9 # - name: "image-pull-secret"
11 ## Define serviceAccount names for components. Defaults to component's fully qualified name.
31 ## If false, alertmanager will not be installed
35 ## alertmanager container name
39 ## alertmanager container image
43 repository: {{ dockerio_image_repository }}/prom/alertmanager
44 tag: {{ prom_alertmanager_version }}
46 pullPolicy: IfNotPresent
48 ## alertmanager priorityClassName
52 ## Additional alertmanager container arguments
56 ## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug
57 ## so that the various internal URLs are still able to access as they are in the default case.
61 ## External URL which can access alertmanager
62 baseURL: "http://localhost:9093"
64 ## Additional alertmanager container environment variable
65 ## For instance to add a http_proxy
69 ## Additional alertmanager Secret mounts
70 # Defines additional mounts with secrets. Secrets must be manually created in the namespace.
72 # - name: secret-files
73 # mountPath: /etc/secrets
75 # secretName: alertmanager-secret-files
78 ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.alertmanager.configMapOverrideName}}
79 ## Defining configMapOverrideName will cause templates/alertmanager-configmap.yaml
80 ## to NOT generate a ConfigMap resource
82 configMapOverrideName: ""
84 ## The name of a secret in the same kubernetes namespace which contains the Alertmanager config
85 ## Defining configFromSecret will cause templates/alertmanager-configmap.yaml
86 ## to NOT generate a ConfigMap resource
90 ## The configuration file name to be loaded to alertmanager
91 ## Must match the key within configuration loaded from ConfigMap/Secret
93 configFileName: alertmanager.yml
96 ## If true, alertmanager Ingress will be created
100 ## alertmanager Ingress annotations
103 # kubernetes.io/ingress.class: nginx
104 # kubernetes.io/tls-acme: 'true'
106 ## alertmanager Ingress additional labels
110 ## alertmanager Ingress hostnames with optional path
111 ## Must be provided if Ingress is enabled
114 # - alertmanager.domain.com
115 # - domain.com/alertmanager
117 ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
121 # serviceName: ssl-redirect
122 # servicePort: use-annotation
124 ## alertmanager Ingress TLS configuration
125 ## Secrets must be manually created in the namespace
128 # - secretName: prometheus-alerts-tls
130 # - alertmanager.domain.com
132 ## Alertmanager Deployment Strategy type
136 ## Node tolerations for alertmanager scheduling to nodes with taints
137 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
141 # operator: "Equal|Exists"
143 # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
145 ## Node labels for alertmanager pod assignment
146 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
154 ## PodDisruptionBudget settings
155 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
161 ## Use an alternate scheduler, e.g. "stork".
162 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
167 ## If true, alertmanager will create/use a Persistent Volume Claim
168 ## If false, use emptyDir
172 ## alertmanager data Persistent Volume access modes
173 ## Must match those of existing PV or dynamic provisioner
174 ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
179 ## alertmanager data Persistent Volume Claim annotations
183 ## alertmanager data Persistent Volume existing claim name
184 ## Requires alertmanager.persistentVolume.enabled: true
185 ## If defined, PVC must be created manually before volume will be bound
188 ## alertmanager data Persistent Volume mount root path
192 ## alertmanager data Persistent Volume size
196 ## alertmanager data Persistent Volume Storage Class
197 ## If defined, storageClassName: <storageClass>
198 ## If set to "-", storageClassName: "", which disables dynamic provisioning
199 ## If undefined (the default) or set to null, no storageClassName spec is
200 ## set, choosing the default provisioner. (gp2 on AWS, standard on
201 ## GKE, AWS & OpenStack)
205 ## alertmanager data Persistent Volume Binding Mode
206 ## If defined, volumeBindingMode: <volumeBindingMode>
207 ## If undefined (the default) or set to null, no volumeBindingMode spec is
208 ## set, choosing the default mode.
210 # volumeBindingMode: ""
212 ## Subdirectory of alertmanager data Persistent Volume to mount
213 ## Useful if the volume's root directory is not empty
217 ## Annotations to be added to alertmanager pods
220 ## Tell prometheus to use a specific set of alertmanager pods
221 ## instead of all alertmanager pods found in the same namespace
222 ## Useful if you deploy multiple releases within the same namespace
224 ## prometheus.io/probe: alertmanager-teamA
226 ## Labels to be added to Prometheus AlertManager pods
230 ## Specify if a Pod Security Policy for node-exporter must be created
231 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
235 ## Specify pod annotations
236 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
237 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
238 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
240 # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
241 # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
242 # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
244 ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below)
249 ## If true, use a statefulset instead of a deployment for pod management.
250 ## This allows to scale replicas to more than 1 pod
254 podManagementPolicy: OrderedReady
256 ## Alertmanager headless service to use for the statefulset
262 ## Enabling peer mesh service end points for enabling the HA alert manager
263 ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md
264 # enableMeshPeer : true
268 ## alertmanager resource requests and limits
269 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
279 ## Security context to be added to alertmanager pods
292 ## Enabling peer mesh service end points for enabling the HA alert manager
293 ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md
294 # enableMeshPeer : true
296 ## List of IP addresses at which the alertmanager service is available
297 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
302 loadBalancerSourceRanges: []
305 sessionAffinity: None
308 ## Monitors ConfigMap changes and POSTs to a URL
309 ## Ref: https://github.com/jimmidyson/configmap-reload
313 ## If false, the configmap-reload container will not be deployed
317 ## configmap-reload container name
319 name: configmap-reload
321 ## configmap-reload container image
325 repository: {{ dockerio_image_repository }}/jimmidyson/configmap-reload
326 tag: {{ configmap_reload_version }}
328 pullPolicy: IfNotPresent
330 ## Additional configmap-reload container arguments
333 ## Additional configmap-reload volume directories
338 ## Additional configmap-reload mounts
340 extraConfigmapMounts: []
341 # - name: prometheus-alerts
342 # mountPath: /etc/alerts.d
344 # configMap: prometheus-alerts
348 ## configmap-reload resource requests and limits
349 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
353 ## If false, the configmap-reload container will not be deployed
357 ## configmap-reload container name
359 name: configmap-reload
361 ## configmap-reload container image
365 repository: {{ dockerio_image_repository }}/jimmidyson/configmap-reload
366 tag: {{ configmap_reload_version }}
368 pullPolicy: IfNotPresent
370 ## Additional configmap-reload container arguments
373 ## Additional configmap-reload volume directories
378 ## Additional configmap-reload mounts
380 extraConfigmapMounts: []
381 # - name: prometheus-alerts
382 # mountPath: /etc/alerts.d
384 # configMap: prometheus-alerts
388 ## configmap-reload resource requests and limits
389 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
395 ## If false, kube-state-metrics will not be installed
399 ## kube-state-metrics container name
401 name: kube-state-metrics
403 ## kube-state-metrics container image
407 repository: {{ quayio_image_repository }}/coreos/kube-state-metrics
408 tag: {{ kube_state_metrics_version }}
410 pullPolicy: IfNotPresent
412 ## kube-state-metrics priorityClassName
414 priorityClassName: ""
416 ## kube-state-metrics container arguments
420 ## Node tolerations for kube-state-metrics scheduling to nodes with taints
421 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
425 # operator: "Equal|Exists"
427 # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
429 ## Node labels for kube-state-metrics pod assignment
430 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
434 ## Annotations to be added to kube-state-metrics pods
438 ## Specify if a Pod Security Policy for node-exporter must be created
439 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
443 ## Specify pod annotations
444 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
445 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
446 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
448 # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
449 # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
450 # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
457 ## PodDisruptionBudget settings
458 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
464 ## kube-state-metrics resource requests and limits
465 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
475 ## Security context to be added to kube-state-metrics pods
483 prometheus.io/scrape: "true"
486 # Exposed as a headless service:
487 # https://kubernetes.io/docs/concepts/services-networking/service/#headless-services
490 ## List of IP addresses at which the kube-state-metrics service is available
491 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
496 loadBalancerSourceRanges: []
498 # Port for Kubestatemetric self telemetry
499 serviceTelemetryPort: 81
503 ## If false, node-exporter will not be installed
507 ## If true, node-exporter pods share the host network namespace
511 ## If true, node-exporter pods share the host PID namespace
515 ## node-exporter container name
519 ## node-exporter container image
523 repository: {{ dockerio_image_repository }}/prom/node-exporter
524 tag: {{ prom_node_exporter_version }}
526 pullPolicy: IfNotPresent
528 ## Specify if a Pod Security Policy for node-exporter must be created
529 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
533 ## Specify pod annotations
534 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
535 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
536 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
538 # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
539 # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
540 # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
542 ## node-exporter priorityClassName
544 priorityClassName: ""
546 ## Custom Update Strategy
551 ## Additional node-exporter container arguments
555 ## Additional node-exporter hostPath mounts
557 extraHostPathMounts: []
558 # - name: textfile-dir
559 # mountPath: /srv/txt_collector
560 # hostPath: /var/lib/node-exporter
562 # mountPropagation: HostToContainer
564 extraConfigmapMounts: []
565 # - name: certs-configmap
566 # mountPath: /prometheus
567 # configMap: certs-configmap
570 ## Node tolerations for node-exporter scheduling to nodes with taints
571 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
575 # operator: "Equal|Exists"
577 # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
579 ## Node labels for node-exporter pod assignment
580 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
584 ## Annotations to be added to node-exporter pods
588 ## Labels to be added to node-exporter pods
593 ## PodDisruptionBudget settings
594 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
600 ## node-exporter resource limits & requests
601 ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
611 ## Security context to be added to node-exporter pods
618 prometheus.io/scrape: "true"
621 # Exposed as a headless service:
622 # https://kubernetes.io/docs/concepts/services-networking/service/#headless-services
625 ## List of IP addresses at which the node-exporter service is available
626 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
632 loadBalancerSourceRanges: []
637 ## Prometheus server container name
643 ## Prometheus server container image
647 repository: {{ dockerio_image_repository }}/prom/prometheus
648 tag: {{ prom_prometheus_version }}
650 pullPolicy: IfNotPresent
652 ## prometheus server priorityClassName
654 priorityClassName: ""
656 ## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug
657 ## so that the various internal URLs are still able to access as they are in the default case.
661 ## External URL which can access alertmanager
662 ## Maybe same with Ingress host name
665 ## Additional server container environment variables
667 ## You specify this manually like you would a raw deployment manifest.
668 ## This means you can bind in environment variables from secrets.
670 ## e.g. static environment variable:
671 ## - name: DEMO_GREETING
672 ## value: "Hello from the environment"
674 ## e.g. secret environment variable:
683 - web.enable-lifecycle
684 ## web.enable-admin-api flag controls access to the administrative HTTP API which includes functionality such as
685 ## deleting time series. This is disabled by default.
686 # - web.enable-admin-api
688 ## storage.tsdb.no-lockfile flag controls BD locking
689 # - storage.tsdb.no-lockfile
691 ## storage.tsdb.wal-compression flag enables compression of the write-ahead log (WAL)
692 # - storage.tsdb.wal-compression
694 ## Path to a configuration file on prometheus server container FS
695 configPath: /etc/config/prometheus.yml
698 ## How frequently to scrape targets by default
701 ## How long until a scrape request times out
704 ## How frequently to evaluate rules
706 evaluation_interval: 1m
707 ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write
710 ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_read
714 ## Additional Prometheus server container arguments
718 ## Additional InitContainers to initialize the pod
720 extraInitContainers: []
722 ## Additional Prometheus server Volume mounts
724 extraVolumeMounts: []
726 ## Additional Prometheus server Volumes
730 ## Additional Prometheus server hostPath mounts
732 extraHostPathMounts: []
734 # mountPath: /etc/kubernetes/certs
736 # hostPath: /etc/kubernetes/certs
739 extraConfigmapMounts: []
740 # - name: certs-configmap
741 # mountPath: /prometheus
743 # configMap: certs-configmap
746 ## Additional Prometheus server Secret mounts
747 # Defines additional mounts with secrets. Secrets must be manually created in the namespace.
748 extraSecretMounts: []
749 # - name: secret-files
750 # mountPath: /etc/secrets
752 # secretName: prom-secret-files
755 ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.server.configMapOverrideName}}
756 ## Defining configMapOverrideName will cause templates/server-configmap.yaml
757 ## to NOT generate a ConfigMap resource
759 configMapOverrideName: ""
762 ## If true, Prometheus server Ingress will be created
766 ## Prometheus server Ingress annotations
769 # kubernetes.io/ingress.class: nginx
770 # kubernetes.io/tls-acme: 'true'
772 ## Prometheus server Ingress additional labels
776 ## Prometheus server Ingress hostnames with optional path
777 ## Must be provided if Ingress is enabled
780 # - prometheus.domain.com
781 # - domain.com/prometheus
783 ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
787 # serviceName: ssl-redirect
788 # servicePort: use-annotation
790 ## Prometheus server Ingress TLS configuration
791 ## Secrets must be manually created in the namespace
794 # - secretName: prometheus-server-tls
796 # - prometheus.domain.com
798 ## Server Deployment Strategy type
802 ## Node tolerations for server scheduling to nodes with taints
803 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
807 # operator: "Equal|Exists"
809 # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
811 ## Node labels for Prometheus server pod assignment
812 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
820 ## PodDisruptionBudget settings
821 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
827 ## Use an alternate scheduler, e.g. "stork".
828 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
833 ## If true, Prometheus server will create/use a Persistent Volume Claim
834 ## If false, use emptyDir
838 ## Prometheus server data Persistent Volume access modes
839 ## Must match those of existing PV or dynamic provisioner
840 ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
845 ## Prometheus server data Persistent Volume annotations
849 ## Prometheus server data Persistent Volume existing claim name
850 ## Requires server.persistentVolume.enabled: true
851 ## If defined, PVC must be created manually before volume will be bound
854 ## Prometheus server data Persistent Volume mount root path
858 ## Prometheus server data Persistent Volume size
862 ## Prometheus server data Persistent Volume Storage Class
863 ## If defined, storageClassName: <storageClass>
864 ## If set to "-", storageClassName: "", which disables dynamic provisioning
865 ## If undefined (the default) or set to null, no storageClassName spec is
866 ## set, choosing the default provisioner. (gp2 on AWS, standard on
867 ## GKE, AWS & OpenStack)
871 ## Prometheus server data Persistent Volume Binding Mode
872 ## If defined, volumeBindingMode: <volumeBindingMode>
873 ## If undefined (the default) or set to null, no volumeBindingMode spec is
874 ## set, choosing the default mode.
876 # volumeBindingMode: ""
878 ## Subdirectory of Prometheus server data Persistent Volume to mount
879 ## Useful if the volume's root directory is not empty
886 ## Annotations to be added to Prometheus server pods
889 # iam.amazonaws.com/role: prometheus
891 ## Labels to be added to Prometheus server pods
895 ## Prometheus AlertManager configuration
899 ## Specify if a Pod Security Policy for node-exporter must be created
900 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
904 ## Specify pod annotations
905 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
906 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
907 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
909 # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
910 # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
911 # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
913 ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below)
918 ## If true, use a statefulset instead of a deployment for pod management.
919 ## This allows to scale replicas to more than 1 pod
925 podManagementPolicy: OrderedReady
927 ## Alertmanager headless service to use for the statefulset
934 ## Prometheus server readiness and liveness probe initial delay and timeout
935 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
937 readinessProbeInitialDelay: 30
938 readinessProbeTimeout: 30
939 readinessProbeFailureThreshold: 3
940 readinessProbeSuccessThreshold: 1
941 livenessProbeInitialDelay: 30
942 livenessProbeTimeout: 30
943 livenessProbeFailureThreshold: 3
944 livenessProbeSuccessThreshold: 1
946 ## Prometheus server resource requests and limits
947 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
957 ## Vertical Pod Autoscaler config
958 ## Ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler
960 ## If true a VPA object will be created for the controller (either StatefulSet or Deployemnt, based on above configs)
964 # - containerName: 'prometheus-server'
966 ## Security context to be added to server pods
979 ## List of IP addresses at which the Prometheus server service is available
980 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
985 loadBalancerSourceRanges: []
987 sessionAffinity: None
990 ## Enable gRPC port on service to allow auto discovery with thanos-querier
996 ## If using a statefulSet (statefulSet.enabled=true), configure the
997 ## service to connect to a specific replica to have a consistent view
1003 ## Prometheus server pod termination grace period
1005 terminationGracePeriodSeconds: 300
1007 ## Prometheus data retention period (default if not specified is 15 days)
1012 ## If false, pushgateway will not be installed
1016 ## Use an alternate scheduler, e.g. "stork".
1017 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1021 ## pushgateway container name
1025 ## pushgateway container image
1029 repository: {{ dockerio_image_repository }}/prom/pushgateway
1030 tag: {{ prom_push_gateway_version }}
1032 pullPolicy: IfNotPresent
1034 ## pushgateway priorityClassName
1036 priorityClassName: ""
1038 ## Additional pushgateway container arguments
1040 ## for example: persistence.file: /data/pushgateway.data
1044 ## If true, pushgateway Ingress will be created
1048 ## pushgateway Ingress annotations
1051 # kubernetes.io/ingress.class: nginx
1052 # kubernetes.io/tls-acme: 'true'
1054 ## pushgateway Ingress hostnames with optional path
1055 ## Must be provided if Ingress is enabled
1058 # - pushgateway.domain.com
1059 # - domain.com/pushgateway
1061 ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
1065 # serviceName: ssl-redirect
1066 # servicePort: use-annotation
1068 ## pushgateway Ingress TLS configuration
1069 ## Secrets must be manually created in the namespace
1072 # - secretName: prometheus-alerts-tls
1074 # - pushgateway.domain.com
1076 ## Node tolerations for pushgateway scheduling to nodes with taints
1077 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
1081 # operator: "Equal|Exists"
1083 # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
1085 ## Node labels for pushgateway pod assignment
1086 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
1090 ## Annotations to be added to pushgateway pods
1094 ## Specify if a Pod Security Policy for node-exporter must be created
1095 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
1099 ## Specify pod annotations
1100 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
1101 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
1102 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
1104 # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
1105 # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
1106 # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
1110 ## PodDisruptionBudget settings
1111 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
1113 podDisruptionBudget:
1117 ## pushgateway resource requests and limits
1118 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
1128 ## Security context to be added to push-gateway pods
1136 prometheus.io/probe: pushgateway
1140 ## List of IP addresses at which the pushgateway service is available
1141 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
1146 loadBalancerSourceRanges: []
1150 ## pushgateway Deployment Strategy type
1155 ## If true, pushgateway will create/use a Persistent Volume Claim
1156 ## If false, use emptyDir
1160 ## pushgateway data Persistent Volume access modes
1161 ## Must match those of existing PV or dynamic provisioner
1162 ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
1167 ## pushgateway data Persistent Volume Claim annotations
1171 ## pushgateway data Persistent Volume existing claim name
1172 ## Requires pushgateway.persistentVolume.enabled: true
1173 ## If defined, PVC must be created manually before volume will be bound
1176 ## pushgateway data Persistent Volume mount root path
1180 ## pushgateway data Persistent Volume size
1184 ## pushgateway data Persistent Volume Storage Class
1185 ## If defined, storageClassName: <storageClass>
1186 ## If set to "-", storageClassName: "", which disables dynamic provisioning
1187 ## If undefined (the default) or set to null, no storageClassName spec is
1188 ## set, choosing the default provisioner. (gp2 on AWS, standard on
1189 ## GKE, AWS & OpenStack)
1193 ## pushgateway data Persistent Volume Binding Mode
1194 ## If defined, volumeBindingMode: <volumeBindingMode>
1195 ## If undefined (the default) or set to null, no volumeBindingMode spec is
1196 ## set, choosing the default mode.
1198 # volumeBindingMode: ""
1200 ## Subdirectory of pushgateway data Persistent Volume to mount
1201 ## Useful if the volume's root directory is not empty
1206 ## alertmanager ConfigMap entries
1214 - name: default-receiver
1217 # send_resolved: true
1222 receiver: default-receiver
1225 ## Prometheus server ConfigMap entries
1229 ## Alerts configuration
1230 ## Ref: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/
1231 alerting_rules.yml: {}
1235 # - alert: InstanceDown
1241 # description: '{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.'
1242 # summary: 'Instance {{ $labels.instance }} down'
1243 ## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use alerting_rules.yml
1246 ## Records configuration
1247 ## Ref: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/
1248 recording_rules.yml: {}
1249 ## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use recording_rules.yml
1254 - /etc/config/recording_rules.yml
1255 - /etc/config/alerting_rules.yml
1256 ## Below two files are DEPRECATED will be removed from this default values file
1258 - /etc/config/alerts
1261 - job_name: prometheus
1266 # A scrape configuration for running Prometheus on a Kubernetes cluster.
1267 # This uses separate scrape configs for cluster components (i.e. API server, node)
1268 # and services to allow each to use different authentication configs.
1270 # Kubernetes labels will be added as Prometheus labels on metrics via the
1271 # `labelmap` relabeling action.
1273 # Scrape config for API servers.
1275 # Kubernetes exposes API servers as endpoints to the default/kubernetes
1276 # service so this uses `endpoints` role and uses relabelling to only keep
1277 # the endpoints associated with the default/kubernetes service using the
1278 # default named port `https`. This works for single API server deployments as
1279 # well as HA API server deployments.
1280 - job_name: 'kubernetes-apiservers'
1282 kubernetes_sd_configs:
1285 # Default to scraping over https. If required, just disable this or change to
1289 # This TLS & bearer token file config is used to connect to the actual scrape
1290 # endpoints for cluster components. This is separate to discovery auth
1291 # configuration because discovery & scraping are two separate concerns in
1292 # Prometheus. The discovery auth config is automatic if Prometheus runs inside
1293 # the cluster. Otherwise, more config options have to be provided within the
1294 # <kubernetes_sd_config>.
1296 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
1297 # If your node certificates are self-signed or use a different CA to the
1298 # master CA, then disable certificate verification below. Note that
1299 # certificate verification is an integral part of a secure infrastructure
1300 # so this should only be disabled in a controlled environment. You can
1301 # disable certificate verification by uncommenting the line below.
1303 insecure_skip_verify: true
1304 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
1306 # Keep only the default/kubernetes service endpoints for the https port. This
1307 # will add targets for each API server which Kubernetes adds an endpoint to
1308 # the default/kubernetes service.
1310 - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
1312 regex: default;kubernetes;https
1314 - job_name: 'kubernetes-nodes'
1316 # Default to scraping over https. If required, just disable this or change to
1320 # This TLS & bearer token file config is used to connect to the actual scrape
1321 # endpoints for cluster components. This is separate to discovery auth
1322 # configuration because discovery & scraping are two separate concerns in
1323 # Prometheus. The discovery auth config is automatic if Prometheus runs inside
1324 # the cluster. Otherwise, more config options have to be provided within the
1325 # <kubernetes_sd_config>.
1327 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
1328 # If your node certificates are self-signed or use a different CA to the
1329 # master CA, then disable certificate verification below. Note that
1330 # certificate verification is an integral part of a secure infrastructure
1331 # so this should only be disabled in a controlled environment. You can
1332 # disable certificate verification by uncommenting the line below.
1334 insecure_skip_verify: true
1335 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
1337 kubernetes_sd_configs:
1342 regex: __meta_kubernetes_node_label_(.+)
1343 - target_label: __address__
1344 replacement: kubernetes.default.svc:443
1345 - source_labels: [__meta_kubernetes_node_name]
1347 target_label: __metrics_path__
1348 replacement: /api/v1/nodes/$1/proxy/metrics
1351 - job_name: 'kubernetes-nodes-cadvisor'
1353 # Default to scraping over https. If required, just disable this or change to
1357 # This TLS & bearer token file config is used to connect to the actual scrape
1358 # endpoints for cluster components. This is separate to discovery auth
1359 # configuration because discovery & scraping are two separate concerns in
1360 # Prometheus. The discovery auth config is automatic if Prometheus runs inside
1361 # the cluster. Otherwise, more config options have to be provided within the
1362 # <kubernetes_sd_config>.
1364 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
1365 # If your node certificates are self-signed or use a different CA to the
1366 # master CA, then disable certificate verification below. Note that
1367 # certificate verification is an integral part of a secure infrastructure
1368 # so this should only be disabled in a controlled environment. You can
1369 # disable certificate verification by uncommenting the line below.
1371 insecure_skip_verify: true
1372 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
1374 kubernetes_sd_configs:
1377 # This configuration will work only on kubelet 1.7.3+
1378 # As the scrape endpoints for cAdvisor have changed
1379 # if you are using older version you need to change the replacement to
1380 # replacement: /api/v1/nodes/$1:4194/proxy/metrics
1381 # more info here https://github.com/coreos/prometheus-operator/issues/633
1384 regex: __meta_kubernetes_node_label_(.+)
1385 - target_label: __address__
1386 replacement: kubernetes.default.svc:443
1387 - source_labels: [__meta_kubernetes_node_name]
1389 target_label: __metrics_path__
1390 replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
1392 # Scrape config for service endpoints.
1394 # The relabeling allows the actual service scrape endpoint to be configured
1395 # via the following annotations:
1397 # * `prometheus.io/scrape`: Only scrape services that have a value of `true`
1398 # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need
1399 # to set this to `https` & most likely set the `tls_config` of the scrape config.
1400 # * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
1401 # * `prometheus.io/port`: If the metrics are exposed on a different port to the
1402 # service then set this appropriately.
1403 - job_name: 'kubernetes-service-endpoints'
1405 kubernetes_sd_configs:
1409 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
1412 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
1414 target_label: __scheme__
1416 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
1418 target_label: __metrics_path__
1420 - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
1422 target_label: __address__
1423 regex: ([^:]+)(?::\d+)?;(\d+)
1426 regex: __meta_kubernetes_service_label_(.+)
1427 - source_labels: [__meta_kubernetes_namespace]
1429 target_label: kubernetes_namespace
1430 - source_labels: [__meta_kubernetes_service_name]
1432 target_label: kubernetes_name
1433 - source_labels: [__meta_kubernetes_pod_node_name]
1435 target_label: kubernetes_node
1437 # Scrape config for slow service endpoints; same as above, but with a larger
1438 # timeout and a larger interval
1440 # The relabeling allows the actual service scrape endpoint to be configured
1441 # via the following annotations:
1443 # * `prometheus.io/scrape-slow`: Only scrape services that have a value of `true`
1444 # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need
1445 # to set this to `https` & most likely set the `tls_config` of the scrape config.
1446 # * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
1447 # * `prometheus.io/port`: If the metrics are exposed on a different port to the
1448 # service then set this appropriately.
1449 - job_name: 'kubernetes-service-endpoints-slow'
1454 kubernetes_sd_configs:
1458 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow]
1461 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
1463 target_label: __scheme__
1465 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
1467 target_label: __metrics_path__
1469 - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
1471 target_label: __address__
1472 regex: ([^:]+)(?::\d+)?;(\d+)
1475 regex: __meta_kubernetes_service_label_(.+)
1476 - source_labels: [__meta_kubernetes_namespace]
1478 target_label: kubernetes_namespace
1479 - source_labels: [__meta_kubernetes_service_name]
1481 target_label: kubernetes_name
1482 - source_labels: [__meta_kubernetes_pod_node_name]
1484 target_label: kubernetes_node
1486 - job_name: 'prometheus-pushgateway'
1489 kubernetes_sd_configs:
1493 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
1497 # Example scrape config for probing services via the Blackbox Exporter.
1499 # The relabeling allows the actual service scrape endpoint to be configured
1500 # via the following annotations:
1502 # * `prometheus.io/probe`: Only probe services that have a value of `true`
1503 - job_name: 'kubernetes-services'
1505 metrics_path: /probe
1509 kubernetes_sd_configs:
1513 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
1516 - source_labels: [__address__]
1517 target_label: __param_target
1518 - target_label: __address__
1519 replacement: blackbox
1520 - source_labels: [__param_target]
1521 target_label: instance
1523 regex: __meta_kubernetes_service_label_(.+)
1524 - source_labels: [__meta_kubernetes_namespace]
1525 target_label: kubernetes_namespace
1526 - source_labels: [__meta_kubernetes_service_name]
1527 target_label: kubernetes_name
1529 # Example scrape config for pods
1531 # The relabeling allows the actual pod scrape endpoint to be configured via the
1532 # following annotations:
1534 # * `prometheus.io/scrape`: Only scrape pods that have a value of `true`
1535 # * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
1536 # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`.
1537 - job_name: 'kubernetes-pods'
1539 kubernetes_sd_configs:
1543 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
1546 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
1548 target_label: __metrics_path__
1550 - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
1552 regex: ([^:]+)(?::\d+)?;(\d+)
1554 target_label: __address__
1556 regex: __meta_kubernetes_pod_label_(.+)
1557 - source_labels: [__meta_kubernetes_namespace]
1559 target_label: kubernetes_namespace
1560 - source_labels: [__meta_kubernetes_pod_name]
1562 target_label: kubernetes_pod_name
1564 # Example Scrape config for pods which should be scraped slower. An useful example
1565 # would be stackriver-exporter which querys an API on every scrape of the pod
1567 # The relabeling allows the actual pod scrape endpoint to be configured via the
1568 # following annotations:
1570 # * `prometheus.io/scrape-slow`: Only scrape pods that have a value of `true`
1571 # * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
1572 # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`.
1573 - job_name: 'kubernetes-pods-slow'
1578 kubernetes_sd_configs:
1582 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape_slow]
1585 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
1587 target_label: __metrics_path__
1589 - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
1591 regex: ([^:]+)(?::\d+)?;(\d+)
1593 target_label: __address__
1595 regex: __meta_kubernetes_pod_label_(.+)
1596 - source_labels: [__meta_kubernetes_namespace]
1598 target_label: kubernetes_namespace
1599 - source_labels: [__meta_kubernetes_pod_name]
1601 target_label: kubernetes_pod_name
1603 # adds additional scrape configs to prometheus.yml
1604 # must be a string so you have to add a | after extraScrapeConfigs:
1605 # example adds prometheus-blackbox-exporter scrape config
1607 # - job_name: 'prometheus-blackbox-exporter'
1608 # metrics_path: /probe
1610 # module: [http_2xx]
1613 # - https://example.com
1615 # - source_labels: [__address__]
1616 # target_label: __param_target
1617 # - source_labels: [__param_target]
1618 # target_label: instance
1619 # - target_label: __address__
1620 # replacement: prometheus-blackbox-exporter:9115
1622 # Adds option to add alert_relabel_configs to avoid duplicate alerts in alertmanager
1623 # useful in H/A prometheus with different external labels but the same alerts
1624 alertRelabelConfigs:
1625 # alert_relabel_configs:
1626 # - source_labels: [dc]
1631 ## Enable creation of NetworkPolicy resources.