on index-gateway nodes - ## @param indexGateway.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param indexGateway.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param indexGateway.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param indexGateway.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param indexGateway.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param indexGateway.readinessProbe.enabled Enable readinessProbe on index-gateway nodes - ## @param indexGateway.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param indexGateway.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param indexGateway.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param indexGateway.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param indexGateway.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param indexGateway.startupProbe.enabled Enable startupProbe on index-gateway containers - ## @param indexGateway.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param indexGateway.startupProbe.periodSeconds Period seconds for startupProbe - ## @param indexGateway.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param indexGateway.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param indexGateway.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - ## @param indexGateway.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param indexGateway.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param indexGateway.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## indexGateway resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param indexGateway.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if indexGateway.resources is set (indexGateway.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param indexGateway.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param indexGateway.podSecurityContext.enabled Enabled index-gateway pods' Security Context - ## @param indexGateway.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param indexGateway.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param indexGateway.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param indexGateway.podSecurityContext.fsGroup Set index-gateway pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param indexGateway.containerSecurityContext.enabled Enabled containers' Security Context - ## @param indexGateway.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param indexGateway.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param indexGateway.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param indexGateway.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param indexGateway.containerSecurityContext.privileged Set container's Security Context privileged - ## @param indexGateway.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param indexGateway.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param indexGateway.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param indexGateway.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## @param indexGateway.lifecycleHooks for the indexGateway container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param indexGateway.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: false - ## @param indexGateway.hostAliases indexGateway pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param indexGateway.podLabels Extra labels for indexGateway pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param indexGateway.podAnnotations Annotations for indexGateway pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param indexGateway.podAffinityPreset Pod affinity preset. Ignored if `indexGateway.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param indexGateway.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `indexGateway.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node indexGateway.affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param indexGateway.nodeAffinityPreset.type Node affinity preset type. Ignored if `indexGateway.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param indexGateway.nodeAffinityPreset.key Node label key to match. Ignored if `indexGateway.affinity` is set - ## - key: "" - ## @param indexGateway.nodeAffinityPreset.values Node label values to match. Ignored if `indexGateway.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param indexGateway.affinity Affinity for index-gateway pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `indexGateway.podAffinityPreset`, `indexGateway.podAntiAffinityPreset`, and `indexGateway.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param indexGateway.nodeSelector Node labels for index-gateway pods assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param indexGateway.tolerations Tolerations for index-gateway pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param indexGateway.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods - ## - topologySpreadConstraints: [] - ## @param indexGateway.priorityClassName index-gateway pods' priorityClassName - ## - priorityClassName: "" - ## @param indexGateway.schedulerName Kubernetes pod scheduler registry - ## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param indexGateway.updateStrategy.type index-gateway statefulset strategy type - ## @param indexGateway.updateStrategy.rollingUpdate [object,nullable] index-gateway statefulset rolling update configuration parameters - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - type: RollingUpdate - rollingUpdate: null - ## @param indexGateway.extraVolumes Optionally specify extra list of additional volumes for the index-gateway pod(s) - ## - extraVolumes: [] - ## @param indexGateway.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the index-gateway container(s) - ## - extraVolumeMounts: [] - ## @param indexGateway.sidecars Add additional sidecar containers to the index-gateway pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param indexGateway.initContainers Add additional init containers to the index-gateway pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## @section index-gateway Persistence Parameters - ## - - ## Enable persistence using Persistent Volume Claims - ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ - ## - persistence: - ## @param indexGateway.persistence.enabled Enable persistence in index-gateway instances - ## - enabled: false - ## @param indexGateway.persistence.storageClass PVC Storage Class for index-gateway's data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param indexGateway.persistence.subPath The subdirectory of the volume to mount to - ## - subPath: "" - ## @param indexGateway.persistence.accessModes PVC Access modes - ## - accessModes: - - ReadWriteOnce - ## @param indexGateway.persistence.size PVC Storage Request for index-gateway's data volume - ## - size: 8Gi - ## @param indexGateway.persistence.annotations Additional PVC annotations - ## - annotations: {} - ## @param indexGateway.persistence.selector Selector to match an existing Persistent Volume for index-gateway's data PVC - ## If set, the PVC can't have a PV dynamically provisioned for it - ## E.g. - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @section index-gateway Traffic Exposure Parameters - ## - - ## indexGateway service parameters - ## - service: - ## @param indexGateway.service.type index-gateway service type - ## - type: ClusterIP - ## @param indexGateway.service.ports.http index-gateway HTTP service port - ## @param indexGateway.service.ports.grpc index-gateway GRPC service port - ## - ports: - http: 3100 - grpc: 9095 - ## Node ports to expose - ## NOTE: choose port between <30000-32767> - ## @param indexGateway.service.nodePorts.http Node port for HTTP - ## @param indexGateway.service.nodePorts.grpc Node port for GRPC - ## - nodePorts: - http: "" - grpc: "" - ## @param indexGateway.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param indexGateway.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ - ## - sessionAffinity: None - ## @param indexGateway.service.clusterIP index-gateway service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param indexGateway.service.loadBalancerIP index-gateway service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param indexGateway.service.loadBalancerSourceRanges index-gateway service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param indexGateway.service.externalTrafficPolicy index-gateway service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param indexGateway.service.annotations Additional custom annotations for index-gateway service - ## - annotations: {} - ## @param indexGateway.service.extraPorts Extra ports to expose in the index-gateway service - ## - extraPorts: [] - ## Network Policies - ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ - ## - networkPolicy: - ## @param indexGateway.networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param indexGateway.networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param indexGateway.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param indexGateway.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param indexGateway.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param indexGateway.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param indexGateway.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## @section Distributor Deployment Parameters -## -distributor: - ## @param distributor.extraEnvVars Array with extra environment variables to add to distributor nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param distributor.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for distributor nodes - ## - extraEnvVarsCM: "" - ## @param distributor.extraEnvVarsSecret Name of existing Secret containing extra env vars for distributor nodes - ## - extraEnvVarsSecret: "" - ## @param distributor.command Override default container command (useful when using custom images) - ## - command: [] - ## @param distributor.args Override default container args (useful when using custom images) - ## - args: [] - ## @param distributor.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled) - ## - extraArgs: [] - ## @param distributor.replicaCount Number of Distributor replicas to deploy - ## - replicaCount: 1 - ## Configure extra options for Distributor containers' liveness, readiness and startup probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes - ## @param distributor.livenessProbe.enabled Enable livenessProbe on Distributor nodes - ## @param distributor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param distributor.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param distributor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param distributor.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param distributor.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param distributor.readinessProbe.enabled Enable readinessProbe on Distributor nodes - ## @param distributor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param distributor.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param distributor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param distributor.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param distributor.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param distributor.startupProbe.enabled Enable startupProbe on Distributor containers - ## @param distributor.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param distributor.startupProbe.periodSeconds Period seconds for startupProbe - ## @param distributor.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param distributor.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param distributor.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - ## @param distributor.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param distributor.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param distributor.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## distributor resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param distributor.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if distributor.resources is set (distributor.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param distributor.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param distributor.podSecurityContext.enabled Enabled Distributor pods' Security Context - ## @param distributor.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param distributor.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param distributor.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param distributor.podSecurityContext.fsGroup Set Distributor pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param distributor.containerSecurityContext.enabled Enabled containers' Security Context - ## @param distributor.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param distributor.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param distributor.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param distributor.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param distributor.containerSecurityContext.privileged Set container's Security Context privileged - ## @param distributor.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param distributor.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param distributor.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param distributor.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## @param distributor.lifecycleHooks for the distributor container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param distributor.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: false - ## @param distributor.hostAliases distributor pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param distributor.podLabels Extra labels for distributor pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param distributor.podAnnotations Annotations for distributor pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param distributor.podAffinityPreset Pod affinity preset. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param distributor.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node distributor.affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param distributor.nodeAffinityPreset.type Node affinity preset type. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param distributor.nodeAffinityPreset.key Node label key to match. Ignored if `distributor.affinity` is set - ## - key: "" - ## @param distributor.nodeAffinityPreset.values Node label values to match. Ignored if `distributor.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param distributor.affinity Affinity for Distributor pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `distributor.podAffinityPreset`, `distributor.podAntiAffinityPreset`, and `distributor.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param distributor.nodeSelector Node labels for Distributor pods assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param distributor.tolerations Tolerations for Distributor pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param distributor.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods - ## - topologySpreadConstraints: [] - ## @param distributor.priorityClassName Distributor pods' priorityClassName - ## - priorityClassName: "" - ## @param distributor.schedulerName Kubernetes pod scheduler registry - ## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param distributor.updateStrategy.type Distributor statefulset strategy type - ## @param distributor.updateStrategy.rollingUpdate [object,nullable] Distributor statefulset rolling update configuration parameters - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - type: RollingUpdate - rollingUpdate: null - ## @param distributor.extraVolumes Optionally specify extra list of additional volumes for the Distributor pod(s) - ## - extraVolumes: [] - ## @param distributor.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Distributor container(s) - ## - extraVolumeMounts: [] - ## @param distributor.sidecars Add additional sidecar containers to the Distributor pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param distributor.initContainers Add additional init containers to the Distributor pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## @section Distributor Traffic Exposure Parameters - ## - - ## distributor service parameters - ## - service: - ## @param distributor.service.type Distributor service type - ## - type: ClusterIP - ## @param distributor.service.ports.http Distributor HTTP service port - ## @param distributor.service.ports.grpc Distributor GRPC service port - ## - ports: - http: 3100 - grpc: 9095 - ## Node ports to expose - ## NOTE: choose port between <30000-32767> - ## @param distributor.service.nodePorts.http Node port for HTTP - ## @param distributor.service.nodePorts.grpc Node port for GRPC - ## - nodePorts: - http: "" - grpc: "" - ## @param distributor.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param distributor.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ - ## - sessionAffinity: None - ## @param distributor.service.clusterIP Distributor service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param distributor.service.loadBalancerIP Distributor service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param distributor.service.loadBalancerSourceRanges Distributor service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param distributor.service.externalTrafficPolicy Distributor service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param distributor.service.annotations Additional custom annotations for Distributor service - ## - annotations: {} - ## @param distributor.service.extraPorts Extra ports to expose in the Distributor service - ## - extraPorts: [] - ## Network Policies - ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ - ## - networkPolicy: - ## @param distributor.networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param distributor.networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param distributor.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param distributor.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param distributor.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param distributor.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param distributor.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## @section Ingester Deployment Parameters -## -ingester: - ## @param ingester.extraEnvVars Array with extra environment variables to add to ingester nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param ingester.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for ingester nodes - ## - extraEnvVarsCM: "" - ## @param ingester.extraEnvVarsSecret Name of existing Secret containing extra env vars for ingester nodes - ## - extraEnvVarsSecret: "" - ## @param ingester.command Override default container command (useful when using custom images) - ## - command: [] - ## @param ingester.args Override default container args (useful when using custom images) - ## - args: [] - ## @param ingester.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled) - ## - extraArgs: [] - ## @param ingester.replicaCount Number of Ingester replicas to deploy - ## - replicaCount: 1 - ## Configure extra options for Ingester containers' liveness, readiness and startup probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes - ## @param ingester.livenessProbe.enabled Enable livenessProbe on Ingester nodes - ## @param ingester.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param ingester.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param ingester.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param ingester.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param ingester.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param ingester.readinessProbe.enabled Enable readinessProbe on Ingester nodes - ## @param ingester.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param ingester.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param ingester.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param ingester.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param ingester.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param ingester.startupProbe.enabled Enable startupProbe on Ingester containers - ## @param ingester.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param ingester.startupProbe.periodSeconds Period seconds for startupProbe - ## @param ingester.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param ingester.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param ingester.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - ## @param ingester.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param ingester.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param ingester.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param ingester.lifecycleHooks for the ingester container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## ingester resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param ingester.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ingester.resources is set (ingester.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "micro" - ## @param ingester.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param ingester.podSecurityContext.enabled Enabled Ingester pods' Security Context - ## @param ingester.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param ingester.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param ingester.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param ingester.podSecurityContext.fsGroup Set Ingester pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param ingester.containerSecurityContext.enabled Enabled containers' Security Context - ## @param ingester.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param ingester.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param ingester.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param ingester.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param ingester.containerSecurityContext.privileged Set container's Security Context privileged - ## @param ingester.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param ingester.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param ingester.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param ingester.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## @param ingester.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: false - ## @param ingester.hostAliases ingester pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param ingester.podLabels Extra labels for ingester pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param ingester.podAnnotations Annotations for ingester pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param ingester.podAffinityPreset Pod affinity preset. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param ingester.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node ingester.affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param ingester.nodeAffinityPreset.type Node affinity preset type. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param ingester.nodeAffinityPreset.key Node label key to match. Ignored if `ingester.affinity` is set - ## - key: "" - ## @param ingester.nodeAffinityPreset.values Node label values to match. Ignored if `ingester.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param ingester.affinity Affinity for ingester pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `ingester.podAffinityPreset`, `ingester.podAntiAffinityPreset`, and `ingester.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param ingester.nodeSelector Node labels for Ingester pods assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param ingester.tolerations Tolerations for Ingester pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param ingester.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods - ## - topologySpreadConstraints: [] - ## @param ingester.podManagementPolicy podManagementPolicy to manage scaling operation - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies - ## - podManagementPolicy: "" - ## @param ingester.priorityClassName Ingester pods' priorityClassName - ## - priorityClassName: "" - ## @param ingester.schedulerName Kubernetes pod scheduler registry - ## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param ingester.updateStrategy.type Ingester statefulset strategy type - ## @param ingester.updateStrategy.rollingUpdate [object,nullable] Ingester statefulset rolling update configuration parameters - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - type: RollingUpdate - rollingUpdate: null - ## @param ingester.extraVolumes Optionally specify extra list of additional volumes for the Ingester pod(s) - ## - extraVolumes: [] - ## @param ingester.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the ingester container(s) - ## - extraVolumeMounts: [] - ## @param ingester.sidecars Add additional sidecar containers to the Ingester pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param ingester.initContainers Add additional init containers to the Ingester pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## @section Ingester Persistence Parameters - ## - - ## Enable persistence using Persistent Volume Claims - ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ - ## - persistence: - ## @param ingester.persistence.enabled Enable persistence in Ingester instances - ## - enabled: true - ## @param ingester.persistence.storageClass PVC Storage Class for Memcached data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param ingester.persistence.subPath The subdirectory of the volume to mount to - ## - subPath: "" - ## @param ingester.persistence.accessModes PVC Access modes - ## - accessModes: - - ReadWriteOnce - ## @param ingester.persistence.size PVC Storage Request for Memcached data volume - ## - size: 8Gi - ## @param ingester.persistence.annotations Additional PVC annotations - ## - annotations: {} - ## @param ingester.persistence.selector Selector to match an existing Persistent Volume for Ingester's data PVC - ## If set, the PVC can't have a PV dynamically provisioned for it - ## E.g. - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @section Ingester Traffic Exposure Parameters - ## - - ## ingester service parameters - ## - service: - ## @param ingester.service.type Ingester service type - ## - type: ClusterIP - ## @param ingester.service.ports.http Ingester HTTP service port - ## @param ingester.service.ports.grpc Ingester GRPC service port - ## - ports: - http: 3100 - grpc: 9095 - ## Node ports to expose - ## NOTE: choose port between <30000-32767> - ## @param ingester.service.nodePorts.http Node port for HTTP - ## @param ingester.service.nodePorts.grpc Node port for GRPC - ## - nodePorts: - http: "" - grpc: "" - ## @param ingester.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param ingester.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ - ## - sessionAffinity: None - ## @param ingester.service.clusterIP Ingester service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param ingester.service.loadBalancerIP Ingester service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param ingester.service.loadBalancerSourceRanges Ingester service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param ingester.service.externalTrafficPolicy Ingester service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param ingester.service.annotations Additional custom annotations for Ingester service - ## - annotations: {} - ## @param ingester.service.extraPorts Extra ports to expose in the Ingester service - ## - extraPorts: [] - ## Network Policies - ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ - ## - networkPolicy: - ## @param ingester.networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param ingester.networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param ingester.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param ingester.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param ingester.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param ingester.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param ingester.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## @section Querier Deployment Parameters -## -querier: - ## @param querier.replicaCount Number of Querier replicas to deploy - ## - replicaCount: 1 - ## @param querier.extraEnvVars Array with extra environment variables to add to Querier nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param querier.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Querier nodes - ## - extraEnvVarsCM: "" - ## @param querier.extraEnvVarsSecret Name of existing Secret containing extra env vars for Querier nodes - ## - extraEnvVarsSecret: "" - ## @param querier.command Override default container command (useful when using custom images) - ## - command: [] - ## @param querier.args Override default container args (useful when using custom images) - ## - args: [] - ## @param querier.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled) - ## - extraArgs: [] - ## @param querier.podManagementPolicy podManagementPolicy to manage scaling operation - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies - ## - podManagementPolicy: "" - ## Configure extra options for Querier containers' liveness, readiness and startup probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes - ## @param querier.livenessProbe.enabled Enable livenessProbe on Querier nodes - ## @param querier.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param querier.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param querier.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param querier.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param querier.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param querier.readinessProbe.enabled Enable readinessProbe on Querier nodes - ## @param querier.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param querier.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param querier.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param querier.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param querier.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param querier.startupProbe.enabled Enable startupProbe on Querier containers - ## @param querier.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param querier.startupProbe.periodSeconds Period seconds for startupProbe - ## @param querier.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param querier.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param querier.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - ## @param querier.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param querier.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param querier.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## querier resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param querier.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if querier.resources is set (querier.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param querier.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param querier.podSecurityContext.enabled Enabled Querier pods' Security Context - ## @param querier.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param querier.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param querier.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param querier.podSecurityContext.fsGroup Set Querier pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param querier.containerSecurityContext.enabled Enabled containers' Security Context - ## @param querier.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param querier.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param querier.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param querier.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param querier.containerSecurityContext.privileged Set container's Security Context privileged - ## @param querier.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param querier.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param querier.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param querier.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## @param querier.lifecycleHooks for the Querier container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param querier.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: false - ## @param querier.hostAliases querier pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param querier.podLabels Extra labels for querier pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param querier.podAnnotations Annotations for querier pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param querier.podAffinityPreset Pod affinity preset. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param querier.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node querier.affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param querier.nodeAffinityPreset.type Node affinity preset type. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param querier.nodeAffinityPreset.key Node label key to match. Ignored if `querier.affinity` is set - ## - key: "" - ## @param querier.nodeAffinityPreset.values Node label values to match. Ignored if `querier.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param querier.affinity Affinity for Querier pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `querier.podAffinityPreset`, `querier.podAntiAffinityPreset`, and `querier.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param querier.nodeSelector Node labels for Querier pods assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param querier.tolerations Tolerations for Querier pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param querier.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods - ## - topologySpreadConstraints: [] - ## @param querier.priorityClassName Querier pods' priorityClassName - ## - priorityClassName: "" - ## @param querier.schedulerName Kubernetes pod scheduler registry - ## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param querier.updateStrategy.type Querier statefulset strategy type - ## @param querier.updateStrategy.rollingUpdate [object,nullable] Querier statefulset rolling update configuration parameters - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - type: RollingUpdate - rollingUpdate: null - ## @param querier.extraVolumes Optionally specify extra list of additional volumes for the Querier pod(s) - ## - extraVolumes: [] - ## @param querier.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the querier container(s) - ## - extraVolumeMounts: [] - ## @param querier.sidecars Add additional sidecar containers to the Querier pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param querier.initContainers Add additional init containers to the Querier pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## @section Querier Persistence Parameters - ## - - ## Enable persistence using Persistent Volume Claims - ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ - ## - persistence: - ## @param querier.persistence.enabled Enable persistence in Querier instances - ## - enabled: true - ## @param querier.persistence.storageClass PVC Storage Class for Memcached data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param querier.persistence.subPath The subdirectory of the volume to mount to - ## - subPath: "" - ## @param querier.persistence.accessModes PVC Access modes - ## - accessModes: - - ReadWriteOnce - ## @param querier.persistence.size PVC Storage Request for Memcached data volume - ## - size: 8Gi - ## @param querier.persistence.annotations Additional PVC annotations - ## - annotations: {} - ## @param querier.persistence.selector Selector to match an existing Persistent Volume for Querier's data PVC - ## If set, the PVC can't have a PV dynamically provisioned for it - ## E.g. - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @section Querier Traffic Exposure Parameters - ## - - ## querier service parameters - ## - service: - ## @param querier.service.type Querier service type - ## - type: ClusterIP - ## @param querier.service.ports.http Querier HTTP service port - ## @param querier.service.ports.grpc Querier GRPC service port - ## - ports: - http: 3100 - grpc: 9095 - ## Node ports to expose - ## NOTE: choose port between <30000-32767> - ## @param querier.service.nodePorts.http Node port for HTTP - ## @param querier.service.nodePorts.grpc Node port for GRPC - ## - nodePorts: - http: "" - grpc: "" - ## @param querier.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param querier.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ - ## - sessionAffinity: None - ## @param querier.service.clusterIP Querier service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param querier.service.loadBalancerIP Querier service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param querier.service.loadBalancerSourceRanges Querier service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param querier.service.externalTrafficPolicy Querier service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param querier.service.annotations Additional custom annotations for Querier service - ## - annotations: {} - ## @param querier.service.extraPorts Extra ports to expose in the Querier service - ## - extraPorts: [] - ## Network Policies - ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ - ## - networkPolicy: - ## @param querier.networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param querier.networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param querier.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param querier.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param querier.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param querier.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param querier.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## @section Query Frontend Deployment Parameters -## -queryFrontend: - ## @param queryFrontend.extraEnvVars Array with extra environment variables to add to queryFrontend nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param queryFrontend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for queryFrontend nodes - ## - extraEnvVarsCM: "" - ## @param queryFrontend.extraEnvVarsSecret Name of existing Secret containing extra env vars for queryFrontend nodes - ## - extraEnvVarsSecret: "" - ## @param queryFrontend.command Override default container command (useful when using custom images) - ## - command: [] - ## @param queryFrontend.args Override default container args (useful when using custom images) - ## - args: [] - ## @param queryFrontend.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled) - ## - extraArgs: [] - ## @param queryFrontend.replicaCount Number of queryFrontend replicas to deploy - ## - replicaCount: 1 - ## Configure extra options for queryFrontend containers' liveness, readiness and startup probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes - ## @param queryFrontend.livenessProbe.enabled Enable livenessProbe on queryFrontend nodes - ## @param queryFrontend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param queryFrontend.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param queryFrontend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param queryFrontend.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param queryFrontend.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param queryFrontend.readinessProbe.enabled Enable readinessProbe on queryFrontend nodes - ## @param queryFrontend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param queryFrontend.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param queryFrontend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param queryFrontend.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param queryFrontend.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param queryFrontend.startupProbe.enabled Enable startupProbe on queryFrontend containers - ## @param queryFrontend.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param queryFrontend.startupProbe.periodSeconds Period seconds for startupProbe - ## @param queryFrontend.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param queryFrontend.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param queryFrontend.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - ## @param queryFrontend.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param queryFrontend.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param queryFrontend.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## queryFrontend resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param queryFrontend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if queryFrontend.resources is set (queryFrontend.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param queryFrontend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param queryFrontend.podSecurityContext.enabled Enabled queryFrontend pods' Security Context - ## @param queryFrontend.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param queryFrontend.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param queryFrontend.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param queryFrontend.podSecurityContext.fsGroup Set queryFrontend pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param queryFrontend.containerSecurityContext.enabled Enabled containers' Security Context - ## @param queryFrontend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param queryFrontend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param queryFrontend.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param queryFrontend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param queryFrontend.containerSecurityContext.privileged Set container's Security Context privileged - ## @param queryFrontend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param queryFrontend.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param queryFrontend.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param queryFrontend.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## @param queryFrontend.lifecycleHooks for the queryFrontend container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param queryFrontend.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: false - ## @param queryFrontend.hostAliases queryFrontend pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param queryFrontend.podLabels Extra labels for queryFrontend pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param queryFrontend.podAnnotations Annotations for queryFrontend pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param queryFrontend.podAffinityPreset Pod affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param queryFrontend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node queryFrontend.affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param queryFrontend.nodeAffinityPreset.type Node affinity preset type. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param queryFrontend.nodeAffinityPreset.key Node label key to match. Ignored if `queryFrontend.affinity` is set - ## - key: "" - ## @param queryFrontend.nodeAffinityPreset.values Node label values to match. Ignored if `queryFrontend.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param queryFrontend.affinity Affinity for queryFrontend pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `queryFrontend.podAffinityPreset`, `queryFrontend.podAntiAffinityPreset`, and `queryFrontend.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param queryFrontend.nodeSelector Node labels for queryFrontend pods assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param queryFrontend.tolerations Tolerations for queryFrontend pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param queryFrontend.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods - ## - topologySpreadConstraints: [] - ## @param queryFrontend.priorityClassName queryFrontend pods' priorityClassName - ## - priorityClassName: "" - ## @param queryFrontend.schedulerName Kubernetes pod scheduler registry - ## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param queryFrontend.updateStrategy.type queryFrontend statefulset strategy type - ## @param queryFrontend.updateStrategy.rollingUpdate [object,nullable] queryFrontend statefulset rolling update configuration parameters - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - type: RollingUpdate - rollingUpdate: null - ## @param queryFrontend.extraVolumes Optionally specify extra list of additional volumes for the queryFrontend pod(s) - ## - extraVolumes: [] - ## @param queryFrontend.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the queryFrontend container(s) - ## - extraVolumeMounts: [] - ## @param queryFrontend.sidecars Add additional sidecar containers to the queryFrontend pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param queryFrontend.initContainers Add additional init containers to the queryFrontend pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## @section Query Frontend Traffic Exposure Parameters - ## - - ## queryFrontend service parameters - ## - service: - ## @param queryFrontend.service.type queryFrontend service type - ## - type: ClusterIP - ## @param queryFrontend.service.ports.http queryFrontend HTTP service port - ## @param queryFrontend.service.ports.grpc queryFrontend GRPC service port - ## - ports: - http: 3100 - grpc: 9095 - ## Node ports to expose - ## NOTE: choose port between <30000-32767> - ## @param queryFrontend.service.nodePorts.http Node port for HTTP - ## @param queryFrontend.service.nodePorts.grpc Node port for GRPC - ## - nodePorts: - http: "" - grpc: "" - ## @param queryFrontend.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param queryFrontend.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ - ## - sessionAffinity: None - ## @param queryFrontend.service.clusterIP queryFrontend service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param queryFrontend.service.loadBalancerIP queryFrontend service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param queryFrontend.service.loadBalancerSourceRanges queryFrontend service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param queryFrontend.service.externalTrafficPolicy queryFrontend service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param queryFrontend.service.annotations Additional custom annotations for queryFrontend service - ## - annotations: {} - ## @param queryFrontend.service.extraPorts Extra ports to expose in the queryFrontend service - ## - extraPorts: [] - ## Headless service properties - ## - headless: - ## @param queryFrontend.service.headless.annotations Annotations for the headless service. - ## - annotations: {} - ## Network Policies - ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ - ## - networkPolicy: - ## @param queryFrontend.networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param queryFrontend.networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param queryFrontend.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param queryFrontend.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param queryFrontend.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param queryFrontend.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param queryFrontend.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## @section Query Scheduler Deployment Parameters -## -queryScheduler: - ## @param queryScheduler.extraEnvVars Array with extra environment variables to add to queryScheduler nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param queryScheduler.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for queryScheduler nodes - ## - extraEnvVarsCM: "" - ## @param queryScheduler.extraEnvVarsSecret Name of existing Secret containing extra env vars for queryScheduler nodes - ## - extraEnvVarsSecret: "" - ## @param queryScheduler.command Override default container command (useful when using custom images) - ## - command: [] - ## @param queryScheduler.args Override default container args (useful when using custom images) - ## - args: [] - ## @param queryScheduler.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled) - ## - extraArgs: [] - ## @param queryScheduler.replicaCount Number of queryScheduler replicas to deploy - ## - replicaCount: 1 - ## Configure extra options for queryScheduler containers' liveness, readiness and startup probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes - ## @param queryScheduler.livenessProbe.enabled Enable livenessProbe on queryScheduler nodes - ## @param queryScheduler.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param queryScheduler.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param queryScheduler.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param queryScheduler.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param queryScheduler.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param queryScheduler.minReadySeconds Minimum time to wait before performing readiness check - ## - minReadySeconds: 10 - ## @param queryScheduler.readinessProbe.enabled Enable readinessProbe on queryScheduler nodes - ## @param queryScheduler.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param queryScheduler.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param queryScheduler.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param queryScheduler.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param queryScheduler.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param queryScheduler.startupProbe.enabled Enable startupProbe on queryScheduler containers - ## @param queryScheduler.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param queryScheduler.startupProbe.periodSeconds Period seconds for startupProbe - ## @param queryScheduler.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param queryScheduler.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param queryScheduler.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - ## @param queryScheduler.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param queryScheduler.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param queryScheduler.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## queryScheduler resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param queryScheduler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if queryScheduler.resources is set (queryScheduler.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param queryScheduler.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param queryScheduler.podSecurityContext.enabled Enabled queryScheduler pods' Security Context - ## @param queryScheduler.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param queryScheduler.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param queryScheduler.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param queryScheduler.podSecurityContext.fsGroup Set queryScheduler pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param queryScheduler.containerSecurityContext.enabled Enabled containers' Security Context - ## @param queryScheduler.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param queryScheduler.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param queryScheduler.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param queryScheduler.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param queryScheduler.containerSecurityContext.privileged Set container's Security Context privileged - ## @param queryScheduler.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param queryScheduler.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param queryScheduler.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param queryScheduler.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## @param queryScheduler.lifecycleHooks for the queryScheduler container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param queryScheduler.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: false - ## @param queryScheduler.hostAliases queryScheduler pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param queryScheduler.podLabels Extra labels for queryScheduler pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param queryScheduler.podAnnotations Annotations for queryScheduler pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param queryScheduler.podAffinityPreset Pod affinity preset. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param queryScheduler.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node queryScheduler.affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param queryScheduler.nodeAffinityPreset.type Node affinity preset type. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param queryScheduler.nodeAffinityPreset.key Node label key to match. Ignored if `queryScheduler.affinity` is set - ## - key: "" - ## @param queryScheduler.nodeAffinityPreset.values Node label values to match. Ignored if `queryScheduler.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param queryScheduler.affinity Affinity for queryScheduler pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `queryScheduler.podAffinityPreset`, `queryScheduler.podAntiAffinityPreset`, and `queryScheduler.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param queryScheduler.nodeSelector Node labels for queryScheduler pods assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param queryScheduler.tolerations Tolerations for queryScheduler pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param queryScheduler.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods - ## - topologySpreadConstraints: [] - ## @param queryScheduler.priorityClassName queryScheduler pods' priorityClassName - ## - priorityClassName: "" - ## @param queryScheduler.schedulerName Kubernetes pod scheduler registry - ## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param queryScheduler.updateStrategy.type queryScheduler statefulset strategy type - ## @param queryScheduler.updateStrategy.rollingUpdate [object,nullable] queryScheduler statefulset rolling update configuration parameters - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - type: RollingUpdate - rollingUpdate: null - ## @param queryScheduler.extraVolumes Optionally specify extra list of additional volumes for the queryScheduler pod(s) - ## - extraVolumes: [] - ## @param queryScheduler.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the queryScheduler container(s) - ## - extraVolumeMounts: [] - ## @param queryScheduler.sidecars Add additional sidecar containers to the queryScheduler pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param queryScheduler.initContainers Add additional init containers to the queryScheduler pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## @section Query Scheduler Traffic Exposure Parameters - ## - - ## queryScheduler service parameters - ## - service: - ## @param queryScheduler.service.type queryScheduler service type - ## - type: ClusterIP - ## @param queryScheduler.service.ports.http queryScheduler HTTP service port - ## @param queryScheduler.service.ports.grpc queryScheduler GRPC service port - ## - ports: - http: 3100 - grpc: 9095 - ## Node ports to expose - ## NOTE: choose port between <30000-32767> - ## @param queryScheduler.service.nodePorts.http Node port for HTTP - ## @param queryScheduler.service.nodePorts.grpc Node port for GRPC - ## - nodePorts: - http: "" - grpc: "" - ## @param queryScheduler.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param queryScheduler.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ - ## - sessionAffinity: None - ## @param queryScheduler.service.clusterIP queryScheduler service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param queryScheduler.service.loadBalancerIP queryScheduler service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param queryScheduler.service.loadBalancerSourceRanges queryScheduler service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param queryScheduler.service.externalTrafficPolicy queryScheduler service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param queryScheduler.service.annotations Additional custom annotations for queryScheduler service - ## - annotations: {} - ## @param queryScheduler.service.extraPorts Extra ports to expose in the queryScheduler service - ## - extraPorts: [] - ## Network Policies - ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ - ## - networkPolicy: - ## @param queryScheduler.networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param queryScheduler.networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param queryScheduler.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param queryScheduler.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param queryScheduler.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param queryScheduler.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param queryScheduler.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## @section Ruler Deployment Parameters -## -ruler: - ## @param ruler.enabled Deploy ruler component - ## - enabled: false - ## @param ruler.extraEnvVars Array with extra environment variables to add to ruler nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param ruler.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for ruler nodes - ## - extraEnvVarsCM: "" - ## @param ruler.extraEnvVarsSecret Name of existing Secret containing extra env vars for ruler nodes - ## - extraEnvVarsSecret: "" - ## @param ruler.command Override default container command (useful when using custom images) - ## - command: [] - ## @param ruler.args Override default container args (useful when using custom images) - ## - args: [] - ## @param ruler.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled) - ## - extraArgs: [] - ## @param ruler.podManagementPolicy podManagementPolicy to manage scaling operation - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies - ## - podManagementPolicy: "" - ## @param ruler.replicaCount Number of Ruler replicas to deploy - ## - replicaCount: 1 - ## Configure extra options for Ruler containers' liveness, readiness and startup probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes - ## @param ruler.livenessProbe.enabled Enable livenessProbe on Ruler nodes - ## @param ruler.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param ruler.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param ruler.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param ruler.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param ruler.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param ruler.readinessProbe.enabled Enable readinessProbe on Ruler nodes - ## @param ruler.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param ruler.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param ruler.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param ruler.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param ruler.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param ruler.startupProbe.enabled Enable startupProbe on Ruler containers - ## @param ruler.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param ruler.startupProbe.periodSeconds Period seconds for startupProbe - ## @param ruler.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param ruler.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param ruler.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - ## @param ruler.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param ruler.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param ruler.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param ruler.lifecycleHooks for the ruler container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## ruler resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param ruler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ruler.resources is set (ruler.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param ruler.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param ruler.podSecurityContext.enabled Enabled Ruler pods' Security Context - ## @param ruler.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param ruler.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param ruler.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param ruler.podSecurityContext.fsGroup Set Ruler pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param ruler.containerSecurityContext.enabled Enabled containers' Security Context - ## @param ruler.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param ruler.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param ruler.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param ruler.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param ruler.containerSecurityContext.privileged Set container's Security Context privileged - ## @param ruler.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param ruler.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param ruler.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param ruler.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## @param ruler.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: false - ## @param ruler.hostAliases ruler pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param ruler.podLabels Extra labels for ruler pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param ruler.podAnnotations Annotations for ruler pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param ruler.podAffinityPreset Pod affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param ruler.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node ruler.affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param ruler.nodeAffinityPreset.type Node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param ruler.nodeAffinityPreset.key Node label key to match. Ignored if `ruler.affinity` is set - ## - key: "" - ## @param ruler.nodeAffinityPreset.values Node label values to match. Ignored if `ruler.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param ruler.affinity Affinity for ruler pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `ruler.podAffinityPreset`, `ruler.podAntiAffinityPreset`, and `ruler.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param ruler.nodeSelector Node labels for Ruler pods assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param ruler.tolerations Tolerations for Ruler pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param ruler.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods - ## - topologySpreadConstraints: [] - ## @param ruler.priorityClassName Ruler pods' priorityClassName - ## - priorityClassName: "" - ## @param ruler.schedulerName Kubernetes pod scheduler registry - ## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param ruler.updateStrategy.type Ruler statefulset strategy type - ## @param ruler.updateStrategy.rollingUpdate [object,nullable] Ruler statefulset rolling update configuration parameters - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - type: RollingUpdate - rollingUpdate: null - ## @param ruler.extraVolumes Optionally specify extra list of additional volumes for the Ruler pod(s) - ## - extraVolumes: [] - ## @param ruler.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the ruler container(s) - ## - extraVolumeMounts: [] - ## @param ruler.sidecars Add additional sidecar containers to the Ruler pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param ruler.initContainers Add additional init containers to the Ruler pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## @section Ruler Persistence Parameters - ## - - ## Enable persistence using Persistent Volume Claims - ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ - ## - persistence: - ## @param ruler.persistence.enabled Enable persistence in Ruler instances - ## - enabled: true - ## @param ruler.persistence.storageClass PVC Storage Class for Memcached data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param ruler.persistence.subPath The subdirectory of the volume to mount to - ## - subPath: "" - ## @param ruler.persistence.accessModes PVC Access modes - ## - accessModes: - - ReadWriteOnce - ## @param ruler.persistence.size PVC Storage Request for Memcached data volume - ## - size: 8Gi - ## @param ruler.persistence.annotations Additional PVC annotations - ## - annotations: {} - ## @param ruler.persistence.selector Selector to match an existing Persistent Volume for Ruler's data PVC - ## If set, the PVC can't have a PV dynamically provisioned for it - ## E.g. - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @section Ruler Traffic Exposure Parameters - ## - - ## ruler service parameters - ## - service: - ## @param ruler.service.type Ruler service type - ## - type: ClusterIP - ## @param ruler.service.ports.http Ruler HTTP service port - ## @param ruler.service.ports.grpc Ruler GRPC service port - ## - ports: - http: 3100 - grpc: 9095 - ## Node ports to expose - ## NOTE: choose port between <30000-32767> - ## @param ruler.service.nodePorts.http Node port for HTTP - ## @param ruler.service.nodePorts.grpc Node port for GRPC - ## - nodePorts: - http: "" - grpc: "" - ## @param ruler.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param ruler.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ - ## - sessionAffinity: None - ## @param ruler.service.clusterIP Ruler service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param ruler.service.loadBalancerIP Ruler service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param ruler.service.loadBalancerSourceRanges Ruler service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param ruler.service.externalTrafficPolicy Ruler service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param ruler.service.annotations Additional custom annotations for Ruler service - ## - annotations: {} - ## @param ruler.service.extraPorts Extra ports to expose in the Ruler service - ## - extraPorts: [] - ## Network Policies - ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ - ## - networkPolicy: - ## @param ruler.networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param ruler.networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param ruler.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param ruler.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param ruler.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param ruler.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param ruler.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## @section table-manager Deployment Parameters -## -tableManager: - ## @param tableManager.enabled Deploy table-manager - ## - enabled: false - ## @param tableManager.extraEnvVars Array with extra environment variables to add to tableManager nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param tableManager.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for tableManager nodes - ## - extraEnvVarsCM: "" - ## @param tableManager.extraEnvVarsSecret Name of existing Secret containing extra env vars for tableManager nodes - ## - extraEnvVarsSecret: "" - ## @param tableManager.command Override default container command (useful when using custom images) - ## - command: [] - ## @param tableManager.args Override default container args (useful when using custom images) - ## - args: [] - ## @param tableManager.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled) - ## - extraArgs: [] - ## @param tableManager.replicaCount Number of table-manager replicas to deploy - ## - replicaCount: 1 - ## Configure extra options for table-manager containers' liveness, readiness and startup probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes - ## @param tableManager.livenessProbe.enabled Enable livenessProbe on table-manager nodes - ## @param tableManager.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param tableManager.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param tableManager.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param tableManager.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param tableManager.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param tableManager.readinessProbe.enabled Enable readinessProbe on table-manager nodes - ## @param tableManager.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param tableManager.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param tableManager.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param tableManager.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param tableManager.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param tableManager.startupProbe.enabled Enable startupProbe on table-manager containers - ## @param tableManager.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param tableManager.startupProbe.periodSeconds Period seconds for startupProbe - ## @param tableManager.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param tableManager.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param tableManager.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - ## @param tableManager.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param tableManager.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param tableManager.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## tableManager resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param tableManager.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if tableManager.resources is set (tableManager.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param tableManager.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param tableManager.podSecurityContext.enabled Enabled table-manager pods' Security Context - ## @param tableManager.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param tableManager.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param tableManager.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param tableManager.podSecurityContext.fsGroup Set table-manager pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param tableManager.containerSecurityContext.enabled Enabled containers' Security Context - ## @param tableManager.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param tableManager.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param tableManager.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param tableManager.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param tableManager.containerSecurityContext.privileged Set container's Security Context privileged - ## @param tableManager.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param tableManager.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param tableManager.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param tableManager.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## @param tableManager.lifecycleHooks for the tableManager container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param tableManager.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: false - ## @param tableManager.hostAliases tableManager pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param tableManager.podLabels Extra labels for tableManager pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param tableManager.podAnnotations Annotations for tableManager pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param tableManager.podAffinityPreset Pod affinity preset. Ignored if `tableManager.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param tableManager.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `tableManager.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node tableManager.affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param tableManager.nodeAffinityPreset.type Node affinity preset type. Ignored if `tableManager.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param tableManager.nodeAffinityPreset.key Node label key to match. Ignored if `tableManager.affinity` is set - ## - key: "" - ## @param tableManager.nodeAffinityPreset.values Node label values to match. Ignored if `tableManager.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param tableManager.affinity Affinity for table-manager pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `tableManager.podAffinityPreset`, `tableManager.podAntiAffinityPreset`, and `tableManager.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param tableManager.nodeSelector Node labels for table-manager pods assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param tableManager.tolerations Tolerations for table-manager pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param tableManager.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods - ## - topologySpreadConstraints: [] - ## @param tableManager.priorityClassName table-manager pods' priorityClassName - ## - priorityClassName: "" - ## @param tableManager.schedulerName Kubernetes pod scheduler registry - ## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param tableManager.updateStrategy.type table-manager statefulset strategy type - ## @param tableManager.updateStrategy.rollingUpdate [object,nullable] table-manager statefulset rolling update configuration parameters - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - type: RollingUpdate - rollingUpdate: null - ## @param tableManager.extraVolumes Optionally specify extra list of additional volumes for the table-manager pod(s) - ## - extraVolumes: [] - ## @param tableManager.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the table-manager container(s) - ## - extraVolumeMounts: [] - ## @param tableManager.sidecars Add additional sidecar containers to the table-manager pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param tableManager.initContainers Add additional init containers to the table-manager pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## @section table-manager Traffic Exposure Parameters - ## - - ## tableManager service parameters - ## - service: - ## @param tableManager.service.type table-manager service type - ## - type: ClusterIP - ## @param tableManager.service.ports.http table-manager HTTP service port - ## @param tableManager.service.ports.grpc table-manager GRPC service port - ## - ports: - http: 3100 - grpc: 9095 - ## Node ports to expose - ## NOTE: choose port between <30000-32767> - ## @param tableManager.service.nodePorts.http Node port for HTTP - ## @param tableManager.service.nodePorts.grpc Node port for GRPC - ## - nodePorts: - http: "" - grpc: "" - ## @param tableManager.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param tableManager.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ - ## - sessionAffinity: None - ## @param tableManager.service.clusterIP table-manager service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param tableManager.service.loadBalancerIP table-manager service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param tableManager.service.loadBalancerSourceRanges table-manager service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param tableManager.service.externalTrafficPolicy table-manager service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param tableManager.service.annotations Additional custom annotations for table-manager service - ## - annotations: {} - ## @param tableManager.service.extraPorts Extra ports to expose in the table-manager service - ## - extraPorts: [] - ## Network Policies - ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ - ## - networkPolicy: - ## @param tableManager.networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param tableManager.networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param tableManager.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param tableManager.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param tableManager.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param tableManager.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param tableManager.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## @section Promtail Deployment Parameters -## -promtail: - ## @param promtail.enabled Deploy promtail - ## - enabled: true - ## Bitnami Promtail image - ## ref: https://hub.docker.com/r/bitnami/grafana-promtail/tags/ - ## @param promtail.image.registry [default: REGISTRY_NAME] Grafana Promtail image registry - ## @param promtail.image.repository [default: REPOSITORY_NAME/promtail] Grafana Promtail image repository - ## @skip promtail.image.tag Grafana Promtail image tag (immutable tags are recommended) - ## @param promtail.image.digest Grafana Promtail image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param promtail.image.pullPolicy Grafana Promtail image pull policy - ## @param promtail.image.pullSecrets Grafana Promtail image pull secrets - ## - image: - registry: docker.io - repository: bitnami/promtail - tag: 3.0.0-debian-12-r0 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param promtail.extraEnvVars Array with extra environment variables to add to promtail nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param promtail.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for promtail nodes - ## - extraEnvVarsCM: "" - ## @param promtail.extraEnvVarsSecret Name of existing Secret containing extra env vars for promtail nodes - ## - extraEnvVarsSecret: "" - ## @param promtail.command Override default container command (useful when using custom images) - ## - command: [] - ## @param promtail.args Override default container args (useful when using custom images) - ## - args: [] - ## @param promtail.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled) - ## - extraArgs: [] - ## @param promtail.containerPorts.http Promtail HTTP port - ## @param promtail.containerPorts.grpc Promtail HTTP port - ## - containerPorts: - http: 8080 - grpc: 9095 - ## Configure extra options for Promtail containers' liveness, readiness and startup probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes - ## @param promtail.livenessProbe.enabled Enable livenessProbe on Promtail nodes - ## @param promtail.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param promtail.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param promtail.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param promtail.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param promtail.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param promtail.readinessProbe.enabled Enable readinessProbe on Promtail nodes - ## @param promtail.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param promtail.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param promtail.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param promtail.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param promtail.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param promtail.startupProbe.enabled Enable startupProbe on Promtail containers - ## @param promtail.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param promtail.startupProbe.periodSeconds Period seconds for startupProbe - ## @param promtail.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param promtail.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param promtail.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - ## @param promtail.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param promtail.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param promtail.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param promtail.lifecycleHooks for the promtail container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## promtail resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param promtail.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if promtail.resources is set (promtail.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param promtail.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param promtail.podSecurityContext.enabled Enabled Promtail pods' Security Context - ## @param promtail.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param promtail.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param promtail.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param promtail.podSecurityContext.fsGroup Set Promtail pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 0 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param promtail.containerSecurityContext.enabled Enabled containers' Security Context - ## @param promtail.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param promtail.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param promtail.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param promtail.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param promtail.containerSecurityContext.privileged Set container's Security Context privileged - ## @param promtail.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param promtail.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param promtail.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param promtail.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 0 - runAsGroup: 0 - runAsNonRoot: false - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## @param promtail.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: true - ## @param promtail.hostAliases promtail pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param promtail.podLabels Extra labels for promtail pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param promtail.podAnnotations Annotations for promtail pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param promtail.podAffinityPreset Pod affinity preset. Ignored if `promtail.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param promtail.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `promtail.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node promtail.affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param promtail.nodeAffinityPreset.type Node affinity preset type. Ignored if `promtail.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param promtail.nodeAffinityPreset.key Node label key to match. Ignored if `promtail.affinity` is set - ## - key: "" - ## @param promtail.nodeAffinityPreset.values Node label values to match. Ignored if `promtail.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param promtail.affinity Affinity for promtail pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `promtail.podAffinityPreset`, `promtail.podAntiAffinityPreset`, and `promtail.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param promtail.nodeSelector Node labels for Promtail pods assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param promtail.tolerations Tolerations for Promtail pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param promtail.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods - ## - topologySpreadConstraints: [] - ## @param promtail.priorityClassName Promtail pods' priorityClassName - ## - priorityClassName: "" - ## @param promtail.schedulerName Kubernetes pod scheduler registry - ## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param promtail.updateStrategy.type Promtail statefulset strategy type - ## @param promtail.updateStrategy.rollingUpdate [object,nullable] Promtail statefulset rolling update configuration parameters - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - type: RollingUpdate - rollingUpdate: null - ## @param promtail.extraVolumes Optionally specify extra list of additional volumes for the Promtail pod(s) - ## - extraVolumes: [] - ## @param promtail.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the promtail container(s) - ## - extraVolumeMounts: [] - ## @param promtail.sidecars Add additional sidecar containers to the Promtail pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param promtail.initContainers Add additional init containers to the Promtail pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## @param promtail.configuration [string] Promtail configuration - ## - configuration: | - server: - log_level: {{ .Values.promtail.logLevel }} - http_listen_port: {{ .Values.promtail.containerPorts.http }} - grpc_listen_port: {{ .Values.promtail.containerPorts.grpc }} - - clients: - - url: http://{{ include "grafana-loki.gateway.fullname" . }}:{{ .Values.gateway.service.ports.http }}/loki/api/v1/push - {{- if .Values.gateway.auth.enabled }} - basic_auth: - # The username to use for basic auth - username: {{ .Values.gateway.auth.username }} - password_file: /bitnami/promtail/conf/secrets/password - {{- end }} - positions: - filename: /run/promtail/positions.yaml - - scrape_configs: - # See also https://github.com/grafana/loki/blob/master/production/ksonnet/promtail/scrape_config.libsonnet for reference - - job_name: kubernetes-pods - pipeline_stages: - - cri: {} - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: - - __meta_kubernetes_pod_controller_name - regex: ([0-9a-z-.]+?)(-[0-9a-f]{8,10})? - action: replace - target_label: __tmp_controller_name - - source_labels: - - __meta_kubernetes_pod_label_app_kubernetes_io_name - - __meta_kubernetes_pod_label_app - - __tmp_controller_name - - __meta_kubernetes_pod_name - regex: ^;*([^;]+)(;.*)?$ - action: replace - target_label: app - - source_labels: - - __meta_kubernetes_pod_label_app_kubernetes_io_component - - __meta_kubernetes_pod_label_component - regex: ^;*([^;]+)(;.*)?$ - action: replace - target_label: component - - action: replace - source_labels: - - __meta_kubernetes_pod_node_name - target_label: node_name - - action: replace - source_labels: - - __meta_kubernetes_namespace - target_label: namespace - - action: replace - replacement: $1 - separator: / - source_labels: - - namespace - - app - target_label: job - - action: replace - source_labels: - - __meta_kubernetes_pod_name - target_label: pod - - action: replace - source_labels: - - __meta_kubernetes_pod_container_name - target_label: container - - action: replace - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_uid - - __meta_kubernetes_pod_container_name - target_label: __path__ - - action: replace - regex: true/(.*) - replacement: /var/log/pods/*$1/*.log - separator: / - source_labels: - - __meta_kubernetes_pod_annotationpresent_kubernetes_io_config_hash - - __meta_kubernetes_pod_annotation_kubernetes_io_config_hash - - __meta_kubernetes_pod_container_name - target_label: __path__ - ## @param promtail.existingSecret Name of a Secret that contains the Promtail configuration - ## - existingSecret: "" - ## @param promtail.logLevel Promtail logging level - ## - logLevel: info - ## @section Promtail Traffic Exposure Parameters - ## - - ## promtail service parameters - ## - service: - ## @param promtail.service.type Promtail service type - ## - type: ClusterIP - ## @param promtail.service.ports.http Promtail HTTP service port - ## @param promtail.service.ports.grpc Promtail gRPC service port - ## - ports: - http: 3100 - grpc: 9095 - ## Node ports to expose - ## NOTE: choose port between <30000-32767> - ## @param promtail.service.nodePorts.http Node port for HTTP - ## - nodePorts: - http: "" - ## @param promtail.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param promtail.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ - ## - sessionAffinity: None - ## @param promtail.service.clusterIP Promtail service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param promtail.service.loadBalancerIP Promtail service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param promtail.service.loadBalancerSourceRanges Promtail service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param promtail.service.externalTrafficPolicy Promtail service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param promtail.service.annotations Additional custom annotations for Promtail service - ## - annotations: {} - ## @param promtail.service.extraPorts Extra ports to expose in the Promtail service - ## - extraPorts: [] - ## Network Policies - ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ - ## - networkPolicy: - ## @param promtail.networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param promtail.networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param promtail.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param promtail.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) - ## - kubeAPIServerPorts: [443, 6443, 8443] - ## @param promtail.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param promtail.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param promtail.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param promtail.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} - ## Create RBAC - ## @param promtail.rbac.create Create RBAC rules - ## - rbac: - create: true - ## Service account for Loki to use - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - ## - serviceAccount: - ## @param promtail.serviceAccount.create Enable creation of ServiceAccount for Promtail pods - ## - create: true - ## @param promtail.serviceAccount.name The name of the ServiceAccount to use - ## If not set and create is true, a name is generated using the common.names.fullname template - ## - name: "" - ## @param promtail.serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the promtail.serviceAccount.created - ## Can be set to false if pods using this promtail.serviceAccount.do not need to use K8s API - ## - automountServiceAccountToken: false - ## @param promtail.serviceAccount.annotations Additional custom annotations for the ServiceAccount - ## - annotations: {} -## @section Init Container Parameters -## - -## 'volumePermissions' init container parameters -## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values -## based on the *podSecurityContext/*containerSecurityContext parameters -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` - ## - enabled: false - ## OS Shell + Utility image - ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ - ## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry - ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository - ## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended) - ## @param volumePermissions.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy - ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets - ## - image: - registry: docker.io - repository: bitnami/os-shell - tag: 12-debian-12-r18 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init container's resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Init container Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser - ## @param volumePermissions.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the - ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) - ## - containerSecurityContext: - seLinuxOptions: {} - runAsUser: 0 - seccompProfile: - type: "RuntimeDefault" -## @section Other Parameters -## - -## Service account for Loki to use -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## @param serviceAccount.create Enable creation of ServiceAccount for Loki pods - ## - create: true - ## @param serviceAccount.name The name of the ServiceAccount to use - ## If not set and create is true, a name is generated using the common.names.fullname template - ## - name: "" - ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created - ## Can be set to false if pods using this serviceAccount do not need to use K8s API - ## - automountServiceAccountToken: false - ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount - ## - annotations: {} -## @section Metrics Parameters -## Prometheus Exporter / Metrics -## -metrics: - ## @param metrics.enabled Enable metrics - ## - enabled: false - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) - ## - namespace: "" - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - interval: "" - ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus - ## - labels: {} - ## @param metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration - ## - selector: {} - ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping - ## - relabelings: [] - ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion - ## - metricRelabelings: [] - ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. - ## - jobLabel: "" -## @section External Memcached (Chunks) Parameters -## -externalMemcachedChunks: - ## @param externalMemcachedChunks.host Host of a running external memcached instance - ## - host: "" - ## @param externalMemcachedChunks.port Port of a running external memcached instance - ## - port: 11211 -## @section Memcached Sub-chart Parameters (Chunks) -## Memcached sub-chart (Chunks) -## -memcachedchunks: - ## @param memcachedchunks.enabled Deploy memcached sub-chart - ## - enabled: true - ## Bitnami Memcached image version - ## ref: https://hub.docker.com/r/bitnami/memcached/tags/ - ## @param memcachedchunks.image.registry [default: REGISTRY_NAME] Memcached image registry - ## @param memcachedchunks.image.repository [default: REPOSITORY_NAME/memcached] Memcached image repository - ## @skip memcachedchunks.image.tag Memcached image tag (immutable tags are recommended) - ## @param memcachedchunks.image.digest Memcached image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## - image: - registry: docker.io - repository: bitnami/memcached - tag: 1.6.26-debian-12-r1 - digest: "" - ## @param memcachedchunks.nameOverride override the subchart name - ## - nameOverride: "" - ## @param memcachedchunks.architecture Memcached architecture - ## - architecture: high-availability - ## @param memcachedchunks.service.ports.memcached Memcached service port - ## - service: - ports: - memcached: 11211 - ## Memcached resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param memcachedchunks.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param memcachedchunks.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} -## @section External Memcached (Frontend) Parameters -## -externalMemcachedFrontend: - ## @param externalMemcachedFrontend.host Host of a running external memcached instance - ## - host: "" - ## @param externalMemcachedFrontend.port Port of a running external memcached instance - ## - port: 11211 -## @section Memcached Sub-chart Parameters (Frontend) -## Memcached sub-chart (Frontend) -## -memcachedfrontend: - ## @param memcachedfrontend.enabled Deploy memcached sub-chart - ## - enabled: true - ## Bitnami Memcached image version - ## ref: https://hub.docker.com/r/bitnami/memcached/tags/ - ## @param memcachedfrontend.image.registry [default: REGISTRY_NAME] Memcached image registry - ## @param memcachedfrontend.image.repository [default: REPOSITORY_NAME/memcached] Memcached image repository - ## @skip memcachedfrontend.image.tag Memcached image tag (immutable tags are recommended) - ## @param memcachedfrontend.image.digest Memcached image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## - image: - registry: docker.io - repository: bitnami/memcached - tag: 1.6.26-debian-12-r1 - digest: "" - ## @param memcachedfrontend.architecture Memcached architecture - ## - architecture: high-availability - ## @param memcachedfrontend.nameOverride override the subchart name - ## - nameOverride: "" - ## @param memcachedfrontend.service.ports.memcached Memcached service port - ## - service: - ports: - memcached: 11211 - ## Memcached resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param memcachedfrontend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param memcachedfrontend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} -## @section External Memcached (Index-Queries) Parameters -## -externalMemcachedIndexQueries: - ## @param externalMemcachedIndexQueries.host Host of a running external memcached instance - ## - host: "" - ## @param externalMemcachedIndexQueries.port Port of a running external memcached instance - ## - port: 11211 -## @section Memcached Sub-chart Parameters (Index-Queries) -## Memcached sub-chart (Index-Queries) -## -memcachedindexqueries: - ## @param memcachedindexqueries.enabled Deploy memcached sub-chart - ## - enabled: false - ## Bitnami Memcached image version - ## ref: https://hub.docker.com/r/bitnami/memcached/tags/ - ## @param memcachedindexqueries.image.registry [default: REGISTRY_NAME] Memcached image registry - ## @param memcachedindexqueries.image.repository [default: REPOSITORY_NAME/memcached] Memcached image repository - ## @skip memcachedindexqueries.image.tag Memcached image tag (immutable tags are recommended) - ## @param memcachedindexqueries.image.digest Memcached image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## - image: - registry: docker.io - repository: bitnami/memcached - tag: 1.6.26-debian-12-r1 - digest: "" - ## @param memcachedindexqueries.architecture Memcached architecture - ## - architecture: high-availability - ## @param memcachedindexqueries.nameOverride override the subchart name - ## - nameOverride: "" - ## @param memcachedindexqueries.service.ports.memcached Memcached service port - ## - service: - ports: - memcached: 11211 - ## Memcached resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param memcachedindexqueries.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param memcachedindexqueries.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} -## @section External Memcached (IndexWrites) Parameters -## -externalMemcachedIndexWrites: - ## @param externalMemcachedIndexWrites.host Host of a running external memcached instance - ## - host: "" - ## @param externalMemcachedIndexWrites.port Port of a running external memcached instance - ## - port: 11211 -## @section Memcached Sub-chart Parameters (Index-Writes) -## Memcached sub-chart (Index-Writes) -## -memcachedindexwrites: - ## @param memcachedindexwrites.enabled Deploy memcached sub-chart - ## - enabled: false - ## Bitnami Memcached image version - ## ref: https://hub.docker.com/r/bitnami/memcached/tags/ - ## @param memcachedindexwrites.image.registry [default: REGISTRY_NAME] Memcached image registry - ## @param memcachedindexwrites.image.repository [default: REPOSITORY_NAME/memcached] Memcached image repository - ## @skip memcachedindexwrites.image.tag Memcached image tag (immutable tags are recommended) - ## @param memcachedindexwrites.image.digest Memcached image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## - image: - registry: docker.io - repository: bitnami/memcached - tag: 1.6.26-debian-12-r1 - digest: "" - ## @param memcachedindexwrites.architecture Memcached architecture - ## - architecture: high-availability - ## @param memcachedindexwrites.nameOverride override the subchart name - ## - nameOverride: "" - ## @param memcachedindexwrites.service.ports.memcached Memcached service port - ## - service: - ports: - memcached: 11211 - ## Memcached resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param memcachedindexwrites.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param memcachedindexwrites.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} diff --git a/charts/nopo11y-stack/charts/kiali-server/Chart.yaml b/charts/nopo11y-stack/charts/kiali-server/Chart.yaml deleted file mode 100644 index e53dd34..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -appVersion: v1.83.0 -description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. -home: https://github.com/kiali/kiali -icon: https://raw.githubusercontent.com/kiali/kiali.io/current/assets/icons/logo.svg -keywords: -- istio -- kiali -maintainers: -- email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io -name: kiali-server -sources: -- https://github.com/kiali/kiali -- https://github.com/kiali/kiali-operator -- https://github.com/kiali/helm-charts -version: 1.83.0 diff --git a/charts/nopo11y-stack/charts/kiali-server/templates/NOTES.txt b/charts/nopo11y-stack/charts/kiali-server/templates/NOTES.txt deleted file mode 100644 index 7510194..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -Welcome to Kiali! For more details on Kiali, see: https://kiali.io - -The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. - -(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/charts/nopo11y-stack/charts/kiali-server/templates/_helpers.tpl b/charts/nopo11y-stack/charts/kiali-server/templates/_helpers.tpl deleted file mode 100644 index 8382678..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/templates/_helpers.tpl +++ /dev/null @@ -1,192 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Create a default fully qualified instance name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -To simulate the way the operator works, use deployment.instance_name rather than the old fullnameOverride. -For backwards compatibility, if fullnameOverride is not kiali but deployment.instance_name is kiali, -use fullnameOverride, otherwise use deployment.instance_name. -*/}} -{{- define "kiali-server.fullname" -}} -{{- if (and (eq .Values.deployment.instance_name "kiali") (ne .Values.fullnameOverride "kiali")) }} - {{- .Values.fullnameOverride | trunc 63 }} -{{- else }} - {{- .Values.deployment.instance_name | trunc 63 }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kiali-server.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Identifies the log_level. -*/}} -{{- define "kiali-server.logLevel" -}} -{{- .Values.deployment.logger.log_level -}} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "kiali-server.labels" -}} -helm.sh/chart: {{ include "kiali-server.chart" . }} -app: kiali -{{ include "kiali-server.selectorLabels" . }} -version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} -app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/part-of: "kiali" -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "kiali-server.selectorLabels" -}} -app.kubernetes.io/name: kiali -app.kubernetes.io/instance: {{ include "kiali-server.fullname" . }} -{{- end }} - -{{/* -Determine the default login token signing key. -*/}} -{{- define "kiali-server.login_token.signing_key" -}} -{{- if .Values.login_token.signing_key }} - {{- .Values.login_token.signing_key }} -{{- else }} - {{- randAlphaNum 16 }} -{{- end }} -{{- end }} - -{{/* -Determine the default web root. -*/}} -{{- define "kiali-server.server.web_root" -}} -{{- if .Values.server.web_root }} - {{- if (eq .Values.server.web_root "/") }} - {{- .Values.server.web_root }} - {{- else }} - {{- .Values.server.web_root | trimSuffix "/" }} - {{- end }} -{{- else }} - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - {{- "/" }} - {{- else }} - {{- "/kiali" }} - {{- end }} -{{- end }} -{{- end }} - -{{/* -Determine the default identity cert file. There is no default if on k8s; only on OpenShift. -*/}} -{{- define "kiali-server.identity.cert_file" -}} -{{- if hasKey .Values.identity "cert_file" }} - {{- .Values.identity.cert_file }} -{{- else }} - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - {{- "/kiali-cert/tls.crt" }} - {{- else }} - {{- "" }} - {{- end }} -{{- end }} -{{- end }} - -{{/* -Determine the default identity private key file. There is no default if on k8s; only on OpenShift. -*/}} -{{- define "kiali-server.identity.private_key_file" -}} -{{- if hasKey .Values.identity "private_key_file" }} - {{- .Values.identity.private_key_file }} -{{- else }} - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - {{- "/kiali-cert/tls.key" }} - {{- else }} - {{- "" }} - {{- end }} -{{- end }} -{{- end }} - -{{/* -Determine the default deployment.ingress.enabled. Disable it on k8s; enable it on OpenShift. -*/}} -{{- define "kiali-server.deployment.ingress.enabled" -}} -{{- if hasKey .Values.deployment.ingress "enabled" }} - {{- .Values.deployment.ingress.enabled }} -{{- else }} - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - {{- true }} - {{- else }} - {{- false }} - {{- end }} -{{- end }} -{{- end }} - -{{/* -Determine the istio namespace - default is where Kiali is installed. -*/}} -{{- define "kiali-server.istio_namespace" -}} -{{- if .Values.istio_namespace }} - {{- .Values.istio_namespace }} -{{- else }} - {{- .Release.Namespace }} -{{- end }} -{{- end }} - -{{/* -Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. -*/}} -{{- define "kiali-server.auth.strategy" -}} -{{- if .Values.auth.strategy }} - {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} - {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} - {{- end }} - {{- .Values.auth.strategy }} -{{- else }} - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - {{- if not .Values.kiali_route_url }} - {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} - {{- end }} - {{- "openshift" }} - {{- else }} - {{- "token" }} - {{- end }} -{{- end }} -{{- end }} - -{{/* -Determine the root namespace - default is where Kiali is installed. -*/}} -{{- define "kiali-server.external_services.istio.root_namespace" -}} -{{- if .Values.external_services.istio.root_namespace }} - {{- .Values.external_services.istio.root_namespace }} -{{- else }} - {{- .Release.Namespace }} -{{- end }} -{{- end }} - -{{/* -Autodetect remote cluster secrets if enabled - looks for secrets in the same namespace where Kiali is installed. -Returns a JSON dict whose keys are the cluster names and values are the cluster secret data. -*/}} -{{- define "kiali-server.remote-cluster-secrets" -}} -{{- $theDict := dict }} -{{- if .Values.clustering.autodetect_secrets.enabled }} - {{- $secretLabelToLookFor := (regexSplit "=" .Values.clustering.autodetect_secrets.label 2) }} - {{- $secretLabelNameToLookFor := first $secretLabelToLookFor }} - {{- $secretLabelValueToLookFor := last $secretLabelToLookFor }} - {{- range $i, $secret := (lookup "v1" "Secret" .Release.Namespace "").items }} - {{- if (and (and (hasKey $secret.metadata "labels") (hasKey $secret.metadata.labels $secretLabelNameToLookFor)) (eq (get $secret.metadata.labels $secretLabelNameToLookFor) ($secretLabelValueToLookFor))) }} - {{- $clusterName := $secret.metadata.name }} - {{- if (and (hasKey $secret.metadata "annotations") (hasKey $secret.metadata.annotations "kiali.io/cluster")) }} - {{- $clusterName = get $secret.metadata.annotations "kiali.io/cluster" }} - {{- end }} - {{- $theDict = set $theDict $clusterName $secret.metadata.name }} - {{- end }} - {{- end }} -{{- end }} -{{- $theDict | toJson }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/kiali-server/templates/cabundle.yaml b/charts/nopo11y-stack/charts/kiali-server/templates/cabundle.yaml deleted file mode 100644 index 7462b95..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/templates/cabundle.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "kiali-server.fullname" . }}-cabundle - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} - annotations: - service.beta.openshift.io/inject-cabundle: "true" -... -{{- end }} diff --git a/charts/nopo11y-stack/charts/kiali-server/templates/configmap.yaml b/charts/nopo11y-stack/charts/kiali-server/templates/configmap.yaml deleted file mode 100644 index f7b6829..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/templates/configmap.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} - {{- if .Values.deployment.configmap_annotations }} - annotations: - {{- toYaml .Values.deployment.configmap_annotations | nindent 4 }} - {{- end }} -data: - config.yaml: | - {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} - {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} - {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} - {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} - {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} - {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} - {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} - {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} - {{- $_ := set $cm.deployment "instance_name" (include "kiali-server.fullname" .) }} - {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} - {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} - {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} - {{- $_ := set $cm.external_services.istio "root_namespace" (include "kiali-server.external_services.istio.root_namespace" .) }} - {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} - {{- toYaml $cm | nindent 4 }} -... diff --git a/charts/nopo11y-stack/charts/kiali-server/templates/deployment.yaml b/charts/nopo11y-stack/charts/kiali-server/templates/deployment.yaml deleted file mode 100644 index 115477a..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/templates/deployment.yaml +++ /dev/null @@ -1,209 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.deployment.replicas }} - selector: - matchLabels: - {{- include "kiali-server.selectorLabels" . | nindent 6 }} - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - name: {{ include "kiali-server.fullname" . }} - labels: - {{- include "kiali-server.labels" . | nindent 8 }} - {{- if .Values.deployment.pod_labels }} - {{- toYaml .Values.deployment.pod_labels | nindent 8 }} - {{- end }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- if .Values.server.observability.metrics.enabled }} - prometheus.io/scrape: "true" - prometheus.io/port: {{ .Values.server.observability.metrics.port | quote }} - {{- else }} - prometheus.io/scrape: "false" - prometheus.io/port: "" - {{- end }} - kiali.io/dashboards: go,kiali - {{- if .Values.deployment.pod_annotations }} - {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ include "kiali-server.fullname" . }} - {{- if .Values.deployment.priority_class_name }} - priorityClassName: {{ .Values.deployment.priority_class_name | quote }} - {{- end }} - {{- if .Values.deployment.image_pull_secrets }} - imagePullSecrets: - {{- range .Values.deployment.image_pull_secrets }} - - name: {{ . }} - {{- end }} - {{- end }} - {{- if .Values.deployment.host_aliases }} - hostAliases: - {{- toYaml .Values.deployment.host_aliases | nindent 6 }} - {{- end }} - containers: - - image: "{{ .Values.deployment.image_name }}{{ if .Values.deployment.image_digest }}@{{ .Values.deployment.image_digest }}{{ end }}:{{ .Values.deployment.image_version }}" - imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} - name: {{ include "kiali-server.fullname" . }} - command: - - "/opt/kiali/kiali" - - "-config" - - "/kiali-configuration/config.yaml" - securityContext: - {{- if .Values.deployment.security_context}} - {{- toYaml .Values.deployment.security_context | nindent 10 }} - {{- else }} - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - {{- end }} - ports: - - name: api-port - containerPort: {{ .Values.server.port | default 20001 }} - {{- if .Values.server.observability.metrics.enabled }} - - name: http-metrics - containerPort: {{ .Values.server.observability.metrics.port | default 9090 }} - {{- end }} - readinessProbe: - httpGet: - path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz - port: api-port - {{- if (include "kiali-server.identity.cert_file" .) }} - scheme: HTTPS - {{- else }} - scheme: HTTP - {{- end }} - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - httpGet: - path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz - port: api-port - {{- if (include "kiali-server.identity.cert_file" .) }} - scheme: HTTPS - {{- else }} - scheme: HTTP - {{- end }} - initialDelaySeconds: 5 - periodSeconds: 30 - env: - - name: ACTIVE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LOG_LEVEL - value: "{{ include "kiali-server.logLevel" . }}" - - name: LOG_FORMAT - value: "{{ .Values.deployment.logger.log_format }}" - - name: LOG_TIME_FIELD_FORMAT - value: "{{ .Values.deployment.logger.time_field_format }}" - - name: LOG_SAMPLER_RATE - value: "{{ .Values.deployment.logger.sampler_rate }}" - volumeMounts: - - name: {{ include "kiali-server.fullname" . }}-configuration - mountPath: "/kiali-configuration" - - name: {{ include "kiali-server.fullname" . }}-cert - mountPath: "/kiali-cert" - - name: {{ include "kiali-server.fullname" . }}-secret - mountPath: "/kiali-secret" - - name: {{ include "kiali-server.fullname" . }}-cabundle - mountPath: "/kiali-cabundle" - {{- range .Values.deployment.custom_secrets }} - - name: {{ .name }} - mountPath: "{{ .mount }}" - {{- end }} - {{- range $key, $val := (include "kiali-server.remote-cluster-secrets" .) | fromJson }} - - name: {{ $key }} - mountPath: "/kiali-remote-cluster-secrets/{{ $val }}" - {{- end }} - {{- range .Values.clustering.clusters }} - - name: {{ .name }} - mountPath: "/kiali-remote-cluster-secrets/{{ .secret_name }}" - {{- end }} - {{- if .Values.deployment.resources }} - resources: - {{- toYaml .Values.deployment.resources | nindent 10 }} - {{- end }} - volumes: - - name: {{ include "kiali-server.fullname" . }}-configuration - configMap: - name: {{ include "kiali-server.fullname" . }} - - name: {{ include "kiali-server.fullname" . }}-cert - secret: - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - secretName: {{ include "kiali-server.fullname" . }}-cert-secret - {{- else }} - secretName: istio.{{ include "kiali-server.fullname" . }}-service-account - {{- end }} - {{- if not (include "kiali-server.identity.cert_file" .) }} - optional: true - {{- end }} - - name: {{ include "kiali-server.fullname" . }}-secret - secret: - secretName: {{ .Values.deployment.secret_name }} - optional: true - - name: {{ include "kiali-server.fullname" . }}-cabundle - configMap: - name: {{ include "kiali-server.fullname" . }}-cabundle - {{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} - optional: true - {{- end }} - {{- range .Values.deployment.custom_secrets }} - - name: {{ .name }} - {{- if .csi}} - csi: {{ toYaml .csi | nindent 10 }} - {{- else }} - secret: - secretName: {{ .name }} - optional: {{ .optional | default false }} - {{- end }} - {{- end }} - {{- range $key, $val := (include "kiali-server.remote-cluster-secrets" .) | fromJson }} - - name: {{ $key }} - secret: - secretName: {{ $val }} - {{- end }} - {{- range .Values.clustering.clusters }} - - name: {{ .name }} - secret: - secretName: {{ .secret_name }} - {{- end }} - {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.affinity.pod) (.Values.deployment.affinity.pod_anti)) }} - affinity: - {{- if .Values.deployment.affinity.node }} - nodeAffinity: - {{- toYaml .Values.deployment.affinity.node | nindent 10 }} - {{- end }} - {{- if .Values.deployment.affinity.pod }} - podAffinity: - {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} - {{- end }} - {{- if .Values.deployment.affinity.pod_anti }} - podAntiAffinity: - {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} - {{- end }} - {{- end }} - {{- if .Values.deployment.tolerations }} - tolerations: - {{- toYaml .Values.deployment.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.deployment.node_selector }} - nodeSelector: - {{- toYaml .Values.deployment.node_selector | nindent 8 }} - {{- end }} -... diff --git a/charts/nopo11y-stack/charts/kiali-server/templates/hpa.yaml b/charts/nopo11y-stack/charts/kiali-server/templates/hpa.yaml deleted file mode 100644 index 934c4c1..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/templates/hpa.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.deployment.hpa.spec }} ---- -apiVersion: {{ .Values.deployment.hpa.api_version }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "kiali-server.fullname" . }} - {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} -... -{{- end }} diff --git a/charts/nopo11y-stack/charts/kiali-server/templates/ingress.yaml b/charts/nopo11y-stack/charts/kiali-server/templates/ingress.yaml deleted file mode 100644 index 27807fc..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/templates/ingress.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} -{{- if eq "true" (include "kiali-server.deployment.ingress.enabled" .) }} ---- -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} -apiVersion: networking.k8s.io/v1 -{{- else }} -apiVersion: networking.k8s.io/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- if .Values.deployment.ingress.additional_labels }} - {{- toYaml .Values.deployment.ingress.additional_labels | nindent 4 }} - {{- end }} - {{- include "kiali-server.labels" . | nindent 4 }} - annotations: - {{- if .Values.deployment.ingress.override_yaml.metadata.annotations }} - {{- toYaml .Values.deployment.ingress.override_yaml.metadata.annotations | nindent 4 }} - {{- else }} - # For ingress-nginx versions older than 0.20.0 use secure-backends. - # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) - # For ingress-nginx versions 0.20.0 and later use backend-protocol. - {{- if (include "kiali-server.identity.cert_file" .) }} - nginx.ingress.kubernetes.io/secure-backends: "true" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - {{- else }} - nginx.ingress.kubernetes.io/secure-backends: "false" - nginx.ingress.kubernetes.io/backend-protocol: "HTTP" - {{- end }} - {{- end }} -spec: - {{- if hasKey .Values.deployment.ingress.override_yaml "spec" }} - {{- toYaml .Values.deployment.ingress.override_yaml.spec | nindent 2 }} - {{- else }} - {{- if .Values.deployment.ingress.class_name }} - ingressClassName: {{ .Values.deployment.ingress.class_name }} - {{- end }} - rules: - - http: - paths: - - path: {{ include "kiali-server.server.web_root" . }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} - pathType: Prefix - backend: - service: - name: {{ include "kiali-server.fullname" . }} - port: - number: {{ .Values.server.port }} - {{- else }} - backend: - serviceName: {{ include "kiali-server.fullname" . }} - servicePort: {{ .Values.server.port }} - {{- end }} - {{- if not (empty .Values.server.web_fqdn) }} - host: {{ .Values.server.web_fqdn }} - {{- end }} - {{- end }} -... -{{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/kiali-server/templates/oauth.yaml b/charts/nopo11y-stack/charts/kiali-server/templates/oauth.yaml deleted file mode 100644 index 44c8d7c..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/templates/oauth.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} -{{- if .Values.kiali_route_url }} ---- -apiVersion: oauth.openshift.io/v1 -kind: OAuthClient -metadata: - name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -redirectURIs: -- {{ .Values.kiali_route_url }} -{{- if .Values.server.web_port }} -- {{ .Values.kiali_route_url }}:{{ .Values.server.web_port }} -{{- end }} -grantMethod: auto -{{- if .Values.auth.openshift.token_inactivity_timeout }} -accessTokenInactivityTimeoutSeconds: {{ .Values.auth.openshift.token_inactivity_timeout }} -{{- end }} -{{- if .Values.auth.openshift.token_max_age }} -accessTokenMaxAgeSeconds: {{ .Values.auth.openshift.token_max_age }} -{{- end }} -... -{{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/kiali-server/templates/role-controlplane.yaml b/charts/nopo11y-stack/charts/kiali-server/templates/role-controlplane.yaml deleted file mode 100644 index 707501c..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/templates/role-controlplane.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "kiali-server.fullname" . }}-controlplane - namespace: {{ include "kiali-server.istio_namespace" . }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -rules: -{{- if .Values.kiali_feature_flags.certificates_information_indicators.enabled }} -- apiGroups: [""] - resourceNames: - {{- range .Values.kiali_feature_flags.certificates_information_indicators.secrets }} - - {{ . }} - {{- end }} - resources: - - secrets - verbs: - - get - - list - - watch -{{- end }} -... diff --git a/charts/nopo11y-stack/charts/kiali-server/templates/role-viewer.yaml b/charts/nopo11y-stack/charts/kiali-server/templates/role-viewer.yaml deleted file mode 100644 index 8c7fda1..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/templates/role-viewer.yaml +++ /dev/null @@ -1,87 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "kiali-server.fullname" . }}-viewer - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints -{{- if not (has "logs-tab" .Values.kiali_feature_flags.disabled_features) }} - - pods/log -{{- end }} - verbs: - - get - - list - - watch -- apiGroups: [""] - resources: - - namespaces - - pods - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: [""] - resources: - - pods/portforward - verbs: - - create - - post -- apiGroups: ["extensions", "apps"] - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - networking.istio.io - - security.istio.io - - extensions.istio.io - - telemetry.istio.io - - gateway.networking.k8s.io - resources: ["*"] - verbs: - - get - - list - - watch -- apiGroups: ["apps.openshift.io"] - resources: - - deploymentconfigs - verbs: - - get - - list - - watch -- apiGroups: ["project.openshift.io"] - resources: - - projects - verbs: - - get -- apiGroups: ["route.openshift.io"] - resources: - - routes - verbs: - - get -- apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: - - create -... diff --git a/charts/nopo11y-stack/charts/kiali-server/templates/role.yaml b/charts/nopo11y-stack/charts/kiali-server/templates/role.yaml deleted file mode 100644 index 8969da3..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/templates/role.yaml +++ /dev/null @@ -1,94 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "kiali-server.fullname" . }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints -{{- if not (has "logs-tab" .Values.kiali_feature_flags.disabled_features) }} - - pods/log -{{- end }} - verbs: - - get - - list - - watch -- apiGroups: [""] - resources: - - namespaces - - pods - - replicationcontrollers - - services - verbs: - - get - - list - - watch - - patch -- apiGroups: [""] - resources: - - pods/portforward - verbs: - - create - - post -- apiGroups: ["extensions", "apps"] - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch - - patch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch - - patch -- apiGroups: - - networking.istio.io - - security.istio.io - - extensions.istio.io - - telemetry.istio.io - - gateway.networking.k8s.io - resources: ["*"] - verbs: - - get - - list - - watch - - create - - delete - - patch -- apiGroups: ["apps.openshift.io"] - resources: - - deploymentconfigs - verbs: - - get - - list - - watch - - patch -- apiGroups: ["project.openshift.io"] - resources: - - projects - verbs: - - get -- apiGroups: ["route.openshift.io"] - resources: - - routes - verbs: - - get -- apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: - - create -... diff --git a/charts/nopo11y-stack/charts/kiali-server/templates/rolebinding-controlplane.yaml b/charts/nopo11y-stack/charts/kiali-server/templates/rolebinding-controlplane.yaml deleted file mode 100644 index 5a00158..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/templates/rolebinding-controlplane.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "kiali-server.fullname" . }}-controlplane - namespace: {{ include "kiali-server.istio_namespace" . }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "kiali-server.fullname" . }}-controlplane -subjects: -- kind: ServiceAccount - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} -... diff --git a/charts/nopo11y-stack/charts/kiali-server/templates/rolebinding.yaml b/charts/nopo11y-stack/charts/kiali-server/templates/rolebinding.yaml deleted file mode 100644 index 63f1922..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/templates/rolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- if or (.Values.deployment.view_only_mode) (ne .Values.auth.strategy "anonymous") }} - name: {{ include "kiali-server.fullname" . }}-viewer - {{- else }} - name: {{ include "kiali-server.fullname" . }} - {{- end }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - {{- if or (.Values.deployment.view_only_mode) (ne .Values.auth.strategy "anonymous") }} - name: {{ include "kiali-server.fullname" . }}-viewer - {{- else }} - name: {{ include "kiali-server.fullname" . }} - {{- end }} -subjects: -- kind: ServiceAccount - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} -... diff --git a/charts/nopo11y-stack/charts/kiali-server/templates/route.yaml b/charts/nopo11y-stack/charts/kiali-server/templates/route.yaml deleted file mode 100644 index 8325c14..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/templates/route.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} -{{- if eq "true" (include "kiali-server.deployment.ingress.enabled" .) }} -# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm ---- -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- if .Values.deployment.ingress.additional_labels }} - {{- toYaml .Values.deployment.ingress.additional_labels | nindent 4 }} - {{- end }} - {{- include "kiali-server.labels" . | nindent 4 }} - {{- if .Values.deployment.ingress.override_yaml.metadata.annotations }} - annotations: - {{- toYaml .Values.deployment.ingress.override_yaml.metadata.annotations | nindent 4 }} - {{- end }} -spec: - {{- if hasKey .Values.deployment.ingress.override_yaml "spec" }} - {{- toYaml .Values.deployment.ingress.override_yaml.spec | nindent 2 }} - {{- else }} - tls: - termination: reencrypt - insecureEdgeTerminationPolicy: Redirect - to: - kind: Service - name: {{ include "kiali-server.fullname" . }} - port: - targetPort: {{ .Values.server.port }} - {{- end }} -... -{{- end }} -{{- end }} diff --git a/charts/nopo11y-stack/charts/kiali-server/templates/service.yaml b/charts/nopo11y-stack/charts/kiali-server/templates/service.yaml deleted file mode 100644 index 111be7f..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/templates/service.yaml +++ /dev/null @@ -1,51 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} - annotations: - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret - {{- end }} - {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }} - {{- if empty .Values.server.web_port }} - kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ include "kiali-server.server.web_root" . }} - {{- else }} - kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{ include "kiali-server.server.web_root" . }} - {{- end }} - {{- end }} - {{- if .Values.deployment.service_annotations }} - {{- toYaml .Values.deployment.service_annotations | nindent 4 }} - {{- end }} -spec: - {{- if .Values.deployment.service_type }} - type: {{ .Values.deployment.service_type }} - {{- end }} - ports: - {{- if (include "kiali-server.identity.cert_file" .) }} - - name: tcp - appProtocol: https - {{- else }} - - name: http - appProtocol: http - {{- end }} - protocol: TCP - port: {{ .Values.server.port }} - {{- if and (not (empty .Values.server.node_port)) (eq .Values.deployment.service_type "NodePort") }} - nodePort: {{ .Values.server.node_port }} - {{- end }} - {{- if .Values.server.observability.metrics.enabled }} - - name: http-metrics - appProtocol: http - protocol: TCP - port: {{ .Values.server.observability.metrics.port }} - {{- end }} - selector: - {{- include "kiali-server.selectorLabels" . | nindent 4 }} - {{- if .Values.deployment.additional_service_yaml }} - {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} - {{- end }} -... diff --git a/charts/nopo11y-stack/charts/kiali-server/templates/serviceaccount.yaml b/charts/nopo11y-stack/charts/kiali-server/templates/serviceaccount.yaml deleted file mode 100644 index 9151b6f..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/templates/serviceaccount.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -... diff --git a/charts/nopo11y-stack/charts/kiali-server/values.yaml b/charts/nopo11y-stack/charts/kiali-server/values.yaml deleted file mode 100644 index 6867362..0000000 --- a/charts/nopo11y-stack/charts/kiali-server/values.yaml +++ /dev/null @@ -1,121 +0,0 @@ -# 'fullnameOverride' is deprecated. Use 'deployment.instance_name' instead. -# This is only supported for backward compatibility and will be removed in a future version. -# If 'fullnameOverride' is not "kiali" and 'deployment.instance_name' is "kiali", -# then 'deployment.instance_name' will take the value of 'fullnameOverride' value. -# Otherwise, 'fullnameOverride' is ignored and 'deployment.instance_name' is used. -fullnameOverride: "kiali" - -# This is required for "openshift" auth strategy. -# You have to know ahead of time what your Route URL will be because -# right now the helm chart can't figure this out at runtime (it would -# need to wait for the Kiali Route to be deployed and for OpenShift -# to start it up). If someone knows how to update this helm chart to -# do this, a PR would be welcome. -kiali_route_url: "" - -# -# Settings that mimic the Kiali CR which are placed in the ConfigMap. -# Note that only those values used by the Helm Chart will be here. -# - -additional_display_details: -- annotation: kiali.io/api-spec - icon_annotation: kiali.io/api-type - title: API Documentation - -istio_namespace: "" # default is where Kiali is installed - -auth: - openid: {} - openshift: {} - strategy: "" - -clustering: - autodetect_secrets: - enabled: true - label: "kiali.io/multiCluster=true" - clusters: [] - -deployment: - # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. - # For more control over what the Kial Service Account can see, use the Kiali Operator - accessible_namespaces: - - "**" - additional_service_yaml: {} - affinity: - node: {} - pod: {} - pod_anti: {} - configmap_annotations: {} - custom_secrets: [] - host_aliases: [] - hpa: - api_version: "autoscaling/v2" - spec: {} - image_digest: "" # use "sha256" if image_version is a sha256 hash (do NOT prefix this value with a "@") - image_name: quay.io/kiali/kiali - image_pull_policy: "Always" - image_pull_secrets: [] - image_version: v1.83.0 # version like "v1.39" (see: https://quay.io/repository/kiali/kiali?tab=tags) or a digest hash - ingress: - additional_labels: {} - class_name: "nginx" - #enabled: - override_yaml: - metadata: {} - instance_name: "kiali" - logger: - log_format: "text" - log_level: "info" - time_field_format: "2006-01-02T15:04:05Z07:00" - sampler_rate: "1" - node_selector: {} - pod_annotations: {} - pod_labels: {} - priority_class_name: "" - replicas: 1 - resources: - requests: - cpu: "10m" - memory: "64Mi" - limits: - memory: "1Gi" - secret_name: "kiali" - security_context: {} - service_annotations: {} - service_type: "" - tolerations: [] - version_label: v1.83.0 # v1.39 # v1.39.0 # see: https://quay.io/repository/kiali/kiali?tab=tags - view_only_mode: false - -external_services: - custom_dashboards: - enabled: true - istio: - root_namespace: "" - -identity: {} - #cert_file: - #private_key_file: - -kiali_feature_flags: - certificates_information_indicators: - enabled: true - secrets: - - cacerts - - istio-ca-secret - disabled_features: [] - validations: - ignore: ["KIA1301"] - -login_token: - signing_key: "" - -server: - port: 20001 - #node_port: - observability: - metrics: - enabled: true - port: 9090 - web_root: "" diff --git a/charts/nopo11y-stack/charts/kube-prometheus-stack/.editorconfig b/charts/nopo11y-stack/charts/kube-prometheus-stack/.editorconfig deleted file mode 100644 index f5ee2f4..0000000 --- a/charts/nopo11y-stack/charts/kube-prometheus-stack/.editorconfig +++ /dev/null @@ -1,5 +0,0 @@ -root = true - -[files/dashboards/*.json] -indent_size = 2 -indent_style = space \ No newline at end of file diff --git a/charts/nopo11y-stack/charts/kube-prometheus-stack/.helmignore b/charts/nopo11y-stack/charts/kube-prometheus-stack/.helmignore deleted file mode 100644 index 9bdbec9..0000000 --- a/charts/nopo11y-stack/charts/kube-prometheus-stack/.helmignore +++ /dev/null @@ -1,29 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# helm/charts -OWNERS -hack/ -ci/ -kube-prometheus-*.tgz - -unittests/ -files/dashboards/ diff --git a/charts/nopo11y-stack/charts/kube-prometheus-stack/CONTRIBUTING.md b/charts/nopo11y-stack/charts/kube-prometheus-stack/CONTRIBUTING.md deleted file mode 100644 index f6ce2a3..0000000 --- a/charts/nopo11y-stack/charts/kube-prometheus-stack/CONTRIBUTING.md +++ /dev/null @@ -1,12 +0,0 @@ -# Contributing Guidelines - -## How to contribute to this chart - -1. Fork this repository, develop and test your Chart. -1. Bump the chart version for every change. -1. Ensure PR title has the prefix `[kube-prometheus-stack]` -1. When making changes to rules or dashboards, see the README.md section on how to sync data from upstream repositories -1. Check the `hack/minikube` folder has scripts to set up minikube and components of this chart that will allow all components to be scraped. You can use this configuration when validating your changes. -1. Check for changes of RBAC rules. -1. Check for changes in CRD specs. -1. PR must pass the linter (`helm lint`) diff --git a/charts/nopo11y-stack/charts/kube-prometheus-stack/Chart.lock b/charts/nopo11y-stack/charts/kube-prometheus-stack/Chart.lock deleted file mode 100644 index 332246f..0000000 --- a/charts/nopo11y-stack/charts/kube-prometheus-stack/Chart.lock +++ /dev/null @@ -1,18 +0,0 @@ -dependencies: -- name: crds - repository: "" - version: 0.0.0 -- name: kube-state-metrics - repository: https://prometheus-community.github.io/helm-charts - version: 5.18.1 -- name: prometheus-node-exporter - repository: https://prometheus-community.github.io/helm-charts - version: 4.32.0 -- name: grafana - repository: https://grafana.github.io/helm-charts - version: 7.3.9 -- name: prometheus-windows-exporter - repository: https://prometheus-community.github.io/helm-charts - version: 0.3.1 -digest: sha256:cfd2f0bd4a20dbf54e72726966e4d4e73306afd5fba5a75054b5e527af810314 -generated: "2024-04-24T06:23:36.428051526Z" diff --git a/charts/nopo11y-stack/charts/kube-prometheus-stack/Chart.yaml b/charts/nopo11y-stack/charts/kube-prometheus-stack/Chart.yaml deleted file mode 100644 index 1ff6f62..0000000 --- a/charts/nopo11y-stack/charts/kube-prometheus-stack/Chart.yaml +++ /dev/null @@ -1,65 +0,0 @@ -annotations: - artifacthub.io/license: Apache-2.0 - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" -apiVersion: v2 -appVersion: v0.73.2 -dependencies: -- condition: crds.enabled - name: crds - repository: "" - version: 0.0.0 -- condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: https://prometheus-community.github.io/helm-charts - version: 5.18.* -- condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: https://prometheus-community.github.io/helm-charts - version: 4.32.* -- condition: grafana.enabled - name: grafana - repository: https://grafana.github.io/helm-charts - version: 7.3.* -- condition: windowsMonitoring.enabled - name: prometheus-windows-exporter - repository: https://prometheus-community.github.io/helm-charts - version: 0.3.* -description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, - and Prometheus rules combined with documentation and scripts to provide easy to - operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus - Operator. -home: https://github.com/prometheus-operator/kube-prometheus -icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png -keywords: -- operator -- prometheus -- kube-prometheus -kubeVersion: '>=1.19.0-0' -maintainers: -- email: andrew@quadcorps.co.uk - name: andrewgkew -- email: gianrubio@gmail.com - name: gianrubio -- email: github.gkarthiks@gmail.com - name: gkarthiks -- email: kube-prometheus-stack@sisti.pt - name: GMartinez-Sisti -- email: github@jkroepke.de - name: jkroepke -- email: scott@r6by.com - name: scottrigby -- email: miroslav.hadzhiev@gmail.com - name: Xtigyro -- email: quentin.bisson@gmail.com - name: QuentinBisson -name: kube-prometheus-stack -sources: -- https://github.com/prometheus-community/helm-charts -- https://github.com/prometheus-operator/kube-prometheus -type: application -version: 58.2.2 diff --git a/charts/nopo11y-stack/charts/kube-prometheus-stack/README.md b/charts/nopo11y-stack/charts/kube-prometheus-stack/README.md deleted file mode 100644 index 89c97d0..0000000 --- a/charts/nopo11y-stack/charts/kube-prometheus-stack/README.md +++ /dev/null @@ -1,1067 +0,0 @@ -# kube-prometheus-stack - -Installs the [kube-prometheus stack](https://github.com/prometheus-operator/kube-prometheus), a collection of Kubernetes manifests, [Grafana](http://grafana.com/) dashboards, and [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with [Prometheus](https://prometheus.io/) using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). - -See the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) README for details about components, dashboards, and alerts. - -_Note: This chart was formerly named `prometheus-operator` chart, now renamed to more clearly reflect that it installs the `kube-prometheus` project stack, within which Prometheus Operator is only one component._ - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3+ - -## Get Helm Repository Info - -```console -helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -helm repo update -``` - -_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Helm Chart - -```console -helm install [RELEASE_NAME] prometheus-community/kube-prometheus-stack -``` - -_See [configuration](#configuration) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - -## Dependencies - -By default this chart installs additional, dependent charts: - -- [prometheus-community/kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) -- [prometheus-community/prometheus-node-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter) -- [grafana/grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana) - -To disable dependencies during installation, see [multiple releases](#multiple-releases) below. - -_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._ - -## Uninstall Helm Chart - -```console -helm uninstall [RELEASE_NAME] -``` - -This removes all the Kubernetes components associated with the chart and deletes the release. - -_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ - -CRDs created by this chart are not removed by default and should be manually cleaned up: - -```console -kubectl delete crd alertmanagerconfigs.monitoring.coreos.com -kubectl delete crd alertmanagers.monitoring.coreos.com -kubectl delete crd podmonitors.monitoring.coreos.com -kubectl delete crd probes.monitoring.coreos.com -kubectl delete crd prometheusagents.monitoring.coreos.com -kubectl delete crd prometheuses.monitoring.coreos.com -kubectl delete crd prometheusrules.monitoring.coreos.com -kubectl delete crd scrapeconfigs.monitoring.coreos.com -kubectl delete crd servicemonitors.monitoring.coreos.com -kubectl delete crd thanosrulers.monitoring.coreos.com -``` - -## Upgrading Chart - -```console -helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack -``` - -With Helm v3, CRDs created by this chart are not updated by default and should be manually updated. -Consult also the [Helm Documentation on CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions). - -_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ - -### Upgrading an existing Release to a new major version - -A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. - -### From 57.x to 58.x - -This version upgrades Prometheus-Operator to v0.73.0 - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 56.x to 57.x - -This version upgrades Prometheus-Operator to v0.72.0 - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 55.x to 56.x - -This version upgrades Prometheus-Operator to v0.71.0, Prometheus to 2.49.1 - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 54.x to 55.x - -This version upgrades Prometheus-Operator to v0.70.0 - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 53.x to 54.x - -Grafana Helm Chart has bumped to version 7 - -Please note Grafana Helm Chart [changelog](https://github.com/grafana/helm-charts/tree/main/charts/grafana#to-700). - -### From 52.x to 53.x - -This version upgrades Prometheus-Operator to v0.69.1, Prometheus to 2.47.2 - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.69.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.69.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.69.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.69.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.69.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.69.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.69.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.69.1/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.69.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.69.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 51.x to 52.x - -This includes the ability to select between using existing secrets or create new secret objects for various thanos config. The defaults have not changed but if you were setting: - -- `thanosRuler.thanosRulerSpec.alertmanagersConfig` or -- `thanosRuler.thanosRulerSpec.objectStorageConfig` or -- `thanosRuler.thanosRulerSpec.queryConfig` or -- `prometheus.prometheusSpec.thanos.objectStorageConfig` - -you will have to need to set `existingSecret` or `secret` based on your requirement - -For instance, the `thanosRuler.thanosRulerSpec.alertmanagersConfig` used to be configured as follow: - -```yaml -thanosRuler: - thanosRulerSpec: - alertmanagersConfig: - alertmanagers: - - api_version: v2 - http_config: - basic_auth: - username: some_user - password: some_pass - static_configs: - - alertmanager.thanos.io - scheme: http - timeout: 10s -``` - -But it now moved to: - -```yaml -thanosRuler: - thanosRulerSpec: - alertmanagersConfig: - secret: - alertmanagers: - - api_version: v2 - http_config: - basic_auth: - username: some_user - password: some_pass - static_configs: - - alertmanager.thanos.io - scheme: http - timeout: 10s -``` - -or the `thanosRuler.thanosRulerSpec.objectStorageConfig` used to be configured as follow: - -```yaml -thanosRuler: - thanosRulerSpec: - objectStorageConfig: - name: existing-secret-not-created-by-this-chart - key: object-storage-configs.yaml -``` - -But it now moved to: - -```yaml -thanosRuler: - thanosRulerSpec: - objectStorageConfig: - existingSecret: - name: existing-secret-not-created-by-this-chart - key: object-storage-configs.yaml -``` - -### From 50.x to 51.x - -This version upgrades Prometheus-Operator to v0.68.0, Prometheus to 2.47.0 and Thanos to v0.32.2 - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 49.x to 50.x - -This version requires Kubernetes 1.19+. - -We do not expect any breaking changes in this version. - -### From 48.x to 49.x - -This version upgrades Prometheus-Operator to v0.67.1, 0, Alertmanager to v0.26.0, Prometheus to 2.46.0 and Thanos to v0.32.0 - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 47.x to 48.x - -This version moved all CRDs into a dedicated sub-chart. No new CRDs are introduced in this version. -See [#3548](https://github.com/prometheus-community/helm-charts/issues/3548) for more context. - -We do not expect any breaking changes in this version. - -### From 46.x to 47.x - -This version upgrades Prometheus-Operator to v0.66.0 with new CRDs (PrometheusAgent and ScrapeConfig). - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 45.x to 46.x - -This version upgrades Prometheus-Operator to v0.65.1 with new CRDs (PrometheusAgent and ScrapeConfig), Prometheus to v2.44.0 and Thanos to v0.31.0. - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 44.x to 45.x - -This version upgrades Prometheus-Operator to v0.63.0, Prometheus to v2.42.0 and Thanos to v0.30.2. - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.63.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.63.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.63.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.63.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.63.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.63.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.63.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.63.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 43.x to 44.x - -This version upgrades Prometheus-Operator to v0.62.0, Prometheus to v2.41.0 and Thanos to v0.30.1. - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.62.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.62.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.62.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.62.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.62.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.62.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.62.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.62.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -If you have explicitly set `prometheusOperator.admissionWebhooks.failurePolicy`, this value is now always used even when `.prometheusOperator.admissionWebhooks.patch.enabled` is `true` (the default). - -The values for `prometheusOperator.image.tag` & `prometheusOperator.prometheusConfigReloader.image.tag` are now empty by default and the Chart.yaml `appVersion` field is used instead. - -### From 42.x to 43.x - -This version upgrades Prometheus-Operator to v0.61.1, Prometheus to v2.40.5 and Thanos to v0.29.0. - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 41.x to 42.x - -This includes the overridability of container registry for all containers at the global level using `global.imageRegistry` or per container image. The defaults have not changed but if you were using a custom image, you will have to override the registry of said custom container image before you upgrade. - -For instance, the prometheus-config-reloader used to be configured as follow: - -```yaml - image: - repository: quay.io/prometheus-operator/prometheus-config-reloader - tag: v0.60.1 - sha: "" -``` - -But it now moved to: - -```yaml - image: - registry: quay.io - repository: prometheus-operator/prometheus-config-reloader - tag: v0.60.1 - sha: "" -``` - -### From 40.x to 41.x - -This version upgrades Prometheus-Operator to v0.60.1, Prometheus to v2.39.1 and Thanos to v0.28.1. -This version also upgrades the Helm charts of kube-state-metrics to 4.20.2, prometheus-node-exporter to 4.3.0 and Grafana to 6.40.4. - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -This version splits kubeScheduler recording and altering rules in separate config values. -Instead of `defaultRules.rules.kubeScheduler` the 2 new variables `defaultRules.rules.kubeSchedulerAlerting` and `defaultRules.rules.kubeSchedulerRecording` are used. - -### From 39.x to 40.x - -This version upgrades Prometheus-Operator to v0.59.1, Prometheus to v2.38.0, kube-state-metrics to v2.6.0 and Thanos to v0.28.0. -This version also upgrades the Helm charts of kube-state-metrics to 4.18.0 and prometheus-node-exporter to 4.2.0. - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -Starting from prometheus-node-exporter version 4.0.0, the `node exporter` chart is using the [Kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/). Therefore you have to delete the daemonset before you upgrade. - -```console -kubectl delete daemonset -l app=prometheus-node-exporter -helm upgrade -i kube-prometheus-stack prometheus-community/kube-prometheus-stack -``` - -If you use your own custom [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor) or [PodMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#podmonitor), please ensure to upgrade their `selector` fields accordingly to the new labels. - -### From 38.x to 39.x - -This upgraded prometheus-operator to v0.58.0 and prometheus to v2.37.0 - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 37.x to 38.x - -Reverted one of the default metrics relabelings for cAdvisor added in 36.x, due to it breaking container_network_* and various other statistics. If you do not want this change, you will need to override the `kubelet.cAdvisorMetricRelabelings`. - -### From 36.x to 37.x - -This includes some default metric relabelings for cAdvisor and apiserver metrics to reduce cardinality. If you do not want these defaults, you will need to override the `kubeApiServer.metricRelabelings` and or `kubelet.cAdvisorMetricRelabelings`. - -### From 35.x to 36.x - -This upgraded prometheus-operator to v0.57.0 and prometheus to v2.36.1 - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 34.x to 35.x - -This upgraded prometheus-operator to v0.56.0 and prometheus to v2.35.0 - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 33.x to 34.x - -This upgrades to prometheus-operator to v0.55.0 and prometheus to v2.33.5. - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 32.x to 33.x - -This upgrades the prometheus-node-exporter Chart to v3.0.0. Please review the changes to this subchart if you make customizations to hostMountPropagation. - -### From 31.x to 32.x - -This upgrades to prometheus-operator to v0.54.0 and prometheus to v2.33.1. It also changes the default for `grafana.serviceMonitor.enabled` to `true. - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 30.x to 31.x - -This version removes the built-in grafana ServiceMonitor and instead relies on the ServiceMonitor of the sub-chart. -`grafana.serviceMonitor.enabled` must be set instead of `grafana.serviceMonitor.selfMonitor` and the old ServiceMonitor may -need to be manually cleaned up after deploying the new release. - -### From 29.x to 30.x - -This version updates kube-state-metrics to 4.3.0 and uses the new option `kube-state-metrics.releaseLabel=true` which adds the "release" label to kube-state-metrics labels, making scraping of the metrics by kube-prometheus-stack work out of the box again, independent of the used kube-prometheus-stack release name. If you already set the "release" label via `kube-state-metrics.customLabels` you might have to remove that and use it via the new option. - -### From 28.x to 29.x - -This version makes scraping port for kube-controller-manager and kube-scheduler dynamic to reflect changes to default serving ports -for those components in Kubernetes versions v1.22 and v1.23 respectively. - -If you deploy on clusters using version v1.22+, kube-controller-manager will be scraped over HTTPS on port 10257. - -If you deploy on clusters running version v1.23+, kube-scheduler will be scraped over HTTPS on port 10259. - -### From 27.x to 28.x - -This version disables PodSecurityPolicies by default because they are deprecated in Kubernetes 1.21 and will be removed in Kubernetes 1.25. - -If you are using PodSecurityPolicies you can enable the previous behaviour by setting `kube-state-metrics.podSecurityPolicy.enabled`, `prometheus-node-exporter.rbac.pspEnabled`, `grafana.rbac.pspEnabled` and `global.rbac.pspEnabled` to `true`. - -### From 26.x to 27.x - -This version splits prometheus-node-exporter chart recording and altering rules in separate config values. -Instead of `defaultRules.rules.node` the 2 new variables `defaultRules.rules.nodeExporterAlerting` and `defaultRules.rules.nodeExporterRecording` are used. - -Also the following defaultRules.rules has been removed as they had no effect: `kubeApiserverError`, `kubePrometheusNodeAlerting`, `kubernetesAbsent`, `time`. - -The ability to set a rubookUrl via `defaultRules.rules.rubookUrl` was reintroduced. - -### From 25.x to 26.x - -This version enables the prometheus-node-exporter subchart servicemonitor by default again, by setting `prometheus-node-exporter.prometheus.monitor.enabled` to `true`. - -### From 24.x to 25.x - -This version upgrade to prometheus-operator v0.53.1. It removes support for setting a runbookUrl, since the upstream format for runbooks changed. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 23.x to 24.x - -The custom `ServiceMonitor` for the _kube-state-metrics_ & _prometheus-node-exporter_ charts have been removed in favour of the built-in sub-chart `ServiceMonitor`; for both sub-charts this means that `ServiceMonitor` customisations happen via the values passed to the chart. If you haven't directly customised this behaviour then there are no changes required to upgrade, but if you have please read the following. - -For _kube-state-metrics_ the `ServiceMonitor` customisation is now set via `kube-state-metrics.prometheus.monitor` and the `kubeStateMetrics.serviceMonitor.selfMonitor.enabled` value has moved to `kube-state-metrics.selfMonitor.enabled`. - -For _prometheus-node-exporter_ the `ServiceMonitor` customisation is now set via `prometheus-node-exporter.prometheus.monitor` and the `nodeExporter.jobLabel` values has moved to `prometheus-node-exporter.prometheus.monitor.jobLabel`. - -### From 22.x to 23.x - -Port names have been renamed for Istio's -[explicit protocol selection](https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/#explicit-protocol-selection). - -| | old value | new value | -|-|-----------|-----------| -| `alertmanager.alertmanagerSpec.portName` | `web` | `http-web` | -| `grafana.service.portName` | `service` | `http-web` | -| `prometheus-node-exporter.service.portName` | `metrics` (hardcoded) | `http-metrics` | -| `prometheus.prometheusSpec.portName` | `web` | `http-web` | - -### From 21.x to 22.x - -Due to the upgrade of the `kube-state-metrics` chart, removal of its deployment/stateful needs to done manually prior to upgrading: - -```console -kubectl delete deployments.apps -l app.kubernetes.io/instance=prometheus-operator,app.kubernetes.io/name=kube-state-metrics --cascade=orphan -``` - -or if you use autosharding: - -```console -kubectl delete statefulsets.apps -l app.kubernetes.io/instance=prometheus-operator,app.kubernetes.io/name=kube-state-metrics --cascade=orphan -``` - -### From 20.x to 21.x - -The config reloader values have been refactored. All the values have been moved to the key `prometheusConfigReloader` and the limits and requests can now be set separately. - -### From 19.x to 20.x - -Version 20 upgrades prometheus-operator from 0.50.x to 0.52.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 18.x to 19.x - -`kubeStateMetrics.serviceMonitor.namespaceOverride` was removed. -Please use `kube-state-metrics.namespaceOverride` instead. - -### From 17.x to 18.x - -Version 18 upgrades prometheus-operator from 0.49.x to 0.50.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 16.x to 17.x - -Version 17 upgrades prometheus-operator from 0.48.x to 0.49.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 15.x to 16.x - -Version 16 upgrades kube-state-metrics to v2.0.0. This includes changed command-line arguments and removed metrics, see this [blog post](https://kubernetes.io/blog/2021/04/13/kube-state-metrics-v-2-0/). This version also removes Grafana dashboards that supported Kubernetes 1.14 or earlier. - -### From 14.x to 15.x - -Version 15 upgrades prometheus-operator from 0.46.x to 0.47.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 13.x to 14.x - -Version 14 upgrades prometheus-operator from 0.45.x to 0.46.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 12.x to 13.x - -Version 13 upgrades prometheus-operator from 0.44.x to 0.45.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -``` - -### From 11.x to 12.x - -Version 12 upgrades prometheus-operator from 0.43.x to 0.44.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.44/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -``` - -The chart was migrated to support only helm v3 and later. - -### From 10.x to 11.x - -Version 11 upgrades prometheus-operator from 0.42.x to 0.43.x. Starting with 0.43.x an additional `AlertmanagerConfigs` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.43/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -``` - -Version 11 removes the deprecated tlsProxy via ghostunnel in favor of native TLS support the prometheus-operator gained with v0.39.0. - -### From 9.x to 10.x - -Version 10 upgrades prometheus-operator from 0.38.x to 0.42.x. Starting with 0.40.x an additional `Probes` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.42/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -``` - -### From 8.x to 9.x - -Version 9 of the helm chart removes the existing `additionalScrapeConfigsExternal` in favour of `additionalScrapeConfigsSecret`. This change lets users specify the secret name and secret key to use for the additional scrape configuration of prometheus. This is useful for users that have prometheus-operator as a subchart and also have a template that creates the additional scrape configuration. - -### From 7.x to 8.x - -Due to new template functions being used in the rules in version 8.x.x of the chart, an upgrade to Prometheus Operator and Prometheus is necessary in order to support them. First, upgrade to the latest version of 7.x.x - -```console -helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version 7.5.0 -``` - -Then upgrade to 8.x.x - -```console -helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version [8.x.x] -``` - -Minimal recommended Prometheus version for this chart release is `2.12.x` - -### From 6.x to 7.x - -Due to a change in grafana subchart, version 7.x.x now requires Helm >= 2.12.0. - -### From 5.x to 6.x - -Due to a change in deployment labels of kube-state-metrics, the upgrade requires `helm upgrade --force` in order to re-create the deployment. If this is not done an error will occur indicating that the deployment cannot be modified: - -```console -invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/name":"kube-state-metrics"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable -``` - -If this error has already been encountered, a `helm history` command can be used to determine which release has worked, then `helm rollback` to the release, then `helm upgrade --force` to this new one - -## Configuration - -See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: - -```console -helm show values prometheus-community/kube-prometheus-stack -``` - -You may also `helm show values` on this chart's [dependencies](#dependencies) for additional options. - -### Multiple releases - -The same chart can be used to run multiple Prometheus instances in the same cluster if required. To achieve this, it is necessary to run only one instance of prometheus-operator and a pair of alertmanager pods for an HA configuration, while all other components need to be disabled. To disable a dependency during installation, set `kubeStateMetrics.enabled`, `nodeExporter.enabled` and `grafana.enabled` to `false`. - -## Work-Arounds for Known Issues - -### Running on private GKE clusters - -When Google configure the control plane for private clusters, they automatically configure VPC peering between your Kubernetes cluster’s network and a separate Google managed project. In order to restrict what Google are able to access within your cluster, the firewall rules configured restrict access to your Kubernetes pods. This means that in order to use the webhook component with a GKE private cluster, you must configure an additional firewall rule to allow the GKE control plane access to your webhook pod. - -You can read more information on how to add firewall rules for the GKE control plane nodes in the [GKE docs](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules) - -Alternatively, you can disable the hooks by setting `prometheusOperator.admissionWebhooks.enabled=false`. - -## PrometheusRules Admission Webhooks - -With Prometheus Operator version 0.30+, the core Prometheus Operator pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent malformed rules from being added to the cluster. - -### How the Chart Configures the Hooks - -A validating and mutating webhook configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks. - -1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits. -2. The prometheus operator pod is configured to use a TLS proxy container, which will load that certificate. -3. Validating and Mutating webhook configurations are created in the cluster, with their failure mode set to Ignore. This allows rules to be created by the same chart at the same time, even though the webhook has not yet been fully set up - it does not have the correct CA field set. -4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations - -### Alternatives - -It should be possible to use [jetstack/cert-manager](https://github.com/jetstack/cert-manager) if a more complete solution is required, but it has not been tested. - -You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `prometheusOperator.admissionWebhooks.certManager.enabled` value to true. - -### Limitations - -Because the operator can only run as a single pod, there is potential for this component failure to cause rule deployment failure. Because this risk is outweighed by the benefit of having validation, the feature is enabled by default. - -## Developing Prometheus Rules and Grafana Dashboards - -This chart Grafana Dashboards and Prometheus Rules are just a copy from [prometheus-operator/prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) and other sources, synced (with alterations) by scripts in [hack](hack) folder. In order to introduce any changes you need to first [add them to the original repository](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/customizations/developing-prometheus-rules-and-grafana-dashboards.md) and then sync there by scripts. - -## Further Information - -For more in-depth documentation of configuration options meanings, please see - -- [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) -- [Prometheus](https://prometheus.io/docs/introduction/overview/) -- [Grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana#grafana-helm-chart) - -## prometheus.io/scrape - -The prometheus operator does not support annotation-based discovery of services, using the `PodMonitor` or `ServiceMonitor` CRD in its place as they provide far more configuration options. -For information on how to use PodMonitors/ServiceMonitors, please see the documentation on the `prometheus-operator/prometheus-operator` documentation here: - -- [ServiceMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md#include-servicemonitors) -- [PodMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md#include-podmonitors) -- [Running Exporters](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/running-exporters.md) - -By default, Prometheus discovers PodMonitors and ServiceMonitors within its namespace, that are labeled with the same release tag as the prometheus-operator release. -Sometimes, you may need to discover custom PodMonitors/ServiceMonitors, for example used to scrape data from third-party applications. -An easy way of doing this, without compromising the default PodMonitors/ServiceMonitors discovery, is allowing Prometheus to discover all PodMonitors/ServiceMonitors within its namespace, without applying label filtering. -To do so, you can set `prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues` and `prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues` to `false`. - -## Migrating from stable/prometheus-operator chart - -## Zero downtime - -Since `kube-prometheus-stack` is fully compatible with the `stable/prometheus-operator` chart, a migration without downtime can be achieved. -However, the old name prefix needs to be kept. If you want the new name please follow the step by step guide below (with downtime). - -You can override the name to achieve this: - -```console -helm upgrade prometheus-operator prometheus-community/kube-prometheus-stack -n monitoring --reuse-values --set nameOverride=prometheus-operator -``` - -**Note**: It is recommended to run this first with `--dry-run --debug`. - -## Redeploy with new name (downtime) - -If the **prometheus-operator** values are compatible with the new **kube-prometheus-stack** chart, please follow the below steps for migration: - -> The guide presumes that chart is deployed in `monitoring` namespace and the deployments are running there. If in other namespace, please replace the `monitoring` to the deployed namespace. - -1. Patch the PersistenceVolume created/used by the prometheus-operator chart to `Retain` claim policy: - - ```console - kubectl patch pv/ -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' - ``` - - **Note:** To execute the above command, the user must have a cluster wide permission. Please refer [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) - -2. Uninstall the **prometheus-operator** release and delete the existing PersistentVolumeClaim, and verify PV become Released. - - ```console - helm uninstall prometheus-operator -n monitoring - kubectl delete pvc/ -n monitoring - ``` - - Additionally, you have to manually remove the remaining `prometheus-operator-kubelet` service. - - ```console - kubectl delete service/prometheus-operator-kubelet -n kube-system - ``` - - You can choose to remove all your existing CRDs (ServiceMonitors, Podmonitors, etc.) if you want to. - -3. Remove current `spec.claimRef` values to change the PV's status from Released to Available. - - ```console - kubectl patch pv/ --type json -p='[{"op": "remove", "path": "/spec/claimRef"}]' -n monitoring - ``` - -**Note:** To execute the above command, the user must have a cluster wide permission. Please refer to [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) - -After these steps, proceed to a fresh **kube-prometheus-stack** installation and make sure the current release of **kube-prometheus-stack** matching the `volumeClaimTemplate` values in the `values.yaml`. - -The binding is done via matching a specific amount of storage requested and with certain access modes. - -For example, if you had storage specified as this with **prometheus-operator**: - -```yaml -volumeClaimTemplate: - spec: - storageClassName: gp2 - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 50Gi -``` - -You have to specify matching `volumeClaimTemplate` with 50Gi storage and `ReadWriteOnce` access mode. - -Additionally, you should check the current AZ of your legacy installation's PV, and configure the fresh release to use the same AZ as the old one. If the pods are in a different AZ than the PV, the release will fail to bind the existing one, hence creating a new PV. - -This can be achieved either by specifying the labels through `values.yaml`, e.g. setting `prometheus.prometheusSpec.nodeSelector` to: - -```yaml -nodeSelector: - failure-domain.beta.kubernetes.io/zone: east-west-1a -``` - -or passing these values as `--set` overrides during installation. - -The new release should now re-attach your previously released PV with its content. - -## Migrating from coreos/prometheus-operator chart - -The multiple charts have been combined into a single chart that installs prometheus operator, prometheus, alertmanager, grafana as well as the multitude of exporters necessary to monitor a cluster. - -There is no simple and direct migration path between the charts as the changes are extensive and intended to make the chart easier to support. - -The capabilities of the old chart are all available in the new chart, including the ability to run multiple prometheus instances on a single cluster - you will need to disable the parts of the chart you do not wish to deploy. - -You can check out the tickets for this change [here](https://github.com/prometheus-operator/prometheus-operator/issues/592) and [here](https://github.com/helm/charts/pull/6765). - -### High-level overview of Changes - -#### Added dependencies - -The chart has added 3 [dependencies](#dependencies). - -- Node-Exporter, Kube-State-Metrics: These components are loaded as dependencies into the chart, and are relatively simple components -- Grafana: The Grafana chart is more feature-rich than this chart - it contains a sidecar that is able to load data sources and dashboards from configmaps deployed into the same cluster. For more information check out the [documentation for the chart](https://github.com/grafana/helm-charts/blob/main/charts/grafana/README.md) - -#### Kubelet Service - -Because the kubelet service has a new name in the chart, make sure to clean up the old kubelet service in the `kube-system` namespace to prevent counting container metrics twice. - -#### Persistent Volumes - -If you would like to keep the data of the current persistent volumes, it should be possible to attach existing volumes to new PVCs and PVs that are created using the conventions in the new chart. For example, in order to use an existing Azure disk for a helm release called `prometheus-migration` the following resources can be created: - -```yaml -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pvc-prometheus-migration-prometheus-0 -spec: - accessModes: - - ReadWriteOnce - azureDisk: - cachingMode: None - diskName: pvc-prometheus-migration-prometheus-0 - diskURI: /subscriptions/f5125d82-2622-4c50-8d25-3f7ba3e9ac4b/resourceGroups/sample-migration-resource-group/providers/Microsoft.Compute/disks/pvc-prometheus-migration-prometheus-0 - fsType: "" - kind: Managed - readOnly: false - capacity: - storage: 1Gi - persistentVolumeReclaimPolicy: Delete - storageClassName: prometheus - volumeMode: Filesystem -``` - -```yaml -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - app.kubernetes.io/name: prometheus - prometheus: prometheus-migration-prometheus - name: prometheus-prometheus-migration-prometheus-db-prometheus-prometheus-migration-prometheus-0 - namespace: monitoring -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: prometheus - volumeMode: Filesystem - volumeName: pvc-prometheus-migration-prometheus-0 -``` - -The PVC will take ownership of the PV and when you create a release using a persistent volume claim template it will use the existing PVCs as they match the naming convention used by the chart. For other cloud providers similar approaches can be used. - -#### KubeProxy - -The metrics bind address of kube-proxy is default to `127.0.0.1:10249` that prometheus instances **cannot** access to. You should expose metrics by changing `metricsBindAddress` field value to `0.0.0.0:10249` if you want to collect them. - -Depending on the cluster, the relevant part `config.conf` will be in ConfigMap `kube-system/kube-proxy` or `kube-system/kube-proxy-config`. For example: - -```console -kubectl -n kube-system edit cm kube-proxy -``` - -```yaml -apiVersion: v1 -data: - config.conf: |- - apiVersion: kubeproxy.config.k8s.io/v1alpha1 - kind: KubeProxyConfiguration - # ... - # metricsBindAddress: 127.0.0.1:10249 - metricsBindAddress: 0.0.0.0:10249 - # ... - kubeconfig.conf: |- - # ... -kind: ConfigMap -metadata: - labels: - app: kube-proxy - name: kube-proxy - namespace: kube-system -``` diff --git a/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/Chart.yaml b/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/Chart.yaml deleted file mode 100644 index adb9e4a..0000000 --- a/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/Chart.yaml +++ /dev/null @@ -1,3 +0,0 @@ -apiVersion: v2 -name: crds -version: 0.0.0 diff --git a/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/README.md b/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/README.md deleted file mode 100644 index 02092b9..0000000 --- a/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# crds subchart - -See: [https://github.com/prometheus-community/helm-charts/issues/3548](https://github.com/prometheus-community/helm-charts/issues/3548) diff --git a/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml b/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml deleted file mode 100644 index 13d0574..0000000 --- a/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml +++ /dev/null @@ -1,5726 +0,0 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.73.2 - name: alertmanagerconfigs.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: AlertmanagerConfig - listKind: AlertmanagerConfigList - plural: alertmanagerconfigs - shortNames: - - amcfg - singular: alertmanagerconfig - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: AlertmanagerConfig configures the Prometheus Alertmanager, specifying - how alerts should be grouped, inhibited and notified to external systems. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AlertmanagerConfigSpec is a specification of the desired - behavior of the Alertmanager configuration. By definition, the Alertmanager - configuration only applies to alerts for which the `namespace` label - is equal to the namespace of the AlertmanagerConfig resource. - properties: - inhibitRules: - description: List of inhibition rules. The rules will only apply to - alerts matching the resource's namespace. - items: - description: InhibitRule defines an inhibition rule that allows - to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule - properties: - equal: - description: Labels that must have an equal value in the source - and target alert for the inhibition to take effect. - items: - type: string - type: array - sourceMatch: - description: Matchers for which one or more alerts have to exist - for the inhibition to take effect. The operator enforces that - the alert matches the resource's namespace. - items: - description: Matcher defines how to match on alert's labels. - properties: - matchType: - description: Match operation available with AlertManager - >= v0.22.0 and takes precedence over Regex (deprecated) - if non-empty. - enum: - - '!=' - - = - - =~ - - '!~' - type: string - name: - description: Label to match. - minLength: 1 - type: string - regex: - description: 'Whether to match on equality (false) or - regular-expression (true). Deprecated: for AlertManager - >= v0.22.0, `matchType` should be used instead.' - type: boolean - value: - description: Label value to match. - type: string - required: - - name - type: object - type: array - targetMatch: - description: Matchers that have to be fulfilled in the alerts - to be muted. The operator enforces that the alert matches - the resource's namespace. - items: - description: Matcher defines how to match on alert's labels. - properties: - matchType: - description: Match operation available with AlertManager - >= v0.22.0 and takes precedence over Regex (deprecated) - if non-empty. - enum: - - '!=' - - = - - =~ - - '!~' - type: string - name: - description: Label to match. - minLength: 1 - type: string - regex: - description: 'Whether to match on equality (false) or - regular-expression (true). Deprecated: for AlertManager - >= v0.22.0, `matchType` should be used instead.' - type: boolean - value: - description: Label value to match. - type: string - required: - - name - type: object - type: array - type: object - type: array - muteTimeIntervals: - description: List of MuteTimeInterval specifying when the routes should - be muted. - items: - description: MuteTimeInterval specifies the periods in time when - notifications will be muted - properties: - name: - description: Name of the time interval - type: string - timeIntervals: - description: TimeIntervals is a list of TimeInterval - items: - description: TimeInterval describes intervals of time - properties: - daysOfMonth: - description: DaysOfMonth is a list of DayOfMonthRange - items: - description: DayOfMonthRange is an inclusive range of - days of the month beginning at 1 - properties: - end: - description: End of the inclusive range - maximum: 31 - minimum: -31 - type: integer - start: - description: Start of the inclusive range - maximum: 31 - minimum: -31 - type: integer - type: object - type: array - months: - description: Months is a list of MonthRange - items: - description: MonthRange is an inclusive range of months - of the year beginning in January Months can be specified - by name (e.g 'January') by numerical month (e.g '1') - or as an inclusive range (e.g 'January:March', '1:3', - '1:March') - pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9]))$)|$) - type: string - type: array - times: - description: Times is a list of TimeRange - items: - description: TimeRange defines a start and end time - in 24hr format - properties: - endTime: - description: EndTime is the end time in 24hr format. - pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) - type: string - startTime: - description: StartTime is the start time in 24hr - format. - pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) - type: string - type: object - type: array - weekdays: - description: Weekdays is a list of WeekdayRange - items: - description: WeekdayRange is an inclusive range of days - of the week beginning on Sunday Days can be specified - by name (e.g 'Sunday') or as an inclusive range (e.g - 'Monday:Friday') - pattern: ^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$) - type: string - type: array - years: - description: Years is a list of YearRange - items: - description: YearRange is an inclusive range of years - pattern: ^2\d{3}(?::2\d{3}|$) - type: string - type: array - type: object - type: array - type: object - type: array - receivers: - description: List of receivers. - items: - description: Receiver defines one or more notification integrations. - properties: - discordConfigs: - description: List of Discord configurations. - items: - description: DiscordConfig configures notifications via Discord. - See https://prometheus.io/docs/alerting/latest/configuration/#discord_config - properties: - apiURL: - description: The secret's key that contains the Discord - webhook URL. The secret needs to be in the same namespace - as the AlertmanagerConfig object and accessible by the - Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - httpConfig: - description: HTTP client configuration. - properties: - authorization: - description: Authorization header configuration for - the client. This is mutually exclusive with BasicAuth - and is only available starting from Alertmanager - v0.22+. - properties: - credentials: - description: Selects a key of a Secret in the - namespace that contains the credentials for - authentication. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: "Defines the authentication type. - The value is case-insensitive. \n \"Basic\" - is not a supported value. \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: BasicAuth for the client. This is mutually - exclusive with Authorization. If both are defined, - BasicAuth takes precedence. - properties: - password: - description: '`password` specifies a key of a - Secret containing the password for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: '`username` specifies a key of a - Secret containing the username for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer - token to be used by the client for authentication. - The secret needs to be in the same namespace as - the AlertmanagerConfig object and accessible by - the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - followRedirects: - description: FollowRedirects specifies whether the - client should follow HTTP 3xx redirects. - type: boolean - oauth2: - description: OAuth2 client credentials used to fetch - a token for the targets. - properties: - clientId: - description: '`clientId` specifies a key of a - Secret or ConfigMap containing the OAuth2 client''s - ID.' - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: '`clientSecret` specifies a key of - a Secret containing the OAuth2 client''s secret.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: '`endpointParams` configures the - HTTP parameters to append to the token URL.' - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when - doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key - file for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object - type: object - message: - description: The template of the message's body. - type: string - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - title: - description: The template of the message's title. - type: string - required: - - apiURL - type: object - type: array - emailConfigs: - description: List of Email configurations. - items: - description: EmailConfig configures notifications via Email. - properties: - authIdentity: - description: The identity to use for authentication. - type: string - authPassword: - description: The secret's key that contains the password - to use for authentication. The secret needs to be in - the same namespace as the AlertmanagerConfig object - and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - authSecret: - description: The secret's key that contains the CRAM-MD5 - secret. The secret needs to be in the same namespace - as the AlertmanagerConfig object and accessible by the - Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - authUsername: - description: The username to use for authentication. - type: string - from: - description: The sender address. - type: string - headers: - description: Further headers email header key/value pairs. - Overrides any headers previously set by the notification - implementation. - items: - description: KeyValue defines a (key, value) tuple. - properties: - key: - description: Key of the tuple. - minLength: 1 - type: string - value: - description: Value of the tuple. - type: string - required: - - key - - value - type: object - type: array - hello: - description: The hostname to identify to the SMTP server. - type: string - html: - description: The HTML body of the email notification. - type: string - requireTLS: - description: The SMTP TLS requirement. Note that Go does - not support unencrypted connections to remote SMTP endpoints. - type: boolean - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - smarthost: - description: The SMTP host and port through which emails - are sent. E.g. example.com:25 - type: string - text: - description: The text body of the email notification. - type: string - tlsConfig: - description: TLS configuration - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing - client-authentication. - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file - for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - to: - description: The email address to send notifications to. - type: string - type: object - type: array - msteamsConfigs: - description: List of MSTeams configurations. It requires Alertmanager - >= 0.26.0. - items: - description: MSTeamsConfig configures notifications via Microsoft - Teams. It requires Alertmanager >= 0.26.0. - properties: - httpConfig: - description: HTTP client configuration. - properties: - authorization: - description: Authorization header configuration for - the client. This is mutually exclusive with BasicAuth - and is only available starting from Alertmanager - v0.22+. - properties: - credentials: - description: Selects a key of a Secret in the - namespace that contains the credentials for - authentication. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: "Defines the authentication type. - The value is case-insensitive. \n \"Basic\" - is not a supported value. \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: BasicAuth for the client. This is mutually - exclusive with Authorization. If both are defined, - BasicAuth takes precedence. - properties: - password: - description: '`password` specifies a key of a - Secret containing the password for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: '`username` specifies a key of a - Secret containing the username for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer - token to be used by the client for authentication. - The secret needs to be in the same namespace as - the AlertmanagerConfig object and accessible by - the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - followRedirects: - description: FollowRedirects specifies whether the - client should follow HTTP 3xx redirects. - type: boolean - oauth2: - description: OAuth2 client credentials used to fetch - a token for the targets. - properties: - clientId: - description: '`clientId` specifies a key of a - Secret or ConfigMap containing the OAuth2 client''s - ID.' - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: '`clientSecret` specifies a key of - a Secret containing the OAuth2 client''s secret.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: '`endpointParams` configures the - HTTP parameters to append to the token URL.' - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when - doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key - file for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object - type: object - sendResolved: - description: Whether to notify about resolved alerts. - type: boolean - summary: - description: Message summary template. It requires Alertmanager - >= 0.27.0. - type: string - text: - description: Message body template. - type: string - title: - description: Message title template. - type: string - webhookUrl: - description: MSTeams webhook URL. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - required: - - webhookUrl - type: object - type: array - name: - description: Name of the receiver. Must be unique across all - items from the list. - minLength: 1 - type: string - opsgenieConfigs: - description: List of OpsGenie configurations. - items: - description: OpsGenieConfig configures notifications via OpsGenie. - See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config - properties: - actions: - description: Comma separated list of actions that will - be available for the alert. - type: string - apiKey: - description: The secret's key that contains the OpsGenie - API key. The secret needs to be in the same namespace - as the AlertmanagerConfig object and accessible by the - Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - apiURL: - description: The URL to send OpsGenie API requests to. - type: string - description: - description: Description of the incident. - type: string - details: - description: A set of arbitrary key/value pairs that provide - further detail about the incident. - items: - description: KeyValue defines a (key, value) tuple. - properties: - key: - description: Key of the tuple. - minLength: 1 - type: string - value: - description: Value of the tuple. - type: string - required: - - key - - value - type: object - type: array - entity: - description: Optional field that can be used to specify - which domain alert is related to. - type: string - httpConfig: - description: HTTP client configuration. - properties: - authorization: - description: Authorization header configuration for - the client. This is mutually exclusive with BasicAuth - and is only available starting from Alertmanager - v0.22+. - properties: - credentials: - description: Selects a key of a Secret in the - namespace that contains the credentials for - authentication. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: "Defines the authentication type. - The value is case-insensitive. \n \"Basic\" - is not a supported value. \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: BasicAuth for the client. This is mutually - exclusive with Authorization. If both are defined, - BasicAuth takes precedence. - properties: - password: - description: '`password` specifies a key of a - Secret containing the password for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: '`username` specifies a key of a - Secret containing the username for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer - token to be used by the client for authentication. - The secret needs to be in the same namespace as - the AlertmanagerConfig object and accessible by - the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - followRedirects: - description: FollowRedirects specifies whether the - client should follow HTTP 3xx redirects. - type: boolean - oauth2: - description: OAuth2 client credentials used to fetch - a token for the targets. - properties: - clientId: - description: '`clientId` specifies a key of a - Secret or ConfigMap containing the OAuth2 client''s - ID.' - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: '`clientSecret` specifies a key of - a Secret containing the OAuth2 client''s secret.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: '`endpointParams` configures the - HTTP parameters to append to the token URL.' - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when - doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key - file for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object - type: object - message: - description: Alert text limited to 130 characters. - type: string - note: - description: Additional alert note. - type: string - priority: - description: Priority level of alert. Possible values - are P1, P2, P3, P4, and P5. - type: string - responders: - description: List of responders responsible for notifications. - items: - description: OpsGenieConfigResponder defines a responder - to an incident. One of `id`, `name` or `username` - has to be defined. - properties: - id: - description: ID of the responder. - type: string - name: - description: Name of the responder. - type: string - type: - description: Type of responder. - enum: - - team - - teams - - user - - escalation - - schedule - minLength: 1 - type: string - username: - description: Username of the responder. - type: string - required: - - type - type: object - type: array - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - source: - description: Backlink to the sender of the notification. - type: string - tags: - description: Comma separated list of tags attached to - the notifications. - type: string - updateAlerts: - description: Whether to update message and description - of the alert in OpsGenie if it already exists By default, - the alert is never updated in OpsGenie, the new message - only appears in activity log. - type: boolean - type: object - type: array - pagerdutyConfigs: - description: List of PagerDuty configurations. - items: - description: PagerDutyConfig configures notifications via - PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config - properties: - class: - description: The class/type of the event. - type: string - client: - description: Client identification. - type: string - clientURL: - description: Backlink to the sender of notification. - type: string - component: - description: The part or component of the affected system - that is broken. - type: string - description: - description: Description of the incident. - type: string - details: - description: Arbitrary key/value pairs that provide further - detail about the incident. - items: - description: KeyValue defines a (key, value) tuple. - properties: - key: - description: Key of the tuple. - minLength: 1 - type: string - value: - description: Value of the tuple. - type: string - required: - - key - - value - type: object - type: array - group: - description: A cluster or grouping of sources. - type: string - httpConfig: - description: HTTP client configuration. - properties: - authorization: - description: Authorization header configuration for - the client. This is mutually exclusive with BasicAuth - and is only available starting from Alertmanager - v0.22+. - properties: - credentials: - description: Selects a key of a Secret in the - namespace that contains the credentials for - authentication. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: "Defines the authentication type. - The value is case-insensitive. \n \"Basic\" - is not a supported value. \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: BasicAuth for the client. This is mutually - exclusive with Authorization. If both are defined, - BasicAuth takes precedence. - properties: - password: - description: '`password` specifies a key of a - Secret containing the password for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: '`username` specifies a key of a - Secret containing the username for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer - token to be used by the client for authentication. - The secret needs to be in the same namespace as - the AlertmanagerConfig object and accessible by - the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - followRedirects: - description: FollowRedirects specifies whether the - client should follow HTTP 3xx redirects. - type: boolean - oauth2: - description: OAuth2 client credentials used to fetch - a token for the targets. - properties: - clientId: - description: '`clientId` specifies a key of a - Secret or ConfigMap containing the OAuth2 client''s - ID.' - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: '`clientSecret` specifies a key of - a Secret containing the OAuth2 client''s secret.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: '`endpointParams` configures the - HTTP parameters to append to the token URL.' - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when - doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key - file for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object - type: object - pagerDutyImageConfigs: - description: A list of image details to attach that provide - further detail about an incident. - items: - description: PagerDutyImageConfig attaches images to - an incident - properties: - alt: - description: Alt is the optional alternative text - for the image. - type: string - href: - description: Optional URL; makes the image a clickable - link. - type: string - src: - description: Src of the image being attached to - the incident - type: string - type: object - type: array - pagerDutyLinkConfigs: - description: A list of link details to attach that provide - further detail about an incident. - items: - description: PagerDutyLinkConfig attaches text links - to an incident - properties: - alt: - description: Text that describes the purpose of - the link, and can be used as the link's text. - type: string - href: - description: Href is the URL of the link to be attached - type: string - type: object - type: array - routingKey: - description: The secret's key that contains the PagerDuty - integration key (when using Events API v2). Either this - field or `serviceKey` needs to be defined. The secret - needs to be in the same namespace as the AlertmanagerConfig - object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - serviceKey: - description: The secret's key that contains the PagerDuty - service key (when using integration type "Prometheus"). - Either this field or `routingKey` needs to be defined. - The secret needs to be in the same namespace as the - AlertmanagerConfig object and accessible by the Prometheus - Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - severity: - description: Severity of the incident. - type: string - url: - description: The URL to send requests to. - type: string - type: object - type: array - pushoverConfigs: - description: List of Pushover configurations. - items: - description: PushoverConfig configures notifications via Pushover. - See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config - properties: - device: - description: The name of a device to send the notification - to - type: string - expire: - description: How long your notification will continue - to be retried for, unless the user acknowledges the - notification. - pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ - type: string - html: - description: Whether notification message is HTML or plain - text. - type: boolean - httpConfig: - description: HTTP client configuration. - properties: - authorization: - description: Authorization header configuration for - the client. This is mutually exclusive with BasicAuth - and is only available starting from Alertmanager - v0.22+. - properties: - credentials: - description: Selects a key of a Secret in the - namespace that contains the credentials for - authentication. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: "Defines the authentication type. - The value is case-insensitive. \n \"Basic\" - is not a supported value. \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: BasicAuth for the client. This is mutually - exclusive with Authorization. If both are defined, - BasicAuth takes precedence. - properties: - password: - description: '`password` specifies a key of a - Secret containing the password for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: '`username` specifies a key of a - Secret containing the username for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer - token to be used by the client for authentication. - The secret needs to be in the same namespace as - the AlertmanagerConfig object and accessible by - the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - followRedirects: - description: FollowRedirects specifies whether the - client should follow HTTP 3xx redirects. - type: boolean - oauth2: - description: OAuth2 client credentials used to fetch - a token for the targets. - properties: - clientId: - description: '`clientId` specifies a key of a - Secret or ConfigMap containing the OAuth2 client''s - ID.' - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: '`clientSecret` specifies a key of - a Secret containing the OAuth2 client''s secret.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: '`endpointParams` configures the - HTTP parameters to append to the token URL.' - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when - doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key - file for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object - type: object - message: - description: Notification message. - type: string - priority: - description: Priority, see https://pushover.net/api#priority - type: string - retry: - description: How often the Pushover servers will send - the same notification to the user. Must be at least - 30 seconds. - pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ - type: string - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - sound: - description: The name of one of the sounds supported by - device clients to override the user's default sound - choice - type: string - title: - description: Notification title. - type: string - token: - description: The secret's key that contains the registered - application's API token, see https://pushover.net/apps. - The secret needs to be in the same namespace as the - AlertmanagerConfig object and accessible by the Prometheus - Operator. Either `token` or `tokenFile` is required. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - tokenFile: - description: The token file that contains the registered - application's API token, see https://pushover.net/apps. - Either `token` or `tokenFile` is required. It requires - Alertmanager >= v0.26.0. - type: string - url: - description: A supplementary URL shown alongside the message. - type: string - urlTitle: - description: A title for supplementary URL, otherwise - just the URL is shown - type: string - userKey: - description: The secret's key that contains the recipient - user's user key. The secret needs to be in the same - namespace as the AlertmanagerConfig object and accessible - by the Prometheus Operator. Either `userKey` or `userKeyFile` - is required. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - userKeyFile: - description: The user key file that contains the recipient - user's user key. Either `userKey` or `userKeyFile` is - required. It requires Alertmanager >= v0.26.0. - type: string - type: object - type: array - slackConfigs: - description: List of Slack configurations. - items: - description: SlackConfig configures notifications via Slack. - See https://prometheus.io/docs/alerting/latest/configuration/#slack_config - properties: - actions: - description: A list of Slack actions that are sent with - each notification. - items: - description: SlackAction configures a single Slack action - that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields - and https://api.slack.com/docs/message-buttons for - more information. - properties: - confirm: - description: SlackConfirmationField protect users - from destructive actions or particularly distinguished - decisions by asking them to confirm their button - click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields - for more information. - properties: - dismissText: - type: string - okText: - type: string - text: - minLength: 1 - type: string - title: - type: string - required: - - text - type: object - name: - type: string - style: - type: string - text: - minLength: 1 - type: string - type: - minLength: 1 - type: string - url: - type: string - value: - type: string - required: - - text - - type - type: object - type: array - apiURL: - description: The secret's key that contains the Slack - webhook URL. The secret needs to be in the same namespace - as the AlertmanagerConfig object and accessible by the - Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - callbackId: - type: string - channel: - description: The channel or user to send notifications - to. - type: string - color: - type: string - fallback: - type: string - fields: - description: A list of Slack fields that are sent with - each notification. - items: - description: SlackField configures a single Slack field - that is sent with each notification. Each field must - contain a title, value, and optionally, a boolean - value to indicate if the field is short enough to - be displayed next to other fields designated as short. - See https://api.slack.com/docs/message-attachments#fields - for more information. - properties: - short: - type: boolean - title: - minLength: 1 - type: string - value: - minLength: 1 - type: string - required: - - title - - value - type: object - type: array - footer: - type: string - httpConfig: - description: HTTP client configuration. - properties: - authorization: - description: Authorization header configuration for - the client. This is mutually exclusive with BasicAuth - and is only available starting from Alertmanager - v0.22+. - properties: - credentials: - description: Selects a key of a Secret in the - namespace that contains the credentials for - authentication. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: "Defines the authentication type. - The value is case-insensitive. \n \"Basic\" - is not a supported value. \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: BasicAuth for the client. This is mutually - exclusive with Authorization. If both are defined, - BasicAuth takes precedence. - properties: - password: - description: '`password` specifies a key of a - Secret containing the password for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: '`username` specifies a key of a - Secret containing the username for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer - token to be used by the client for authentication. - The secret needs to be in the same namespace as - the AlertmanagerConfig object and accessible by - the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - followRedirects: - description: FollowRedirects specifies whether the - client should follow HTTP 3xx redirects. - type: boolean - oauth2: - description: OAuth2 client credentials used to fetch - a token for the targets. - properties: - clientId: - description: '`clientId` specifies a key of a - Secret or ConfigMap containing the OAuth2 client''s - ID.' - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: '`clientSecret` specifies a key of - a Secret containing the OAuth2 client''s secret.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: '`endpointParams` configures the - HTTP parameters to append to the token URL.' - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when - doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key - file for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object - type: object - iconEmoji: - type: string - iconURL: - type: string - imageURL: - type: string - linkNames: - type: boolean - mrkdwnIn: - items: - type: string - type: array - pretext: - type: string - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - shortFields: - type: boolean - text: - type: string - thumbURL: - type: string - title: - type: string - titleLink: - type: string - username: - type: string - type: object - type: array - snsConfigs: - description: List of SNS configurations - items: - description: SNSConfig configures notifications via AWS SNS. - See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs - properties: - apiURL: - description: The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. - If not specified, the SNS API URL from the SNS SDK will - be used. - type: string - attributes: - additionalProperties: - type: string - description: SNS message attributes. - type: object - httpConfig: - description: HTTP client configuration. - properties: - authorization: - description: Authorization header configuration for - the client. This is mutually exclusive with BasicAuth - and is only available starting from Alertmanager - v0.22+. - properties: - credentials: - description: Selects a key of a Secret in the - namespace that contains the credentials for - authentication. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: "Defines the authentication type. - The value is case-insensitive. \n \"Basic\" - is not a supported value. \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: BasicAuth for the client. This is mutually - exclusive with Authorization. If both are defined, - BasicAuth takes precedence. - properties: - password: - description: '`password` specifies a key of a - Secret containing the password for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: '`username` specifies a key of a - Secret containing the username for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer - token to be used by the client for authentication. - The secret needs to be in the same namespace as - the AlertmanagerConfig object and accessible by - the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - followRedirects: - description: FollowRedirects specifies whether the - client should follow HTTP 3xx redirects. - type: boolean - oauth2: - description: OAuth2 client credentials used to fetch - a token for the targets. - properties: - clientId: - description: '`clientId` specifies a key of a - Secret or ConfigMap containing the OAuth2 client''s - ID.' - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: '`clientSecret` specifies a key of - a Secret containing the OAuth2 client''s secret.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: '`endpointParams` configures the - HTTP parameters to append to the token URL.' - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when - doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key - file for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object - type: object - message: - description: The message content of the SNS notification. - type: string - phoneNumber: - description: Phone number if message is delivered via - SMS in E.164 format. If you don't specify this value, - you must specify a value for the TopicARN or TargetARN. - type: string - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - sigv4: - description: Configures AWS's Signature Verification 4 - signing process to sign requests. - properties: - accessKey: - description: AccessKey is the AWS API key. If not - specified, the environment variable `AWS_ACCESS_KEY_ID` - is used. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - profile: - description: Profile is the named AWS profile used - to authenticate. - type: string - region: - description: Region is the AWS region. If blank, the - region from the default credentials chain used. - type: string - roleArn: - description: RoleArn is the named AWS profile used - to authenticate. - type: string - secretKey: - description: SecretKey is the AWS API secret. If not - specified, the environment variable `AWS_SECRET_ACCESS_KEY` - is used. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - subject: - description: Subject line when the message is delivered - to email endpoints. - type: string - targetARN: - description: The mobile platform endpoint ARN if message - is delivered via mobile notifications. If you don't - specify this value, you must specify a value for the - topic_arn or PhoneNumber. - type: string - topicARN: - description: SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic - If you don't specify this value, you must specify a - value for the PhoneNumber or TargetARN. - type: string - type: object - type: array - telegramConfigs: - description: List of Telegram configurations. - items: - description: TelegramConfig configures notifications via Telegram. - See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config - properties: - apiURL: - description: The Telegram API URL i.e. https://api.telegram.org. - If not specified, default API URL will be used. - type: string - botToken: - description: "Telegram bot token. It is mutually exclusive - with `botTokenFile`. The secret needs to be in the same - namespace as the AlertmanagerConfig object and accessible - by the Prometheus Operator. \n Either `botToken` or - `botTokenFile` is required." - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - botTokenFile: - description: "File to read the Telegram bot token from. - It is mutually exclusive with `botToken`. Either `botToken` - or `botTokenFile` is required. \n It requires Alertmanager - >= v0.26.0." - type: string - chatID: - description: The Telegram chat ID. - format: int64 - type: integer - disableNotifications: - description: Disable telegram notifications - type: boolean - httpConfig: - description: HTTP client configuration. - properties: - authorization: - description: Authorization header configuration for - the client. This is mutually exclusive with BasicAuth - and is only available starting from Alertmanager - v0.22+. - properties: - credentials: - description: Selects a key of a Secret in the - namespace that contains the credentials for - authentication. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: "Defines the authentication type. - The value is case-insensitive. \n \"Basic\" - is not a supported value. \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: BasicAuth for the client. This is mutually - exclusive with Authorization. If both are defined, - BasicAuth takes precedence. - properties: - password: - description: '`password` specifies a key of a - Secret containing the password for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: '`username` specifies a key of a - Secret containing the username for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer - token to be used by the client for authentication. - The secret needs to be in the same namespace as - the AlertmanagerConfig object and accessible by - the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - followRedirects: - description: FollowRedirects specifies whether the - client should follow HTTP 3xx redirects. - type: boolean - oauth2: - description: OAuth2 client credentials used to fetch - a token for the targets. - properties: - clientId: - description: '`clientId` specifies a key of a - Secret or ConfigMap containing the OAuth2 client''s - ID.' - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: '`clientSecret` specifies a key of - a Secret containing the OAuth2 client''s secret.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: '`endpointParams` configures the - HTTP parameters to append to the token URL.' - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when - doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key - file for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object - type: object - message: - description: Message template - type: string - parseMode: - description: Parse mode for telegram message - enum: - - MarkdownV2 - - Markdown - - HTML - type: string - sendResolved: - description: Whether to notify about resolved alerts. - type: boolean - type: object - type: array - victoropsConfigs: - description: List of VictorOps configurations. - items: - description: VictorOpsConfig configures notifications via - VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config - properties: - apiKey: - description: The secret's key that contains the API key - to use when talking to the VictorOps API. The secret - needs to be in the same namespace as the AlertmanagerConfig - object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - apiUrl: - description: The VictorOps API URL. - type: string - customFields: - description: Additional custom fields for notification. - items: - description: KeyValue defines a (key, value) tuple. - properties: - key: - description: Key of the tuple. - minLength: 1 - type: string - value: - description: Value of the tuple. - type: string - required: - - key - - value - type: object - type: array - entityDisplayName: - description: Contains summary of the alerted problem. - type: string - httpConfig: - description: The HTTP client's configuration. - properties: - authorization: - description: Authorization header configuration for - the client. This is mutually exclusive with BasicAuth - and is only available starting from Alertmanager - v0.22+. - properties: - credentials: - description: Selects a key of a Secret in the - namespace that contains the credentials for - authentication. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: "Defines the authentication type. - The value is case-insensitive. \n \"Basic\" - is not a supported value. \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: BasicAuth for the client. This is mutually - exclusive with Authorization. If both are defined, - BasicAuth takes precedence. - properties: - password: - description: '`password` specifies a key of a - Secret containing the password for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: '`username` specifies a key of a - Secret containing the username for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer - token to be used by the client for authentication. - The secret needs to be in the same namespace as - the AlertmanagerConfig object and accessible by - the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - followRedirects: - description: FollowRedirects specifies whether the - client should follow HTTP 3xx redirects. - type: boolean - oauth2: - description: OAuth2 client credentials used to fetch - a token for the targets. - properties: - clientId: - description: '`clientId` specifies a key of a - Secret or ConfigMap containing the OAuth2 client''s - ID.' - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: '`clientSecret` specifies a key of - a Secret containing the OAuth2 client''s secret.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: '`endpointParams` configures the - HTTP parameters to append to the token URL.' - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when - doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key - file for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object - type: object - messageType: - description: Describes the behavior of the alert (CRITICAL, - WARNING, INFO). - type: string - monitoringTool: - description: The monitoring tool the state message is - from. - type: string - routingKey: - description: A key used to map the alert to a team. - type: string - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - stateMessage: - description: Contains long explanation of the alerted - problem. - type: string - type: object - type: array - webexConfigs: - description: List of Webex configurations. - items: - description: WebexConfig configures notification via Cisco - Webex See https://prometheus.io/docs/alerting/latest/configuration/#webex_config - properties: - apiURL: - description: The Webex Teams API URL i.e. https://webexapis.com/v1/messages - Provide if different from the default API URL. - pattern: ^https?://.+$ - type: string - httpConfig: - description: The HTTP client's configuration. You must - supply the bot token via the `httpConfig.authorization` - field. - properties: - authorization: - description: Authorization header configuration for - the client. This is mutually exclusive with BasicAuth - and is only available starting from Alertmanager - v0.22+. - properties: - credentials: - description: Selects a key of a Secret in the - namespace that contains the credentials for - authentication. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: "Defines the authentication type. - The value is case-insensitive. \n \"Basic\" - is not a supported value. \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: BasicAuth for the client. This is mutually - exclusive with Authorization. If both are defined, - BasicAuth takes precedence. - properties: - password: - description: '`password` specifies a key of a - Secret containing the password for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: '`username` specifies a key of a - Secret containing the username for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer - token to be used by the client for authentication. - The secret needs to be in the same namespace as - the AlertmanagerConfig object and accessible by - the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - followRedirects: - description: FollowRedirects specifies whether the - client should follow HTTP 3xx redirects. - type: boolean - oauth2: - description: OAuth2 client credentials used to fetch - a token for the targets. - properties: - clientId: - description: '`clientId` specifies a key of a - Secret or ConfigMap containing the OAuth2 client''s - ID.' - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: '`clientSecret` specifies a key of - a Secret containing the OAuth2 client''s secret.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: '`endpointParams` configures the - HTTP parameters to append to the token URL.' - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when - doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key - file for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object - type: object - message: - description: Message template - type: string - roomID: - description: ID of the Webex Teams room where to send - the messages. - minLength: 1 - type: string - sendResolved: - description: Whether to notify about resolved alerts. - type: boolean - required: - - roomID - type: object - type: array - webhookConfigs: - description: List of webhook configurations. - items: - description: WebhookConfig configures notifications via a - generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config - properties: - httpConfig: - description: HTTP client configuration. - properties: - authorization: - description: Authorization header configuration for - the client. This is mutually exclusive with BasicAuth - and is only available starting from Alertmanager - v0.22+. - properties: - credentials: - description: Selects a key of a Secret in the - namespace that contains the credentials for - authentication. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: "Defines the authentication type. - The value is case-insensitive. \n \"Basic\" - is not a supported value. \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: BasicAuth for the client. This is mutually - exclusive with Authorization. If both are defined, - BasicAuth takes precedence. - properties: - password: - description: '`password` specifies a key of a - Secret containing the password for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: '`username` specifies a key of a - Secret containing the username for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer - token to be used by the client for authentication. - The secret needs to be in the same namespace as - the AlertmanagerConfig object and accessible by - the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - followRedirects: - description: FollowRedirects specifies whether the - client should follow HTTP 3xx redirects. - type: boolean - oauth2: - description: OAuth2 client credentials used to fetch - a token for the targets. - properties: - clientId: - description: '`clientId` specifies a key of a - Secret or ConfigMap containing the OAuth2 client''s - ID.' - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: '`clientSecret` specifies a key of - a Secret containing the OAuth2 client''s secret.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: '`endpointParams` configures the - HTTP parameters to append to the token URL.' - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when - doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key - file for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object - type: object - maxAlerts: - description: Maximum number of alerts to be sent per webhook - message. When 0, all alerts are included. - format: int32 - minimum: 0 - type: integer - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - url: - description: The URL to send HTTP POST requests to. `urlSecret` - takes precedence over `url`. One of `urlSecret` and - `url` should be defined. - type: string - urlSecret: - description: The secret's key that contains the webhook - URL to send HTTP requests to. `urlSecret` takes precedence - over `url`. One of `urlSecret` and `url` should be defined. - The secret needs to be in the same namespace as the - AlertmanagerConfig object and accessible by the Prometheus - Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - type: array - wechatConfigs: - description: List of WeChat configurations. - items: - description: WeChatConfig configures notifications via WeChat. - See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config - properties: - agentID: - type: string - apiSecret: - description: The secret's key that contains the WeChat - API key. The secret needs to be in the same namespace - as the AlertmanagerConfig object and accessible by the - Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - apiURL: - description: The WeChat API URL. - type: string - corpID: - description: The corp id for authentication. - type: string - httpConfig: - description: HTTP client configuration. - properties: - authorization: - description: Authorization header configuration for - the client. This is mutually exclusive with BasicAuth - and is only available starting from Alertmanager - v0.22+. - properties: - credentials: - description: Selects a key of a Secret in the - namespace that contains the credentials for - authentication. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: "Defines the authentication type. - The value is case-insensitive. \n \"Basic\" - is not a supported value. \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: BasicAuth for the client. This is mutually - exclusive with Authorization. If both are defined, - BasicAuth takes precedence. - properties: - password: - description: '`password` specifies a key of a - Secret containing the password for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: '`username` specifies a key of a - Secret containing the username for authentication.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer - token to be used by the client for authentication. - The secret needs to be in the same namespace as - the AlertmanagerConfig object and accessible by - the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - followRedirects: - description: FollowRedirects specifies whether the - client should follow HTTP 3xx redirects. - type: boolean - oauth2: - description: OAuth2 client credentials used to fetch - a token for the targets. - properties: - clientId: - description: '`clientId` specifies a key of a - Secret or ConfigMap containing the OAuth2 client''s - ID.' - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: '`clientSecret` specifies a key of - a Secret containing the OAuth2 client''s secret.' - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: '`endpointParams` configures the - HTTP parameters to append to the token URL.' - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when - doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key - file for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object - type: object - message: - description: API request data as defined by the WeChat - API. - type: string - messageType: - type: string - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - toParty: - type: string - toTag: - type: string - toUser: - type: string - type: object - type: array - required: - - name - type: object - type: array - route: - description: The Alertmanager route definition for alerts matching - the resource's namespace. If present, it will be added to the generated - Alertmanager configuration as a first-level route. - properties: - activeTimeIntervals: - description: ActiveTimeIntervals is a list of MuteTimeInterval - names when this route should be active. - items: - type: string - type: array - continue: - description: Boolean indicating whether an alert should continue - matching subsequent sibling nodes. It will always be overridden - to true for the first-level route by the Prometheus operator. - type: boolean - groupBy: - description: List of labels to group by. Labels must not be repeated - (unique list). Special label "..." (aggregate by all possible - labels), if provided, must be the only element in the list. - items: - type: string - type: array - groupInterval: - description: 'How long to wait before sending an updated notification. - Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` - Example: "5m"' - type: string - groupWait: - description: 'How long to wait before sending the initial notification. - Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` - Example: "30s"' - type: string - matchers: - description: 'List of matchers that the alert''s labels should - match. For the first level route, the operator removes any existing - equality and regexp matcher on the `namespace` label and adds - a `namespace: ` matcher.' - items: - description: Matcher defines how to match on alert's labels. - properties: - matchType: - description: Match operation available with AlertManager - >= v0.22.0 and takes precedence over Regex (deprecated) - if non-empty. - enum: - - '!=' - - = - - =~ - - '!~' - type: string - name: - description: Label to match. - minLength: 1 - type: string - regex: - description: 'Whether to match on equality (false) or regular-expression - (true). Deprecated: for AlertManager >= v0.22.0, `matchType` - should be used instead.' - type: boolean - value: - description: Label value to match. - type: string - required: - - name - type: object - type: array - muteTimeIntervals: - description: 'Note: this comment applies to the field definition - above but appears below otherwise it gets included in the generated - manifest. CRD schema doesn''t support self-referential types - for now (see https://github.com/kubernetes/kubernetes/issues/62872). - We have to use an alternative type to circumvent the limitation. - The downside is that the Kube API can''t validate the data beyond - the fact that it is a valid JSON representation. MuteTimeIntervals - is a list of MuteTimeInterval names that will mute this route - when matched,' - items: - type: string - type: array - receiver: - description: Name of the receiver for this route. If not empty, - it should be listed in the `receivers` field. - type: string - repeatInterval: - description: 'How long to wait before repeating the last notification. - Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` - Example: "4h"' - type: string - routes: - description: Child routes. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - type: object - type: object - required: - - spec - type: object - served: true - storage: true diff --git a/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml b/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml deleted file mode 100644 index b266b66..0000000 --- a/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml +++ /dev/null @@ -1,7762 +0,0 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.73.2 - name: alertmanagers.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: Alertmanager - listKind: AlertmanagerList - plural: alertmanagers - shortNames: - - am - singular: alertmanager - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The version of Alertmanager - jsonPath: .spec.version - name: Version - type: string - - description: The number of desired replicas - jsonPath: .spec.replicas - name: Replicas - type: integer - - description: The number of ready replicas - jsonPath: .status.availableReplicas - name: Ready - type: integer - - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status - name: Reconciled - type: string - - jsonPath: .status.conditions[?(@.type == 'Available')].status - name: Available - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Whether the resource reconciliation is paused or not - jsonPath: .status.paused - name: Paused - priority: 1 - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: Alertmanager describes an Alertmanager cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Specification of the desired behavior of the Alertmanager - cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - additionalPeers: - description: AdditionalPeers allows injecting a set of additional - Alertmanagers to peer with to form a highly available cluster. - items: - type: string - type: array - affinity: - description: If specified, the pod's scheduling constraints. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key in (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key notin (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MismatchLabelKeys and - LabelSelector. Also, MismatchLabelKeys cannot be set - when LabelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key in (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key notin (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MismatchLabelKeys and - LabelSelector. Also, MismatchLabelKeys cannot be set - when LabelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - alertmanagerConfigMatcherStrategy: - description: The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig - objects match the alerts. In the future more options may be added. - properties: - type: - default: OnNamespace - description: If set to `OnNamespace`, the operator injects a label - matcher matching the namespace of the AlertmanagerConfig object - for all its routes and inhibition rules. `None` will not add - any additional matchers other than the ones specified in the - AlertmanagerConfig. Default is `OnNamespace`. - enum: - - OnNamespace - - None - type: string - type: object - alertmanagerConfigNamespaceSelector: - description: Namespaces to be selected for AlertmanagerConfig discovery. - If nil, only check own namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - alertmanagerConfigSelector: - description: AlertmanagerConfigs to be selected for to merge and configure - Alertmanager with. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - alertmanagerConfiguration: - description: "alertmanagerConfiguration specifies the configuration - of Alertmanager. \n If defined, it takes precedence over the `configSecret` - field. \n This is an *experimental feature*, it may change in any - upcoming release in a breaking way." - properties: - global: - description: Defines the global parameters of the Alertmanager - configuration. - properties: - httpConfig: - description: HTTP client configuration. - properties: - authorization: - description: Authorization header configuration for the - client. This is mutually exclusive with BasicAuth and - is only available starting from Alertmanager v0.22+. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: "Defines the authentication type. The - value is case-insensitive. \n \"Basic\" is not a - supported value. \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: BasicAuth for the client. This is mutually - exclusive with Authorization. If both are defined, BasicAuth - takes precedence. - properties: - password: - description: '`password` specifies a key of a Secret - containing the password for authentication.' - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: '`username` specifies a key of a Secret - containing the username for authentication.' - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer - token to be used by the client for authentication. The - secret needs to be in the same namespace as the Alertmanager - object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - followRedirects: - description: FollowRedirects specifies whether the client - should follow HTTP 3xx redirects. - type: boolean - oauth2: - description: OAuth2 client credentials used to fetch a - token for the targets. - properties: - clientId: - description: '`clientId` specifies a key of a Secret - or ConfigMap containing the OAuth2 client''s ID.' - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: '`clientSecret` specifies a key of a - Secret containing the OAuth2 client''s secret.' - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: '`endpointParams` configures the HTTP - parameters to append to the token URL.' - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used - for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch - the token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing - client-authentication. - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file - for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - type: object - opsGenieApiKey: - description: The default OpsGenie API Key. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - opsGenieApiUrl: - description: The default OpsGenie API URL. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - pagerdutyUrl: - description: The default Pagerduty URL. - type: string - resolveTimeout: - description: ResolveTimeout is the default value used by alertmanager - if the alert does not include EndsAt, after this time passes - it can declare the alert as resolved if it has not been - updated. This has no impact on alerts from Prometheus, as - they always include EndsAt. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - slackApiUrl: - description: The default Slack API URL. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - smtp: - description: Configures global SMTP parameters. - properties: - authIdentity: - description: SMTP Auth using PLAIN - type: string - authPassword: - description: SMTP Auth using LOGIN and PLAIN. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - authSecret: - description: SMTP Auth using CRAM-MD5. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - authUsername: - description: SMTP Auth using CRAM-MD5, LOGIN and PLAIN. - If empty, Alertmanager doesn't authenticate to the SMTP - server. - type: string - from: - description: The default SMTP From header field. - type: string - hello: - description: The default hostname to identify to the SMTP - server. - type: string - requireTLS: - description: The default SMTP TLS requirement. Note that - Go does not support unencrypted connections to remote - SMTP endpoints. - type: boolean - smartHost: - description: The default SMTP smarthost used for sending - emails. - properties: - host: - description: Defines the host's address, it can be - a DNS name or a literal IP address. - minLength: 1 - type: string - port: - description: Defines the host's port, it can be a - literal port number or a port name. - minLength: 1 - type: string - required: - - host - - port - type: object - type: object - type: object - name: - description: The name of the AlertmanagerConfig resource which - is used to generate the Alertmanager configuration. It must - be defined in the same namespace as the Alertmanager object. - The operator will not enforce a `namespace` label for routes - and inhibition rules. - minLength: 1 - type: string - templates: - description: Custom notification templates. - items: - description: SecretOrConfigMap allows to specify data as a Secret - or ConfigMap. Fields are mutually exclusive. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - type: array - type: object - automountServiceAccountToken: - description: 'AutomountServiceAccountToken indicates whether a service - account token should be automatically mounted in the pod. If the - service account has `automountServiceAccountToken: true`, set the - field to `false` to opt out of automounting API credentials.' - type: boolean - baseImage: - description: 'Base image that is used to deploy pods, without tag. - Deprecated: use ''image'' instead.' - type: string - clusterAdvertiseAddress: - description: 'ClusterAdvertiseAddress is the explicit address to advertise - in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. - [1] RFC1918: https://tools.ietf.org/html/rfc1918' - type: string - clusterGossipInterval: - description: Interval between gossip attempts. - pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - clusterLabel: - description: Defines the identifier that uniquely identifies the Alertmanager - cluster. You should only set it when the Alertmanager cluster includes - Alertmanager instances which are external to this Alertmanager resource. - In practice, the addresses of the external instances are provided - via the `.spec.additionalPeers` field. - type: string - clusterPeerTimeout: - description: Timeout for cluster peering. - pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - clusterPushpullInterval: - description: Interval between pushpull attempts. - pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - configMaps: - description: ConfigMaps is a list of ConfigMaps in the same namespace - as the Alertmanager object, which shall be mounted into the Alertmanager - Pods. Each ConfigMap is added to the StatefulSet definition as a - volume named `configmap-`. The ConfigMaps are mounted - into `/etc/alertmanager/configmaps/` in the 'alertmanager' - container. - items: - type: string - type: array - configSecret: - description: "ConfigSecret is the name of a Kubernetes Secret in the - same namespace as the Alertmanager object, which contains the configuration - for this Alertmanager instance. If empty, it defaults to `alertmanager-`. - \n The Alertmanager configuration should be available under the - `alertmanager.yaml` key. Additional keys from the original secret - are copied to the generated secret and mounted into the `/etc/alertmanager/config` - directory in the `alertmanager` container. \n If either the secret - or the `alertmanager.yaml` key is missing, the operator provisions - a minimal Alertmanager configuration with one empty receiver (effectively - dropping alert notifications)." - type: string - containers: - description: 'Containers allows injecting additional containers. This - is meant to allow adding an authentication proxy to an Alertmanager - pod. Containers described here modify an operator generated container - if they share the same name and modifications are done via a strategic - merge patch. The current container names are: `alertmanager` and - `config-reloader`. Overriding containers is entirely outside the - scope of what the maintainers will support and by doing so, you - accept that this behaviour may break at any time without notice.' - items: - description: A single application container that you want to run - within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds to - sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds to - sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port in a - single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource resize - policy for the container. - properties: - resourceName: - description: 'Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' - type: string - securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - enableFeatures: - description: "Enable access to Alertmanager feature flags. By default, - no features are enabled. Enabling features which are disabled by - default is entirely outside the scope of what the maintainers will - support and by doing so, you accept that this behaviour may break - at any time without notice. \n It requires Alertmanager >= 0.27.0." - items: - type: string - type: array - externalUrl: - description: The external URL the Alertmanager instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Alertmanager is not served from root of a DNS name. - type: string - forceEnableClusterMode: - description: ForceEnableClusterMode ensures Alertmanager does not - deactivate the cluster mode when running with a single replica. - Use case is e.g. spanning an Alertmanager cluster across Kubernetes - clusters with a single replica in each. - type: boolean - hostAliases: - description: Pods' hostAliases configuration - items: - description: HostAlias holds the mapping between IP and hostnames - that will be injected as an entry in the pod's hosts file. - properties: - hostnames: - description: Hostnames for the above IP address. - items: - type: string - type: array - ip: - description: IP address of the host file entry. - type: string - required: - - hostnames - - ip - type: object - type: array - x-kubernetes-list-map-keys: - - ip - x-kubernetes-list-type: map - image: - description: Image if specified has precedence over baseImage, tag - and sha combinations. Specifying the version is still necessary - to ensure the Prometheus Operator knows what version of Alertmanager - is being configured. - type: string - imagePullPolicy: - description: Image pull policy for the 'alertmanager', 'init-config-reloader' - and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy - for more details. - enum: - - "" - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same - namespace to use for pulling prometheus and alertmanager images - from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - initContainers: - description: 'InitContainers allows adding initContainers to the pod - definition. Those can be used to e.g. fetch secrets for injection - into the Alertmanager configuration from external sources. Any errors - during the execution of an initContainer will lead to a restart - of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - InitContainers described here modify an operator generated init - containers if they share the same name and modifications are done - via a strategic merge patch. The current init container name is: - `init-config-reloader`. Overriding init containers is entirely outside - the scope of what the maintainers will support and by doing so, - you accept that this behaviour may break at any time without notice.' - items: - description: A single application container that you want to run - within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds to - sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds to - sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port in a - single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource resize - policy for the container. - properties: - resourceName: - description: 'Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' - type: string - securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - listenLocal: - description: ListenLocal makes the Alertmanager server listen on loopback, - so that it does not bind against the Pod IP. Note this is only for - the Alertmanager UI, not the gossip communication. - type: boolean - logFormat: - description: Log format for Alertmanager to be configured with. - enum: - - "" - - logfmt - - json - type: string - logLevel: - description: Log level for Alertmanager to be configured with. - enum: - - "" - - debug - - info - - warn - - error - type: string - minReadySeconds: - description: Minimum number of seconds for which a newly created pod - should be ready without any of its container crashing for it to - be considered available. Defaults to 0 (pod will be considered available - as soon as it is ready) This is an alpha field from kubernetes 1.22 - until 1.24 which requires enabling the StatefulSetMinReadySeconds - feature gate. - format: int32 - type: integer - nodeSelector: - additionalProperties: - type: string - description: Define which Nodes the Pods are scheduled on. - type: object - paused: - description: If set to true all actions on the underlying managed - objects are not goint to be performed, except for delete actions. - type: boolean - podMetadata: - description: "PodMetadata configures labels and annotations which - are propagated to the Alertmanager pods. \n The following items - are reserved and cannot be overridden: * \"alertmanager\" label, - set to the name of the Alertmanager instance. * \"app.kubernetes.io/instance\" - label, set to the name of the Alertmanager instance. * \"app.kubernetes.io/managed-by\" - label, set to \"prometheus-operator\". * \"app.kubernetes.io/name\" - label, set to \"alertmanager\". * \"app.kubernetes.io/version\" - label, set to the Alertmanager version. * \"kubectl.kubernetes.io/default-container\" - annotation, set to \"alertmanager\"." - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a - client to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - type: object - portName: - default: web - description: Port name used for the pods and governing service. Defaults - to `web`. - type: string - priorityClassName: - description: Priority class assigned to the Pods - type: string - replicas: - description: Size is the expected size of the alertmanager cluster. - The controller will eventually make the size of the running cluster - equal to the expected size. - format: int32 - type: integer - resources: - description: Define resources requests and limits for single Pods. - properties: - claims: - description: "Claims lists the names of resources, defined in - spec.resourceClaims, that are used by this container. \n This - is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be set - for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - retention: - default: 120h - description: Time duration Alertmanager shall retain data for. Default - is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` - (milliseconds seconds minutes hours). - pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - routePrefix: - description: The route prefix Alertmanager registers HTTP handlers - for. This is useful, if using ExternalURL and a proxy is rewriting - HTTP routes of a request, and the actual ExternalURL is still true, - but the server serves requests under a different route prefix. For - example for use with `kubectl proxy`. - type: string - secrets: - description: Secrets is a list of Secrets in the same namespace as - the Alertmanager object, which shall be mounted into the Alertmanager - Pods. Each Secret is added to the StatefulSet definition as a volume - named `secret-`. The Secrets are mounted into `/etc/alertmanager/secrets/` - in the 'alertmanager' container. - items: - type: string - type: array - securityContext: - description: SecurityContext holds pod-level security attributes and - common container settings. This defaults to the default PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit is - set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions of - any volume. Note that this field cannot be set when spec.os.name - is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will have - no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". - If not specified, "Always" is used. Note that this field cannot - be set when spec.os.name is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this - pod. Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must be - preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". Must NOT be - set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a profile - defined in a file on the node should be used. RuntimeDefault - - the container runtime default profile should be used. - Unconfined - no profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID, - the fsGroup (if specified), and group memberships defined in - the container image for the uid of the container process. If - unspecified, no additional groups are added to any container. - Note that group memberships defined in the container image for - the uid of the container process are still effective, even if - they are not included in this list. Note that this field cannot - be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. Note that this field cannot be set when - spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's containers - must have the same effective HostProcess value (it is not - allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount - to use to run the Prometheus Pods. - type: string - sha: - description: 'SHA of Alertmanager container image to be deployed. - Defaults to the value of `version`. Similar to a tag, but the SHA - explicitly deploys an immutable container image. Version and Tag - are ignored if SHA is set. Deprecated: use ''image'' instead. The - image digest can be specified as part of the image URL.' - type: string - storage: - description: Storage is the definition of how storage will be used - by the Alertmanager instances. - properties: - disableMountSubPath: - description: 'Deprecated: subPath usage will be removed in a future - release.' - type: boolean - emptyDir: - description: 'EmptyDirVolumeSource to be used by the StatefulSet. - If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. - More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' - properties: - medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: 'EphemeralVolumeSource to be used by the StatefulSet. - This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, - starting with k8s 1.19, it requires enabling the GenericEphemeralVolume - feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC will - be deleted together with the pod. The name of the PVC will - be `-` where `` is the - name from the `PodSpec.Volumes` array entry. Pod validation - will reject the pod if the concatenated name is not valid - for a PVC (for example, too long). \n An existing PVC with - that name that is not owned by the pod will *not* be used - for the pod to avoid using an unrelated volume by mistake. - Starting the pod is then blocked until the unrelated PVC - is removed. If such a pre-created PVC is meant to be used - by the pod, the PVC has to updated with an owner reference - to the pod once the pod exists. Normally this should not - be necessary, but it may be useful when manually reconstructing - a broken cluster. \n This field is read-only and no changes - will be made by Kubernetes to the PVC after it has been - created. \n Required, must not be nil." - properties: - metadata: - description: May contain labels and annotations that will - be copied into the PVC when creating it. No other fields - are allowed and will be rejected during validation. - type: object - spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. - properties: - accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified data - source. When the AnyVolumeDataSource feature gate - is enabled, dataSource contents will be copied to - dataSourceRef, and dataSourceRef contents will be - copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the object from - which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a - non-empty API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the dataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t specified - in dataSourceRef, both fields (dataSource and dataSourceRef) - will be set to the same value automatically if one - of them is empty and the other is non-empty. When - namespace is specified in dataSourceRef, dataSource - isn''t set to the same value and must be empty. - There are three important differences between dataSource - and dataSourceRef: * While dataSource only allows - two specific types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all values, - and generates an error if a disallowed value is - specified. * While dataSource only allows local - objects, dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the namespace - field of dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept the - reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeAttributesClassName: - description: 'volumeAttributesClassName may be used - to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update - the volume with the attributes defined in the corresponding - VolumeAttributesClass. This has a different purpose - than storageClassName, it can be changed after the - claim is created. An empty string value means that - no VolumeAttributesClass will be applied to the - claim but it''s not allowed to reset this field - to empty string once it is set. If unspecified and - the PersistentVolumeClaim is unbound, the default - VolumeAttributesClass will be set by the persistentvolume - controller if it exists. If the resource referred - to by volumeAttributesClass does not exist, this - PersistentVolumeClaim will be set to a Pending state, - as reflected by the modifyVolumeStatus field, until - such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass - feature gate to be enabled.' - type: string - volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem is - implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - volumeClaimTemplate: - description: Defines the PVC spec to be used by the Prometheus - StatefulSets. The easiest way to use a volume that cannot be - automatically provisioned is to use a label selector alongside - manually created PersistentVolumes. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: EmbeddedMetadata contains metadata relevant to - an EmbeddedResource. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. - Is required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be - updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - type: object - spec: - description: 'Defines the desired characteristics of a volume - requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the provisioner - or an external controller can support the specified - data source, it will create a new volume based on the - contents of the specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource contents will be - copied to dataSourceRef, and dataSourceRef contents - will be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, then - dataSourceRef will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the object from - which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic provisioner. - This field will replace the functionality of the dataSource - field and as such if both fields are non-empty, they - must have the same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, both - fields (dataSource and dataSourceRef) will be set to - the same value automatically if one of them is empty - and the other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the same - value and must be empty. There are three important differences - between dataSource and dataSourceRef: * While dataSource - only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all values, - and generates an error if a disallowed value is specified. - * While dataSource only allows local objects, dataSourceRef - allows objects in any namespaces. (Beta) Using this - field requires the AnyVolumeDataSource feature gate - to be enabled. (Alpha) Using the namespace field of - dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant object - is required in the referent namespace to allow that - namespace's owner to accept the reference. See the - ReferenceGrant documentation for details. (Alpha) - This field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify resource - requirements that are lower than previous value but - must still be higher than capacity recorded in the status - field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over volumes to - consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name of the StorageClass - required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeAttributesClassName: - description: 'volumeAttributesClassName may be used to - set the VolumeAttributesClass used by this claim. If - specified, the CSI driver will create or update the - volume with the attributes defined in the corresponding - VolumeAttributesClass. This has a different purpose - than storageClassName, it can be changed after the claim - is created. An empty string value means that no VolumeAttributesClass - will be applied to the claim but it''s not allowed to - reset this field to empty string once it is set. If - unspecified and the PersistentVolumeClaim is unbound, - the default VolumeAttributesClass will be set by the - persistentvolume controller if it exists. If the resource - referred to by volumeAttributesClass does not exist, - this PersistentVolumeClaim will be set to a Pending - state, as reflected by the modifyVolumeStatus field, - until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass - feature gate to be enabled.' - type: string - volumeMode: - description: volumeMode defines what type of volume is - required by the claim. Value of Filesystem is implied - when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to the - PersistentVolume backing this claim. - type: string - type: object - status: - description: 'Deprecated: this field is never set.' - properties: - accessModes: - description: 'accessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - allocatedResourceStatuses: - additionalProperties: - description: When a controller receives persistentvolume - claim update with ClaimResourceStatus for a resource - that it does not recognizes, then it should ignore - that update and let other controllers handle it. - type: string - description: "allocatedResourceStatuses stores status - of resource being resized for the given PVC. Key names - follow standard Kubernetes label syntax. Valid values - are either: * Un-prefixed keys: - storage - the capacity - of the volume. * Custom resources must use implementation-defined - prefixed names such as \"example.com/my-custom-resource\" - Apart from above values - keys that are unprefixed or - have kubernetes.io prefix are considered reserved and - hence may not be used. \n ClaimResourceStatus can be - in any of following states: - ControllerResizeInProgress: - State set when resize controller starts resizing the - volume in control-plane. - ControllerResizeFailed: State - set when resize has failed in resize controller with - a terminal error. - NodeResizePending: State set when - resize controller has finished resizing the volume but - further resizing of volume is needed on the node. - - NodeResizeInProgress: State set when kubelet starts - resizing the volume. - NodeResizeFailed: State set when - resizing has failed in kubelet with a terminal error. - Transient errors don't set NodeResizeFailed. For example: - if expanding a PVC for more capacity - this field can - be one of the following states: - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\" When this field is not set, it - means that no resize operation is in progress for the - given PVC. \n A controller that receives PVC update - with previously unknown resourceName or ClaimResourceStatus - should ignore the update for the purpose it was designed. - For example - a controller that only is responsible - for resizing capacity of the volume, should ignore PVC - updates that change other valid resources associated - with PVC. \n This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature." - type: object - x-kubernetes-map-type: granular - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources - allocated to a PVC including its capacity. Key names - follow standard Kubernetes label syntax. Valid values - are either: * Un-prefixed keys: - storage - the capacity - of the volume. * Custom resources must use implementation-defined - prefixed names such as \"example.com/my-custom-resource\" - Apart from above values - keys that are unprefixed or - have kubernetes.io prefix are considered reserved and - hence may not be used. \n Capacity reported here may - be larger than the actual capacity when a volume expansion - operation is requested. For storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used. If allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation. If a volume expansion - capacity request is lowered, allocatedResources is only - lowered if there are no expansion operations in progress - and if the actual volume capacity is equal or lower - than the requested capacity. \n A controller that receives - PVC update with previously unknown resourceName should - ignore the update for the purpose it was designed. For - example - a controller that only is responsible for - resizing capacity of the volume, should ignore PVC updates - that change other valid resources associated with PVC. - \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. - type: object - conditions: - description: conditions is the current Condition of persistent - volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contains - details about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed - the condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time the - condition transitioned from one status to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: reason is a unique, this should be - a short, machine understandable string that gives - the reason for condition's last transition. If - it reports "ResizeStarted" that means the underlying - persistent volume is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - currentVolumeAttributesClassName: - description: currentVolumeAttributesClassName is the current - name of the VolumeAttributesClass the PVC is using. - When unset, there is no VolumeAttributeClass applied - to this PersistentVolumeClaim This is an alpha field - and requires enabling VolumeAttributesClass feature. - type: string - modifyVolumeStatus: - description: ModifyVolumeStatus represents the status - object of ControllerModifyVolume operation. When this - is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass - feature. - properties: - status: - description: 'status is the status of the ControllerModifyVolume - operation. It can be in any of following states: - - Pending Pending indicates that the PersistentVolumeClaim - cannot be modified due to unmet requirements, such - as the specified VolumeAttributesClass not existing. - - InProgress InProgress indicates that the volume - is being modified. - Infeasible Infeasible indicates - that the request has been rejected as invalid by - the CSI driver. To resolve the error, a valid VolumeAttributesClass - needs to be specified. Note: New statuses can be - added in the future. Consumers should check for - unknown statuses and fail appropriately.' - type: string - targetVolumeAttributesClassName: - description: targetVolumeAttributesClassName is the - name of the VolumeAttributesClass the PVC currently - being reconciled - type: string - required: - - status - type: object - phase: - description: phase represents the current phase of PersistentVolumeClaim. - type: string - type: object - type: object - type: object - tag: - description: 'Tag of Alertmanager container image to be deployed. - Defaults to the value of `version`. Version is ignored if Tag is - set. Deprecated: use ''image'' instead. The image tag can be specified - as part of the image URL.' - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: If specified, the pod's topology spread constraints. - items: - description: TopologySpreadConstraint specifies how to spread matching - pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching pods. Pods - that match this label selector are counted to determine the - number of pods in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select - the pods over which spreading will be calculated. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are ANDed with labelSelector to select the - group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in - both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot - be set when LabelSelector isn't set. Keys that don't exist - in the incoming pod labels will be ignored. A null or empty - list means only match against labelSelector. \n This is a - beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled by default)." - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: 'MaxSkew describes the degree to which pods may - be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between the number - of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods - in an eligible domain or zero if the number of eligible domains - is less than MinDomains. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same labelSelector - spread as 2/2/1: In this case, the global minimum is 1. | - zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew - is 1, incoming pod can only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) - on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming - pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies that satisfy - it. It''s a required field. Default value is 1 and 0 is not - allowed.' - format: int32 - type: integer - minDomains: - description: "MinDomains indicates a minimum number of eligible - domains. When the number of eligible domains with matching - topology keys is less than minDomains, Pod Topology Spread - treats \"global minimum\" as 0, and then the calculation of - Skew is performed. And when the number of eligible domains - with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. As a result, when - the number of eligible domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods to those domains. If - value is nil, the constraint behaves as if MinDomains is equal - to 1. Valid values are integers greater than 0. When value - is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For - example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains - is set to 5 and pods with the same labelSelector spread as - 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | - The number of domains is less than 5(MinDomains), so \"global - minimum\" is treated as 0. In this situation, new pod with - the same labelSelector cannot be scheduled, because computed - skew will be 3(3 - 0) if new Pod is scheduled to any of the - three zones, it will violate MaxSkew. \n This is a beta field - and requires the MinDomainsInPodTopologySpread feature gate - to be enabled (enabled by default)." - format: int32 - type: integer - nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat - Pod's nodeAffinity/nodeSelector when calculating pod topology - spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector - are included in the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the calculations. \n - If this value is nil, the behavior is equivalent to the Honor - policy. This is a beta-level feature default enabled by the - NodeInclusionPolicyInPodTopologySpread feature flag." - type: string - nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node - taints when calculating pod topology spread skew. Options - are: - Honor: nodes without taints, along with tainted nodes - for which the incoming pod has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - \n If this value is nil, the behavior is equivalent to the - Ignore policy. This is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread feature flag." - type: string - topologyKey: - description: TopologyKey is the key of node labels. Nodes that - have a label with this key and identical values are considered - to be in the same topology. We consider each - as a "bucket", and try to put balanced number of pods into - each bucket. We define a domain as a particular instance of - a topology. Also, we define an eligible domain as a domain - whose nodes meet the requirements of nodeAffinityPolicy and - nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. And, if TopologyKey - is "topology.kubernetes.io/zone", each zone is a domain of - that topology. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a - pod if it doesn''t satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it. - ScheduleAnyway - tells the scheduler to schedule the pod in any location, but - giving higher precedence to topologies that would help reduce - the skew. A constraint is considered "Unsatisfiable" for an - incoming pod if and only if every possible node assignment - for that pod would violate "MaxSkew" on some topology. For - example, in a 3-zone cluster, MaxSkew is set to 1, and pods - with the same labelSelector spread as 3/1/1: | zone1 | zone2 - | zone3 | | P P P | P | P | If WhenUnsatisfiable is - set to DoNotSchedule, incoming pod can only be scheduled to - zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on - zone2(zone3) satisfies MaxSkew(1). In other words, the cluster - can still be imbalanced, but scheduler won''t make it *more* - imbalanced. It''s a required field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - version: - description: Version the cluster should be on. - type: string - volumeMounts: - description: VolumeMounts allows configuration of additional VolumeMounts - on the output StatefulSet definition. VolumeMounts specified will - be appended to other VolumeMounts in the alertmanager container, - that are generated as a result of StorageSpec objects. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: Volumes allows configuration of additional volumes on - the output StatefulSet definition. Volumes specified will be appended - to other volumes that are generated as a result of StorageSpec objects. - items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'volumeID is unique ID of the persistent disk - resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data disk in the - blob storage - type: string - diskURI: - description: diskURI is the URI of data disk in the blob - storage - type: string - fsType: - description: fsType is Filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to shared' - type: string - readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. - properties: - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key - type: string - shareName: - description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime - properties: - monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' - type: string - readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: 'volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap that should populate - this volume - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: items if unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its - keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). - properties: - driver: - description: driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. - type: string - fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. - type: string - nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward API about the pod - that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the - SizeLimit specified here and the sum of memory limits - of all containers in a pod. The default is nil which means - that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use this - if: a) the volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified through - a storage class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n Use - CSI for light-weight local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation of the - driver for more information. \n A pod can use both types of - ephemeral volumes and persistent volumes at the same time." - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of the - PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). \n - An existing PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC - is meant to be used by the pod, the PVC has to updated - with an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may be useful - when manually reconstructing a broken cluster. \n This - field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, must - not be nil." - properties: - metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No other - fields are allowed and will be rejected during validation. - type: object - spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. - properties: - accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. When the AnyVolumeDataSource feature - gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, if - a non-empty volume is desired. This may be any - object from a non-empty API group (non core object) - or a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. - This field will replace the functionality of the - dataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t - specified in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the - same value and must be empty. There are three - important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types - of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping - them), dataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the - namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to - be enabled.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeAttributesClassName: - description: 'volumeAttributesClassName may be used - to set the VolumeAttributesClass used by this - claim. If specified, the CSI driver will create - or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This - has a different purpose than storageClassName, - it can be changed after the claim is created. - An empty string value means that no VolumeAttributesClass - will be applied to the claim but it''s not allowed - to reset this field to empty string once it is - set. If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller - if it exists. If the resource referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim will - be set to a Pending state, as reflected by the - modifyVolumeStatus field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass - feature gate to be enabled.' - type: string - volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. - properties: - fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - lun: - description: 'lun is Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' - items: - type: string - type: array - wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - properties: - driver: - description: driver is the name of the driver to use for - this volume. - type: string - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends - on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field holds extra - command options if any.' - type: object - readOnly: - description: 'readOnly is Optional: defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the plugin - scripts.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running - properties: - datasetName: - description: datasetName is Name of the dataset stored as - metadata -> name on the dataset for Flocker should be - considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'fsType is filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'pdName is unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' - properties: - directory: - description: directory is the target directory name. Must - not contain or start with '..'. If '.' is supplied, the - volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash for the specified - revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' - properties: - path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'iscsi represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI - Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication - type: boolean - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iscsiInterface is the interface Name that uses - an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: portals is the iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: targetPortal is iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'name of the volume. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'nfs represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'readOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: readOnly Will force the ReadOnly setting in - VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine - properties: - fsType: - description: fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources secrets, - configmaps, and downward API - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: sources is the list of volume projections - items: - description: Projection that may be projected along with - other supported volume types - properties: - clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access - the `.spec.trustBundle` field of ClusterTrustBundle - objects in an auto-updating file. \n Alpha, gated - by the ClusterTrustBundleProjection feature gate. - \n ClusterTrustBundle objects can either be selected - by name, or by the combination of signer name and - a label selector. \n Kubelet performs aggressive - normalization of the PEM contents written into the - pod filesystem. Esoteric PEM features such as inter-block - comments and block headers are stripped. Certificates - are deduplicated. The ordering of certificates within - the file is arbitrary, and Kubelet may change the - order over time." - properties: - labelSelector: - description: Select all ClusterTrustBundles that - match this label selector. Only has effect - if signerName is set. Mutually-exclusive with - name. If unset, interpreted as "match nothing". If - set but empty, interpreted as "match everything". - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive with signerName - and labelSelector. - type: string - optional: - description: If true, don't block pod startup - if the referenced ClusterTrustBundle(s) aren't - available. If using name, then the named ClusterTrustBundle - is allowed not to exist. If using signerName, - then the combination of signerName and labelSelector - is allowed to match zero ClusterTrustBundles. - type: boolean - path: - description: Relative path from the volume root - to write the bundle. - type: string - signerName: - description: Select all ClusterTrustBundles that - match this signer name. Mutually-exclusive with - name. The contents of all selected ClusterTrustBundles - will be unified and deduplicated. - type: string - required: - - path - type: object - configMap: - description: configMap information about the configMap - data to project - properties: - items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI - data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - description: secret information about the secret data - to project - properties: - items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional field specify whether the - Secret or its key must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about - the serviceAccountToken data to project - properties: - audience: - description: audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. - format: int64 - type: integer - path: - description: path is the path relative to the - mount point of the file to project the token - into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - properties: - group: - description: group to map volume access to Default is no - group - type: string - readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. - type: boolean - registry: - description: registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes - type: string - tenant: - description: tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin - type: string - user: - description: user to map volume access to Defaults to serivceaccount - user - type: string - volume: - description: volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'rbd represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'pool is the rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'secretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is the rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: gateway is the host address of the ScaleIO - API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. - type: string - readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: storageMode indicates whether the storage for - a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. - type: string - system: - description: system is the name of the storage system as - configured in ScaleIO. - type: string - volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: items If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: optional field specify whether the Secret or - its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the - pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: volumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. - type: string - volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: fsType is filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - web: - description: Defines the web command line flags when starting Alertmanager. - properties: - getConcurrency: - description: Maximum number of GET requests processed concurrently. - This corresponds to the Alertmanager's `--web.get-concurrency` - flag. - format: int32 - type: integer - httpConfig: - description: Defines HTTP parameters for web server. - properties: - headers: - description: List of headers that can be added to HTTP responses. - properties: - contentSecurityPolicy: - description: Set the Content-Security-Policy header to - HTTP responses. Unset if blank. - type: string - strictTransportSecurity: - description: Set the Strict-Transport-Security header - to HTTP responses. Unset if blank. Please make sure - that you use this with care as this header might force - browsers to load Prometheus and the other applications - hosted on the same domain and subdomains over HTTPS. - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security - type: string - xContentTypeOptions: - description: Set the X-Content-Type-Options header to - HTTP responses. Unset if blank. Accepted value is nosniff. - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options - enum: - - "" - - NoSniff - type: string - xFrameOptions: - description: Set the X-Frame-Options header to HTTP responses. - Unset if blank. Accepted values are deny and sameorigin. - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options - enum: - - "" - - Deny - - SameOrigin - type: string - xXSSProtection: - description: Set the X-XSS-Protection header to all responses. - Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection - type: string - type: object - http2: - description: Enable HTTP/2 support. Note that HTTP/2 is only - supported with TLS. When TLSConfig is not configured, HTTP/2 - will be disabled. Whenever the value of the field changes, - a rolling update will be triggered. - type: boolean - type: object - timeout: - description: Timeout for HTTP requests. This corresponds to the - Alertmanager's `--web.timeout` flag. - format: int32 - type: integer - tlsConfig: - description: Defines the TLS parameters for HTTPS. - properties: - cert: - description: Contains the TLS certificate for the server. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cipherSuites: - description: 'List of supported cipher suites for TLS versions - up to TLS 1.2. If empty, Go default cipher suites are used. - Available cipher suites are documented in the go documentation: - https://golang.org/pkg/crypto/tls/#pkg-constants' - items: - type: string - type: array - client_ca: - description: Contains the CA certificate for client certificate - authentication to the server. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientAuthType: - description: 'Server policy for client authentication. Maps - to ClientAuth Policies. For more detail on clientAuth options: - https://golang.org/pkg/crypto/tls/#ClientAuthType' - type: string - curvePreferences: - description: 'Elliptic curves that will be used in an ECDHE - handshake, in preference order. Available curves are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID' - items: - type: string - type: array - keySecret: - description: Secret containing the TLS key for the server. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. - type: string - minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. - type: string - preferServerCipherSuites: - description: Controls whether the server selects the client's - most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed - in the order of elements in cipherSuites, is used. - type: boolean - required: - - cert - - keySecret - type: object - type: object - type: object - status: - description: 'Most recent observed status of the Alertmanager cluster. - Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this Alertmanager cluster. - format: int32 - type: integer - conditions: - description: The current state of the Alertmanager object. - items: - description: Condition represents the state of the resources associated - with the Prometheus, Alertmanager or ThanosRuler resource. - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status property. - format: date-time - type: string - message: - description: Human-readable message indicating details for the - condition's last transition. - type: string - observedGeneration: - description: ObservedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if `.metadata.generation` - is currently 12, but the `.status.conditions[].observedGeneration` - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - type: integer - reason: - description: Reason for the condition's last transition. - type: string - status: - description: Status of the condition. - type: string - type: - description: Type of the condition being reported. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - paused: - description: Represents whether any actions on the underlying managed - objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this - Alertmanager object (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this Alertmanager - object. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this - Alertmanager object that have the desired version spec. - format: int32 - type: integer - required: - - availableReplicas - - paused - - replicas - - unavailableReplicas - - updatedReplicas - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml b/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml deleted file mode 100644 index 51daf45..0000000 --- a/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml +++ /dev/null @@ -1,748 +0,0 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.73.2 - name: podmonitors.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: PodMonitor - listKind: PodMonitorList - plural: podmonitors - shortNames: - - pmon - singular: podmonitor - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodMonitor defines monitoring for a set of pods. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of desired Pod selection for target discovery - by Prometheus. - properties: - attachMetadata: - description: "`attachMetadata` defines additional metadata which is - added to the discovered targets. \n It requires Prometheus >= v2.37.0." - properties: - node: - description: When set to true, Prometheus must have the `get` - permission on the `Nodes` objects. - type: boolean - type: object - bodySizeLimit: - description: "When defined, bodySizeLimit specifies a job level limit - on the size of uncompressed response body that will be accepted - by Prometheus. \n It requires Prometheus >= v2.28.0." - pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ - type: string - jobLabel: - description: "The label to use to retrieve the job name from. `jobLabel` - selects the label from the associated Kubernetes `Pod` object which - will be used as the `job` label for all metrics. \n For example - if `jobLabel` is set to `foo` and the Kubernetes `Pod` object is - labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"` - label to all ingested metrics. \n If the value of this field is - empty, the `job` label of the metrics defaults to the namespace - and name of the PodMonitor object (e.g. `/`)." - type: string - keepDroppedTargets: - description: "Per-scrape limit on the number of targets dropped by - relabeling that will be kept in memory. 0 means no limit. \n It - requires Prometheus >= v2.47.0." - format: int64 - type: integer - labelLimit: - description: "Per-scrape limit on number of labels that will be accepted - for a sample. \n It requires Prometheus >= v2.27.0." - format: int64 - type: integer - labelNameLengthLimit: - description: "Per-scrape limit on length of labels name that will - be accepted for a sample. \n It requires Prometheus >= v2.27.0." - format: int64 - type: integer - labelValueLengthLimit: - description: "Per-scrape limit on length of labels value that will - be accepted for a sample. \n It requires Prometheus >= v2.27.0." - format: int64 - type: integer - namespaceSelector: - description: Selector to select which namespaces the Kubernetes `Pods` - objects are discovered from. - properties: - any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names to select from. - items: - type: string - type: array - type: object - podMetricsEndpoints: - description: List of endpoints part of this PodMonitor. - items: - description: PodMetricsEndpoint defines an endpoint serving Prometheus - metrics to be scraped by Prometheus. - properties: - authorization: - description: "`authorization` configures the Authorization header - credentials to use when scraping the target. \n Cannot be - set at the same time as `basicAuth`, or `oauth2`." - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: "Defines the authentication type. The value - is case-insensitive. \n \"Basic\" is not a supported value. - \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: "`basicAuth` configures the Basic Authentication - credentials to use when scraping the target. \n Cannot be - set at the same time as `authorization`, or `oauth2`." - properties: - password: - description: '`password` specifies a key of a Secret containing - the password for authentication.' - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: '`username` specifies a key of a Secret containing - the username for authentication.' - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: "`bearerTokenSecret` specifies a key of a Secret - containing the bearer token for scraping targets. The secret - needs to be in the same namespace as the PodMonitor object - and readable by the Prometheus Operator. \n Deprecated: use - `authorization` instead." - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - enableHttp2: - description: '`enableHttp2` can be used to disable HTTP2 when - scraping the target.' - type: boolean - filterRunning: - description: "When true, the pods which are not running (e.g. - either in Failed or Succeeded state) are dropped during the - target discovery. \n If unset, the filtering is enabled. \n - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase" - type: boolean - followRedirects: - description: '`followRedirects` defines whether the scrape requests - should follow HTTP 3xx redirects.' - type: boolean - honorLabels: - description: When true, `honorLabels` preserves the metric's - labels when they collide with the target's labels. - type: boolean - honorTimestamps: - description: '`honorTimestamps` controls whether Prometheus - preserves the timestamps when exposed by the target.' - type: boolean - interval: - description: "Interval at which Prometheus scrapes the metrics - from the target. \n If empty, Prometheus uses the global scrape - interval." - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - metricRelabelings: - description: '`metricRelabelings` configures the relabeling - rules to apply to the samples before ingestion.' - items: - description: "RelabelConfig allows dynamic rewriting of the - label set for targets, alerts, scraped samples and remote - write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" - properties: - action: - default: replace - description: "Action to perform based on the regex matching. - \n `Uppercase` and `Lowercase` actions require Prometheus - >= v2.36.0. `DropEqual` and `KeepEqual` actions require - Prometheus >= v2.41.0. \n Default: \"Replace\"" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: "Modulus to take of the hash of the source - label values. \n Only applicable when the action is - `HashMod`." - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. - type: string - replacement: - description: "Replacement value against which a Replace - action is performed if the regular expression matches. - \n Regex capture groups are available." - type: string - separator: - description: Separator is the string between concatenated - SourceLabels. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - Separator and matched against the configured regular - expression. - items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: "Label to which the resulting string is written - in a replacement. \n It is mandatory for `Replace`, - `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and - `DropEqual` actions. \n Regex capture groups are available." - type: string - type: object - type: array - oauth2: - description: "`oauth2` configures the OAuth2 settings to use - when scraping the target. \n It requires Prometheus >= 2.27.0. - \n Cannot be set at the same time as `authorization`, or `basicAuth`." - properties: - clientId: - description: '`clientId` specifies a key of a Secret or - ConfigMap containing the OAuth2 client''s ID.' - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: '`clientSecret` specifies a key of a Secret - containing the OAuth2 client''s secret.' - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: '`endpointParams` configures the HTTP parameters - to append to the token URL.' - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used for - the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch the - token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - params: - additionalProperties: - items: - type: string - type: array - description: '`params` define optional HTTP URL parameters.' - type: object - path: - description: "HTTP path from which to scrape for metrics. \n - If empty, Prometheus uses the default value (e.g. `/metrics`)." - type: string - port: - description: "Name of the Pod port which this endpoint refers - to. \n It takes precedence over `targetPort`." - type: string - proxyUrl: - description: '`proxyURL` configures the HTTP Proxy URL (e.g. - "http://proxyserver:2195") to go through when scraping the - target.' - type: string - relabelings: - description: "`relabelings` configures the relabeling rules - to apply the target's metadata labels. \n The Operator automatically - adds relabelings for a few standard Kubernetes fields. \n - The original scrape job's name is available via the `__tmp_prometheus_job_name` - label. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" - items: - description: "RelabelConfig allows dynamic rewriting of the - label set for targets, alerts, scraped samples and remote - write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" - properties: - action: - default: replace - description: "Action to perform based on the regex matching. - \n `Uppercase` and `Lowercase` actions require Prometheus - >= v2.36.0. `DropEqual` and `KeepEqual` actions require - Prometheus >= v2.41.0. \n Default: \"Replace\"" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: "Modulus to take of the hash of the source - label values. \n Only applicable when the action is - `HashMod`." - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. - type: string - replacement: - description: "Replacement value against which a Replace - action is performed if the regular expression matches. - \n Regex capture groups are available." - type: string - separator: - description: Separator is the string between concatenated - SourceLabels. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - Separator and matched against the configured regular - expression. - items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: "Label to which the resulting string is written - in a replacement. \n It is mandatory for `Replace`, - `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and - `DropEqual` actions. \n Regex capture groups are available." - type: string - type: object - type: array - scheme: - description: "HTTP scheme to use for scraping. \n `http` and - `https` are the expected values unless you rewrite the `__scheme__` - label via relabeling. \n If empty, Prometheus uses the default - value `http`." - enum: - - http - - https - type: string - scrapeTimeout: - description: "Timeout after which Prometheus considers the scrape - to be failed. \n If empty, Prometheus uses the global scrape - timeout unless it is less than the target's scrape interval - value in which the latter is used." - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: "Name or number of the target port of the `Pod` - object behind the Service, the port must be specified with - container port property. \n Deprecated: use 'port' instead." - x-kubernetes-int-or-string: true - tlsConfig: - description: TLS configuration to use when scraping the target. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - trackTimestampsStaleness: - description: "`trackTimestampsStaleness` defines whether Prometheus - tracks staleness of the metrics that have an explicit timestamp - present in scraped data. Has no effect if `honorTimestamps` - is false. \n It requires Prometheus >= v2.48.0." - type: boolean - type: object - type: array - podTargetLabels: - description: '`podTargetLabels` defines the labels which are transferred - from the associated Kubernetes `Pod` object onto the ingested metrics.' - items: - type: string - type: array - sampleLimit: - description: '`sampleLimit` defines a per-scrape limit on the number - of scraped samples that will be accepted.' - format: int64 - type: integer - scrapeClass: - description: The scrape class to apply. - minLength: 1 - type: string - scrapeProtocols: - description: "`scrapeProtocols` defines the protocols to negotiate - during a scrape. It tells clients the protocols supported by Prometheus - in order of preference (from most to least preferred). \n If unset, - Prometheus uses its default value. \n It requires Prometheus >= - v2.49.0." - items: - description: 'ScrapeProtocol represents a protocol used by Prometheus - for scraping metrics. Supported values are: * `OpenMetricsText0.0.1` - * `OpenMetricsText1.0.0` * `PrometheusProto` * `PrometheusText0.0.4`' - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - type: string - type: array - x-kubernetes-list-type: set - selector: - description: Label selector to select the Kubernetes `Pod` objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - targetLimit: - description: '`targetLimit` defines a limit on the number of scraped - targets that will be accepted.' - format: int64 - type: integer - required: - - selector - type: object - required: - - spec - type: object - served: true - storage: true diff --git a/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml b/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml deleted file mode 100644 index aa3b3ce..0000000 --- a/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml +++ /dev/null @@ -1,759 +0,0 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.73.2 - name: probes.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: Probe - listKind: ProbeList - plural: probes - shortNames: - - prb - singular: probe - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Probe defines monitoring for a set of static targets or ingresses. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of desired Ingress selection for target discovery - by Prometheus. - properties: - authorization: - description: Authorization section for this endpoint - properties: - credentials: - description: Selects a key of a Secret in the namespace that contains - the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: "Defines the authentication type. The value is case-insensitive. - \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over basic - authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' - properties: - password: - description: '`password` specifies a key of a Secret containing - the password for authentication.' - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: '`username` specifies a key of a Secret containing - the username for authentication.' - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: Secret to mount to read bearer token for scraping targets. - The secret needs to be in the same namespace as the probe and accessible - by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - interval: - description: Interval at which targets are probed using the configured - prober. If not specified Prometheus' global scrape interval is used. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - jobName: - description: The job name assigned to scraped metrics by default. - type: string - keepDroppedTargets: - description: "Per-scrape limit on the number of targets dropped by - relabeling that will be kept in memory. 0 means no limit. \n It - requires Prometheus >= v2.47.0." - format: int64 - type: integer - labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. - format: int64 - type: integer - labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. - format: int64 - type: integer - labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. - format: int64 - type: integer - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. - items: - description: "RelabelConfig allows dynamic rewriting of the label - set for targets, alerts, scraped samples and remote write samples. - \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" - properties: - action: - default: replace - description: "Action to perform based on the regex matching. - \n `Uppercase` and `Lowercase` actions require Prometheus - >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus - >= v2.41.0. \n Default: \"Replace\"" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: "Modulus to take of the hash of the source label - values. \n Only applicable when the action is `HashMod`." - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. - type: string - replacement: - description: "Replacement value against which a Replace action - is performed if the regular expression matches. \n Regex capture - groups are available." - type: string - separator: - description: Separator is the string between concatenated SourceLabels. - type: string - sourceLabels: - description: The source labels select values from existing labels. - Their content is concatenated using the configured Separator - and matched against the configured regular expression. - items: - description: LabelName is a valid Prometheus label name which - may only contain ASCII letters, numbers, as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: "Label to which the resulting string is written - in a replacement. \n It is mandatory for `Replace`, `HashMod`, - `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - \n Regex capture groups are available." - type: string - type: object - type: array - module: - description: 'The module to use for probing specifying how to probe - the target. Example module configuring in the blackbox exporter: - https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' - type: string - oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. - properties: - clientId: - description: '`clientId` specifies a key of a Secret or ConfigMap - containing the OAuth2 client''s ID.' - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: '`clientSecret` specifies a key of a Secret containing - the OAuth2 client''s secret.' - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: '`endpointParams` configures the HTTP parameters - to append to the token URL.' - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used for the - token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch the token - from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - prober: - description: Specification for the prober to use for probing targets. - The prober.URL parameter is required. Targets cannot be probed if - left empty. - properties: - path: - default: /probe - description: Path to collect metrics from. Defaults to `/probe`. - type: string - proxyUrl: - description: Optional ProxyURL. - type: string - scheme: - description: HTTP scheme to use for scraping. `http` and `https` - are the expected values unless you rewrite the `__scheme__` - label via relabeling. If empty, Prometheus uses the default - value `http`. - enum: - - http - - https - type: string - url: - description: Mandatory URL of the prober. - type: string - required: - - url - type: object - sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. - format: int64 - type: integer - scrapeClass: - description: The scrape class to apply. - minLength: 1 - type: string - scrapeProtocols: - description: "`scrapeProtocols` defines the protocols to negotiate - during a scrape. It tells clients the protocols supported by Prometheus - in order of preference (from most to least preferred). \n If unset, - Prometheus uses its default value. \n It requires Prometheus >= - v2.49.0." - items: - description: 'ScrapeProtocol represents a protocol used by Prometheus - for scraping metrics. Supported values are: * `OpenMetricsText0.0.1` - * `OpenMetricsText1.0.0` * `PrometheusProto` * `PrometheusText0.0.4`' - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - type: string - type: array - x-kubernetes-list-type: set - scrapeTimeout: - description: Timeout for scraping metrics from the Prometheus exporter. - If not specified, the Prometheus global scrape timeout is used. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. - format: int64 - type: integer - targets: - description: Targets defines a set of static or dynamically discovered - targets to probe. - properties: - ingress: - description: ingress defines the Ingress objects to probe and - the relabeling configuration. If `staticConfig` is also defined, - `staticConfig` takes precedence. - properties: - namespaceSelector: - description: From which namespaces to select Ingress objects. - properties: - any: - description: Boolean describing whether all namespaces - are selected in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names to select from. - items: - type: string - type: array - type: object - relabelingConfigs: - description: 'RelabelConfigs to apply to the label set of - the target before it gets scraped. The original ingress - address is available via the `__tmp_prometheus_ingress_address` - label. It can be used to customize the probed URL. The original - scrape job''s name is available via the `__tmp_prometheus_job_name` - label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' - items: - description: "RelabelConfig allows dynamic rewriting of - the label set for targets, alerts, scraped samples and - remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" - properties: - action: - default: replace - description: "Action to perform based on the regex matching. - \n `Uppercase` and `Lowercase` actions require Prometheus - >= v2.36.0. `DropEqual` and `KeepEqual` actions require - Prometheus >= v2.41.0. \n Default: \"Replace\"" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: "Modulus to take of the hash of the source - label values. \n Only applicable when the action is - `HashMod`." - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. - type: string - replacement: - description: "Replacement value against which a Replace - action is performed if the regular expression matches. - \n Regex capture groups are available." - type: string - separator: - description: Separator is the string between concatenated - SourceLabels. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - Separator and matched against the configured regular - expression. - items: - description: LabelName is a valid Prometheus label - name which may only contain ASCII letters, numbers, - as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: "Label to which the resulting string is - written in a replacement. \n It is mandatory for `Replace`, - `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and - `DropEqual` actions. \n Regex capture groups are available." - type: string - type: object - type: array - selector: - description: Selector to select the Ingress objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: object - staticConfig: - description: 'staticConfig defines the static list of targets - to probe and the relabeling configuration. If `ingress` is also - defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' - properties: - labels: - additionalProperties: - type: string - description: Labels assigned to all metrics scraped from the - targets. - type: object - relabelingConfigs: - description: 'RelabelConfigs to apply to the label set of - the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' - items: - description: "RelabelConfig allows dynamic rewriting of - the label set for targets, alerts, scraped samples and - remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" - properties: - action: - default: replace - description: "Action to perform based on the regex matching. - \n `Uppercase` and `Lowercase` actions require Prometheus - >= v2.36.0. `DropEqual` and `KeepEqual` actions require - Prometheus >= v2.41.0. \n Default: \"Replace\"" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: "Modulus to take of the hash of the source - label values. \n Only applicable when the action is - `HashMod`." - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. - type: string - replacement: - description: "Replacement value against which a Replace - action is performed if the regular expression matches. - \n Regex capture groups are available." - type: string - separator: - description: Separator is the string between concatenated - SourceLabels. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - Separator and matched against the configured regular - expression. - items: - description: LabelName is a valid Prometheus label - name which may only contain ASCII letters, numbers, - as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: "Label to which the resulting string is - written in a replacement. \n It is mandatory for `Replace`, - `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and - `DropEqual` actions. \n Regex capture groups are available." - type: string - type: object - type: array - static: - description: The list of hosts to probe. - items: - type: string - type: array - type: object - type: object - tlsConfig: - description: TLS configuration to use when scraping the endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - type: object - required: - - spec - type: object - served: true - storage: true diff --git a/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml b/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml deleted file mode 100644 index a6050e7..0000000 --- a/charts/nopo11y-stack/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml +++ /dev/null @@ -1,9135 +0,0 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - operator.prometheus.io/version: 0.73.2 - name: prometheusagents.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: PrometheusAgent - listKind: PrometheusAgentList - plural: prometheusagents - shortNames: - - promagent - singular: prometheusagent - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The version of Prometheus agent - jsonPath: .spec.version - name: Version - type: string - - description: The number of desired replicas - jsonPath: .spec.replicas - name: Desired - type: integer - - description: The number of ready replicas - jsonPath: .status.availableReplicas - name: Ready - type: integer - - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status - name: Reconciled - type: string - - jsonPath: .status.conditions[?(@.type == 'Available')].status - name: Available - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Whether the resource reconciliation is paused or not - jsonPath: .status.paused - name: Paused - priority: 1 - type: boolean - name: v1alpha1 - schema: - openAPIV3Schema: - description: PrometheusAgent defines a Prometheus agent deployment. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Specification of the desired behavior of the Prometheus - agent. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - additionalArgs: - description: "AdditionalArgs allows setting additional arguments for - the 'prometheus' container. \n It is intended for e.g. activating - hidden flags which are not supported by the dedicated configuration - options yet. The arguments are passed as-is to the Prometheus container - which may cause issues if they are invalid or not supported by the - given Prometheus version. \n In case of an argument conflict (e.g. - an argument which is already set by the operator itself) or when - providing an invalid argument, the reconciliation will fail and - an error will be logged." - items: - description: Argument as part of the AdditionalArgs list. - properties: - name: - description: Name of the argument, e.g. "scrape.discovery-reload-interval". - minLength: 1 - type: string - value: - description: Argument value, e.g. 30s. Can be empty for name-only - arguments (e.g. --storage.tsdb.no-lockfile) - type: string - required: - - name - type: object - type: array - additionalScrapeConfigs: - description: 'AdditionalScrapeConfigs allows specifying a key of a - Secret containing additional Prometheus scrape configurations. Scrape - configurations specified are appended to the configurations generated - by the Prometheus Operator. Job configurations specified must have - the form as specified in the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. - As scrape configs are appended, the user is responsible to make - sure it is valid. Note that using this feature may expose the possibility - to break upgrades of Prometheus. It is advised to review Prometheus - release notes to ensure that no incompatible scrape configs are - going to break Prometheus after the upgrade.' - properties: - key: - description: The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - affinity: - description: Defines the Pods' affinity scheduling rules if specified. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key in (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key notin (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MismatchLabelKeys and - LabelSelector. Also, MismatchLabelKeys cannot be set - when LabelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key in (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key notin (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MismatchLabelKeys and - LabelSelector. Also, MismatchLabelKeys cannot be set - when LabelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - apiserverConfig: - description: 'APIServerConfig allows specifying a host and auth methods - to access the Kuberntees API server. If null, Prometheus is assumed - to run inside of the cluster: it will discover the API servers automatically - and use the Pod''s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.' - properties: - authorization: - description: "Authorization section for the API server. \n Cannot - be set at the same time as `basicAuth`, `bearerToken`, or `bearerTokenFile`." - properties: - credentials: - description: Selects a key of a Secret in the namespace that - contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - credentialsFile: - description: File to read a secret from, mutually exclusive - with `credentials`. - type: string - type: - description: "Defines the authentication type. The value is - case-insensitive. \n \"Basic\" is not a supported value. - \n Default: \"Bearer\"" - type: string - type: object - basicAuth: - description: "BasicAuth configuration for the API server. \n Cannot - be set at the same time as `authorization`, `bearerToken`, or - `bearerTokenFile`." - properties: - password: - description: '`password` specifies a key of a Secret containing - the password for authentication.' - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: '`username` specifies a key of a Secret containing - the username for authentication.' - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerToken: - description: "*Warning: this field shouldn't be used because the - token value appears in clear-text. Prefer using `authorization`.* - \n Deprecated: this will be removed in a future release." - type: string - bearerTokenFile: - description: "File to read bearer token for accessing apiserver. - \n Cannot be set at the same time as `basicAuth`, `authorization`, - or `bearerToken`. \n Deprecated: this will be removed in a future - release. Prefer using `authorization`." - type: string - host: - description: Kubernetes API address consisting of a hostname or - IP address followed by an optional port number. - type: string - tlsConfig: - description: TLS Config to use for the API server. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. - type: string - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the Prometheus - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus - container for the targets. - type: string - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - required: - - host - type: object - arbitraryFSAccessThroughSMs: - description: When true, ServiceMonitor, PodMonitor and Probe object - are forbidden to reference arbitrary files on the file system of - the 'prometheus' container. When a ServiceMonitor's endpoint specifies - a `bearerTokenFile` value (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), - a malicious target can get access to the Prometheus service account's - token in the Prometheus' scrape request. Setting `spec.arbitraryFSAccessThroughSM` - to 'true' would prevent the attack. Users should instead provide - the credentials using the `spec.bearerTokenSecret` field. - properties: - deny: - type: boolean - type: object - bodySizeLimit: - description: BodySizeLimit defines per-scrape on response body size. - Only valid in Prometheus versions 2.45.0 and newer. - pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ - type: string - configMaps: - description: ConfigMaps is a list of ConfigMaps in the same namespace - as the Prometheus object, which shall be mounted into the Prometheus - Pods. Each ConfigMap is added to the StatefulSet definition as a - volume named `configmap-`. The ConfigMaps are mounted - into /etc/prometheus/configmaps/ in the 'prometheus' - container. - items: - type: string - type: array - containers: - description: "Containers allows injecting additional containers or - modifying operator generated containers. This can be used to allow - adding an authentication proxy to the Pods or to change the behavior - of an operator generated container. Containers described here modify - an operator generated container if they share the same name and - modifications are done via a strategic merge patch. \n The names - of containers managed by the operator are: * `prometheus` * `config-reloader` - * `thanos-sidecar` \n Overriding containers is entirely outside - the scope of what the maintainers will support and by doing so, - you accept that this behaviour may break at any time without notice." - items: - description: A single application container that you want to run - within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds to - sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds to - sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port in a - single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource resize - policy for the container. - properties: - resourceName: - description: 'Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' - type: string - securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - enableFeatures: - description: "Enable access to Prometheus feature flags. By default, - no features are enabled. \n Enabling features which are disabled - by default is entirely outside the scope of what the maintainers - will support and by doing so, you accept that this behaviour may - break at any time without notice. \n For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/" - items: - type: string - type: array - enableRemoteWriteReceiver: - description: "Enable Prometheus to be used as a receiver for the Prometheus - remote write protocol. \n WARNING: This is not considered an efficient - way of ingesting samples. Use it with caution for specific low-volume - use cases. It is not suitable for replacing the ingestion via scraping - and turning Prometheus into a push-based metrics collection system. - For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver - \n It requires Prometheus >= v2.33.0." - type: boolean - enforcedBodySizeLimit: - description: "When defined, enforcedBodySizeLimit specifies a global - limit on the size of uncompressed response body that will be accepted - by Prometheus. Targets responding with a body larger than this many - bytes will cause the scrape to fail. \n It requires Prometheus >= - v2.28.0." - pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ - type: string - enforcedKeepDroppedTargets: - description: "When defined, enforcedKeepDroppedTargets specifies a - global limit on the number of targets dropped by relabeling that - will be kept in memory. The value overrides any `spec.keepDroppedTargets` - set by ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` - is greater than zero and less than `spec.enforcedKeepDroppedTargets`. - \n It requires Prometheus >= v2.47.0." - format: int64 - type: integer - enforcedLabelLimit: - description: "When defined, enforcedLabelLimit specifies a global - limit on the number of labels per sample. The value overrides any - `spec.labelLimit` set by ServiceMonitor, PodMonitor, Probe objects - unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. - \n It requires Prometheus >= v2.27.0." - format: int64 - type: integer - enforcedLabelNameLengthLimit: - description: "When defined, enforcedLabelNameLengthLimit specifies - a global limit on the length of labels name per sample. The value - overrides any `spec.labelNameLengthLimit` set by ServiceMonitor, - PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is - greater than zero and less than `spec.enforcedLabelNameLengthLimit`. - \n It requires Prometheus >= v2.27.0." - format: int64 - type: integer - enforcedLabelValueLengthLimit: - description: "When not null, enforcedLabelValueLengthLimit defines - a global limit on the length of labels value per sample. The value - overrides any `spec.labelValueLengthLimit` set by ServiceMonitor, - PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is - greater than zero and less than `spec.enforcedLabelValueLengthLimit`. - \n It requires Prometheus >= v2.27.0." - format: int64 - type: integer - enforcedNamespaceLabel: - description: "When not empty, a label will be added to \n 1. All metrics - scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` - objects. 2. All metrics generated from recording rules defined in - `PrometheusRule` objects. 3. All alerts generated from alerting - rules defined in `PrometheusRule` objects. 4. All vector selectors - of PromQL expressions defined in `PrometheusRule` objects. \n The - label will not added for objects referenced in `spec.excludedFromEnforcement`. - \n The label's name is this field's value. The label's value is - the namespace of the `ServiceMonitor`, `PodMonitor`, `Probe` or - `PrometheusRule` object." - type: string - enforcedSampleLimit: - description: "When defined, enforcedSampleLimit specifies a global - limit on the number of scraped samples that will be accepted. This - overrides any `spec.sampleLimit` set by ServiceMonitor, PodMonitor, - Probe objects unless `spec.sampleLimit` is greater than zero and - less than `spec.enforcedSampleLimit`. \n It is meant to be used - by admins to keep the overall number of samples/series under a desired - limit." - format: int64 - type: integer - enforcedTargetLimit: - description: "When defined, enforcedTargetLimit specifies a global - limit on the number of scraped targets. The value overrides any - `spec.targetLimit` set by ServiceMonitor, PodMonitor, Probe objects - unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. - \n It is meant to be used by admins to to keep the overall number - of targets under a desired limit." - format: int64 - type: integer - excludedFromEnforcement: - description: "List of references to PodMonitor, ServiceMonitor, Probe - and PrometheusRule objects to be excluded from enforcing a namespace - label of origin. \n It is only applicable if `spec.enforcedNamespaceLabel` - set to true." - items: - description: ObjectReference references a PodMonitor, ServiceMonitor, - Probe or PrometheusRule object. - properties: - group: - default: monitoring.coreos.com - description: Group of the referent. When not specified, it defaults - to `monitoring.coreos.com` - enum: - - monitoring.coreos.com - type: string - name: - description: Name of the referent. When not set, all resources - in the namespace are matched. - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - minLength: 1 - type: string - resource: - description: Resource of the referent. - enum: - - prometheusrules - - servicemonitors - - podmonitors - - probes - - scrapeconfigs - type: string - required: - - namespace - - resource - type: object - type: array - externalLabels: - additionalProperties: - type: string - description: The labels to add to any time series or alerts when communicating - with external systems (federation, remote storage, Alertmanager). - Labels defined by `spec.replicaExternalLabelName` and `spec.prometheusExternalLabelName` - take precedence over this list. - type: object - externalUrl: - description: The external URL under which the Prometheus service is - externally available. This is necessary to generate correct URLs - (for instance if Prometheus is accessible behind an Ingress resource). - type: string - hostAliases: - description: Optional list of hosts and IPs that will be injected - into the Pod's hosts file if specified. - items: - description: HostAlias holds the mapping between IP and hostnames - that will be injected as an entry in the pod's hosts file. - properties: - hostnames: - description: Hostnames for the above IP address. - items: - type: string - type: array - ip: - description: IP address of the host file entry. - type: string - required: - - hostnames - - ip - type: object - type: array - x-kubernetes-list-map-keys: - - ip - x-kubernetes-list-type: map - hostNetwork: - description: "Use the host's network namespace if true. \n Make sure - to understand the security implications if you want to enable it - (https://kubernetes.io/docs/concepts/configuration/overview/). \n - When hostNetwork is enabled, this will set the DNS policy to `ClusterFirstWithHostNet` - automatically." - type: boolean - ignoreNamespaceSelectors: - description: When true, `spec.namespaceSelector` from all PodMonitor, - ServiceMonitor and Probe objects will be ignored. They will only - discover targets within the namespace of the PodMonitor, ServiceMonitor - and Probe object. - type: boolean - image: - description: "Container image name for Prometheus. If specified, it - takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` - fields. \n Specifying `spec.version` is still necessary to ensure - the Prometheus Operator knows which version of Prometheus is being - configured. \n If neither `spec.image` nor `spec.baseImage` are - defined, the operator will use the latest upstream version of Prometheus - available at the time when the operator was released." - type: string - imagePullPolicy: - description: Image pull policy for the 'prometheus', 'init-config-reloader' - and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy - for more details. - enum: - - "" - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - description: An optional list of references to Secrets in the same - namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - initContainers: - description: "InitContainers allows injecting initContainers to the - Pod definition. Those can be used to e.g. fetch secrets for injection - into the Prometheus configuration from external sources. Any errors - during the execution of an initContainer will lead to a restart - of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - InitContainers described here modify an operator generated init - containers if they share the same name and modifications are done - via a strategic merge patch. \n The names of init container name - managed by the operator are: * `init-config-reloader`. \n Overriding - init containers is entirely outside the scope of what the maintainers - will support and by doing so, you accept that this behaviour may - break at any time without notice." - items: - description: A single application container that you want to run - within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds to - sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds to - sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port in a - single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource resize - policy for the container. - properties: - resourceName: - description: 'Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' - type: string - securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - keepDroppedTargets: - description: "Per-scrape limit on the number of targets dropped by - relabeling that will be kept in memory. 0 means no limit. \n It - requires Prometheus >= v2.47.0." - format: int64 - type: integer - labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.45.0 and newer. - format: int64 - type: integer - labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.45.0 - and newer. - format: int64 - type: integer - labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.45.0 - and newer. - format: int64 - type: integer - listenLocal: - description: When true, the Prometheus server listens on the loopback - address instead of the Pod IP's address. - type: boolean - logFormat: - description: Log format for Log level for Prometheus and the config-reloader - sidecar. - enum: - - "" - - logfmt - - json - type: string - logLevel: - description: Log level for Prometheus and the config-reloader sidecar. - enum: - - "" - - debug - - info - - warn - - error - type: string - maximumStartupDurationSeconds: - description: Defines the maximum time that the `prometheus` container's - startup probe will wait before being considered failed. The startup - probe will return success after the WAL replay is complete. If set, - the value should be greater than 60 (seconds). Otherwise it will - be equal to 600 seconds (15 minutes). - format: int32 - minimum: 60 - type: integer - minReadySeconds: - description: "Minimum number of seconds for which a newly created - Pod should be ready without any of its container crashing for it - to be considered available. Defaults to 0 (pod will be considered - available as soon as it is ready) \n This is an alpha field from - kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds - feature gate." - format: int32 - type: integer - nodeSelector: - additionalProperties: - type: string - description: Defines on which Nodes the Pods are scheduled. - type: object - overrideHonorLabels: - description: When true, Prometheus resolves label conflicts by renaming - the labels in the scraped data to "exported_