9 # - name: "image-pull-secret"
11 ## Define serviceAccount names for components. Defaults to component's fully qualified name.
31 ## If false, alertmanager will not be installed
35 ## alertmanager container name
39 ## alertmanager container image
43 repository: {{ dockerio_image_repository }}/prom/alertmanager
44 tag: {{ prom_alertmanager_version }}
46 pullPolicy: IfNotPresent
48 ## alertmanager priorityClassName
52 ## Additional alertmanager container arguments
56 ## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug
57 ## so that the various internal URLs are still able to access as they are in the default case.
61 ## External URL which can access alertmanager
62 baseURL: "http://localhost:9093"
64 ## Additional alertmanager container environment variable
65 ## For instance to add a http_proxy
69 ## Additional alertmanager Secret mounts
70 # Defines additional mounts with secrets. Secrets must be manually created in the namespace.
72 # - name: secret-files
73 # mountPath: /etc/secrets
75 # secretName: alertmanager-secret-files
78 ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.alertmanager.configMapOverrideName}}
79 ## Defining configMapOverrideName will cause templates/alertmanager-configmap.yaml
80 ## to NOT generate a ConfigMap resource
82 configMapOverrideName: ""
84 ## The name of a secret in the same kubernetes namespace which contains the Alertmanager config
85 ## Defining configFromSecret will cause templates/alertmanager-configmap.yaml
86 ## to NOT generate a ConfigMap resource
90 ## The configuration file name to be loaded to alertmanager
91 ## Must match the key within configuration loaded from ConfigMap/Secret
93 configFileName: alertmanager.yml
96 ## If true, alertmanager Ingress will be created
100 ## alertmanager Ingress annotations
103 # kubernetes.io/ingress.class: nginx
104 # kubernetes.io/tls-acme: 'true'
106 ## alertmanager Ingress additional labels
110 ## alertmanager Ingress hostnames with optional path
111 ## Must be provided if Ingress is enabled
114 # - alertmanager.domain.com
115 # - domain.com/alertmanager
117 ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
121 # serviceName: ssl-redirect
122 # servicePort: use-annotation
124 ## alertmanager Ingress TLS configuration
125 ## Secrets must be manually created in the namespace
128 # - secretName: prometheus-alerts-tls
130 # - alertmanager.domain.com
132 ## Alertmanager Deployment Strategy type
136 ## Node tolerations for alertmanager scheduling to nodes with taints
137 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
141 # operator: "Equal|Exists"
143 # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
145 ## Node labels for alertmanager pod assignment
146 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
154 ## PodDisruptionBudget settings
155 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
161 ## Use an alternate scheduler, e.g. "stork".
162 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
167 ## If true, alertmanager will create/use a Persistent Volume Claim
168 ## If false, use emptyDir
172 ## alertmanager data Persistent Volume access modes
173 ## Must match those of existing PV or dynamic provisioner
174 ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
179 ## alertmanager data Persistent Volume Claim annotations
183 ## alertmanager data Persistent Volume existing claim name
184 ## Requires alertmanager.persistentVolume.enabled: true
185 ## If defined, PVC must be created manually before volume will be bound
188 ## alertmanager data Persistent Volume mount root path
192 ## alertmanager data Persistent Volume size
196 ## alertmanager data Persistent Volume Storage Class
197 ## If defined, storageClassName: <storageClass>
198 ## If set to "-", storageClassName: "", which disables dynamic provisioning
199 ## If undefined (the default) or set to null, no storageClassName spec is
200 ## set, choosing the default provisioner. (gp2 on AWS, standard on
201 ## GKE, AWS & OpenStack)
205 ## alertmanager data Persistent Volume Binding Mode
206 ## If defined, volumeBindingMode: <volumeBindingMode>
207 ## If undefined (the default) or set to null, no volumeBindingMode spec is
208 ## set, choosing the default mode.
210 # volumeBindingMode: ""
212 ## Subdirectory of alertmanager data Persistent Volume to mount
213 ## Useful if the volume's root directory is not empty
217 ## Annotations to be added to alertmanager pods
220 ## Tell prometheus to use a specific set of alertmanager pods
221 ## instead of all alertmanager pods found in the same namespace
222 ## Useful if you deploy multiple releases within the same namespace
224 ## prometheus.io/probe: alertmanager-teamA
226 ## Labels to be added to Prometheus AlertManager pods
230 ## Specify if a Pod Security Policy for node-exporter must be created
231 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
235 ## Specify pod annotations
236 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
237 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
238 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
240 # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
241 # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
242 # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
244 ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below)
249 ## If true, use a statefulset instead of a deployment for pod management.
250 ## This allows to scale replicas to more than 1 pod
254 podManagementPolicy: OrderedReady
256 ## Alertmanager headless service to use for the statefulset
262 ## Enabling peer mesh service end points for enabling the HA alert manager
263 ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md
264 # enableMeshPeer : true
268 ## alertmanager resource requests and limits
269 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
279 ## Security context to be added to alertmanager pods
292 ## Enabling peer mesh service end points for enabling the HA alert manager
293 ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md
294 # enableMeshPeer : true
296 ## List of IP addresses at which the alertmanager service is available
297 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
302 loadBalancerSourceRanges: []
305 sessionAffinity: None
308 ## Monitors ConfigMap changes and POSTs to a URL
309 ## Ref: https://github.com/jimmidyson/configmap-reload
313 ## If false, the configmap-reload container will not be deployed
317 ## configmap-reload container name
319 name: configmap-reload
321 ## configmap-reload container image
325 repository: {{ dockerio_image_repository }}/jimmidyson/configmap-reload
326 tag: {{ configmap_reload_version }}
328 pullPolicy: IfNotPresent
330 ## Additional configmap-reload container arguments
333 ## Additional configmap-reload volume directories
338 ## Additional configmap-reload mounts
340 extraConfigmapMounts: []
341 # - name: prometheus-alerts
342 # mountPath: /etc/alerts.d
344 # configMap: prometheus-alerts
348 ## configmap-reload resource requests and limits
349 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
353 ## If false, the configmap-reload container will not be deployed
357 ## configmap-reload container name
359 name: configmap-reload
361 ## configmap-reload container image
365 repository: {{ dockerio_image_repository }}/jimmidyson/configmap-reload
366 tag: {{ configmap_reload_version }}
368 pullPolicy: IfNotPresent
370 ## Additional configmap-reload container arguments
373 ## Additional configmap-reload volume directories
378 ## Additional configmap-reload mounts
380 extraConfigmapMounts: []
381 # - name: prometheus-alerts
382 # mountPath: /etc/alerts.d
384 # configMap: prometheus-alerts
388 ## configmap-reload resource requests and limits
389 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
395 ## If false, kube-state-metrics will not be installed
399 ## kube-state-metrics container name
401 name: kube-state-metrics
403 ## kube-state-metrics container image
407 repository: {{ quayio_image_repository }}/coreos/kube-state-metrics
408 tag: {{ kube_state_metrics_version }}
410 pullPolicy: IfNotPresent
412 ## kube-state-metrics priorityClassName
414 priorityClassName: ""
416 ## kube-state-metrics container arguments
420 ## Node tolerations for kube-state-metrics scheduling to nodes with taints
421 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
425 # operator: "Equal|Exists"
427 # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
429 ## Node labels for kube-state-metrics pod assignment
430 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
434 ## Annotations to be added to kube-state-metrics pods
438 ## Specify if a Pod Security Policy for node-exporter must be created
439 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
443 ## Specify pod annotations
444 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
445 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
446 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
448 # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
449 # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
450 # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
457 ## PodDisruptionBudget settings
458 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
464 ## kube-state-metrics resource requests and limits
465 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
475 ## Security context to be added to kube-state-metrics pods
483 prometheus.io/scrape: "true"
486 # Exposed as a headless service:
487 # https://kubernetes.io/docs/concepts/services-networking/service/#headless-services
490 ## List of IP addresses at which the kube-state-metrics service is available
491 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
496 loadBalancerSourceRanges: []
498 # Port for Kubestatemetric self telemetry
499 serviceTelemetryPort: 81
503 ## If false, node-exporter will not be installed
507 ## If true, node-exporter pods share the host network namespace
511 ## If true, node-exporter pods share the host PID namespace
515 ## node-exporter container name
519 ## node-exporter container image
523 repository: {{ dockerio_image_repository }}/prom/node-exporter
524 tag: {{ prom_node_exporter_version }}
526 pullPolicy: IfNotPresent
528 ## Specify if a Pod Security Policy for node-exporter must be created
529 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
533 ## Specify pod annotations
534 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
535 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
536 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
538 # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
539 # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
540 # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
542 ## node-exporter priorityClassName
544 priorityClassName: ""
546 ## Custom Update Strategy
551 ## Additional node-exporter container arguments
555 ## Additional node-exporter hostPath mounts
557 extraHostPathMounts: []
558 # - name: textfile-dir
559 # mountPath: /srv/txt_collector
560 # hostPath: /var/lib/node-exporter
562 # mountPropagation: HostToContainer
564 extraConfigmapMounts: []
565 # - name: certs-configmap
566 # mountPath: /prometheus
567 # configMap: certs-configmap
570 ## Node tolerations for node-exporter scheduling to nodes with taints
571 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
577 # operator: "Equal|Exists"
579 # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
581 ## Node labels for node-exporter pod assignment
582 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
586 ## Annotations to be added to node-exporter pods
590 ## Labels to be added to node-exporter pods
595 ## PodDisruptionBudget settings
596 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
602 ## node-exporter resource limits & requests
603 ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
613 ## Security context to be added to node-exporter pods
620 prometheus.io/scrape: "true"
623 # Exposed as a headless service:
624 # https://kubernetes.io/docs/concepts/services-networking/service/#headless-services
627 ## List of IP addresses at which the node-exporter service is available
628 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
634 loadBalancerSourceRanges: []
639 ## Prometheus server container name
645 ## Prometheus server container image
649 repository: {{ dockerio_image_repository }}/prom/prometheus
650 tag: {{ prom_prometheus_version }}
652 pullPolicy: IfNotPresent
654 ## prometheus server priorityClassName
656 priorityClassName: ""
658 ## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug
659 ## so that the various internal URLs are still able to access as they are in the default case.
663 ## External URL which can access alertmanager
664 ## Maybe same with Ingress host name
667 ## Additional server container environment variables
669 ## You specify this manually like you would a raw deployment manifest.
670 ## This means you can bind in environment variables from secrets.
672 ## e.g. static environment variable:
673 ## - name: DEMO_GREETING
674 ## value: "Hello from the environment"
676 ## e.g. secret environment variable:
685 - web.enable-lifecycle
686 ## web.enable-admin-api flag controls access to the administrative HTTP API which includes functionality such as
687 ## deleting time series. This is disabled by default.
688 # - web.enable-admin-api
690 ## storage.tsdb.no-lockfile flag controls BD locking
691 # - storage.tsdb.no-lockfile
693 ## storage.tsdb.wal-compression flag enables compression of the write-ahead log (WAL)
694 # - storage.tsdb.wal-compression
696 ## Path to a configuration file on prometheus server container FS
697 configPath: /etc/config/prometheus.yml
700 ## How frequently to scrape targets by default
703 ## How long until a scrape request times out
706 ## How frequently to evaluate rules
708 evaluation_interval: 1m
709 ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write
712 ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_read
716 ## Additional Prometheus server container arguments
720 ## Additional InitContainers to initialize the pod
722 extraInitContainers: []
724 ## Additional Prometheus server Volume mounts
726 extraVolumeMounts: []
728 ## Additional Prometheus server Volumes
732 ## Additional Prometheus server hostPath mounts
734 extraHostPathMounts: []
736 # mountPath: /etc/kubernetes/certs
738 # hostPath: /etc/kubernetes/certs
741 extraConfigmapMounts: []
742 # - name: certs-configmap
743 # mountPath: /prometheus
745 # configMap: certs-configmap
748 ## Additional Prometheus server Secret mounts
749 # Defines additional mounts with secrets. Secrets must be manually created in the namespace.
750 extraSecretMounts: []
751 # - name: secret-files
752 # mountPath: /etc/secrets
754 # secretName: prom-secret-files
757 ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.server.configMapOverrideName}}
758 ## Defining configMapOverrideName will cause templates/server-configmap.yaml
759 ## to NOT generate a ConfigMap resource
761 configMapOverrideName: ""
764 ## If true, Prometheus server Ingress will be created
768 ## Prometheus server Ingress annotations
771 # kubernetes.io/ingress.class: nginx
772 # kubernetes.io/tls-acme: 'true'
774 ## Prometheus server Ingress additional labels
778 ## Prometheus server Ingress hostnames with optional path
779 ## Must be provided if Ingress is enabled
782 # - prometheus.domain.com
783 # - domain.com/prometheus
785 ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
789 # serviceName: ssl-redirect
790 # servicePort: use-annotation
792 ## Prometheus server Ingress TLS configuration
793 ## Secrets must be manually created in the namespace
796 # - secretName: prometheus-server-tls
798 # - prometheus.domain.com
800 ## Server Deployment Strategy type
804 ## Node tolerations for server scheduling to nodes with taints
805 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
809 # operator: "Equal|Exists"
811 # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
813 ## Node labels for Prometheus server pod assignment
814 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
822 ## PodDisruptionBudget settings
823 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
829 ## Use an alternate scheduler, e.g. "stork".
830 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
835 ## If true, Prometheus server will create/use a Persistent Volume Claim
836 ## If false, use emptyDir
840 ## Prometheus server data Persistent Volume access modes
841 ## Must match those of existing PV or dynamic provisioner
842 ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
847 ## Prometheus server data Persistent Volume annotations
851 ## Prometheus server data Persistent Volume existing claim name
852 ## Requires server.persistentVolume.enabled: true
853 ## If defined, PVC must be created manually before volume will be bound
856 ## Prometheus server data Persistent Volume mount root path
860 ## Prometheus server data Persistent Volume size
864 ## Prometheus server data Persistent Volume Storage Class
865 ## If defined, storageClassName: <storageClass>
866 ## If set to "-", storageClassName: "", which disables dynamic provisioning
867 ## If undefined (the default) or set to null, no storageClassName spec is
868 ## set, choosing the default provisioner. (gp2 on AWS, standard on
869 ## GKE, AWS & OpenStack)
873 ## Prometheus server data Persistent Volume Binding Mode
874 ## If defined, volumeBindingMode: <volumeBindingMode>
875 ## If undefined (the default) or set to null, no volumeBindingMode spec is
876 ## set, choosing the default mode.
878 # volumeBindingMode: ""
880 ## Subdirectory of Prometheus server data Persistent Volume to mount
881 ## Useful if the volume's root directory is not empty
888 ## Annotations to be added to Prometheus server pods
891 # iam.amazonaws.com/role: prometheus
893 ## Labels to be added to Prometheus server pods
897 ## Prometheus AlertManager configuration
901 ## Specify if a Pod Security Policy for node-exporter must be created
902 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
906 ## Specify pod annotations
907 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
908 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
909 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
911 # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
912 # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
913 # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
915 ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below)
920 ## If true, use a statefulset instead of a deployment for pod management.
921 ## This allows to scale replicas to more than 1 pod
927 podManagementPolicy: OrderedReady
929 ## Alertmanager headless service to use for the statefulset
936 ## Prometheus server readiness and liveness probe initial delay and timeout
937 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
939 readinessProbeInitialDelay: 30
940 readinessProbeTimeout: 30
941 readinessProbeFailureThreshold: 3
942 readinessProbeSuccessThreshold: 1
943 livenessProbeInitialDelay: 30
944 livenessProbeTimeout: 30
945 livenessProbeFailureThreshold: 3
946 livenessProbeSuccessThreshold: 1
948 ## Prometheus server resource requests and limits
949 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
959 ## Vertical Pod Autoscaler config
960 ## Ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler
962 ## If true a VPA object will be created for the controller (either StatefulSet or Deployemnt, based on above configs)
966 # - containerName: 'prometheus-server'
968 ## Security context to be added to server pods
981 ## List of IP addresses at which the Prometheus server service is available
982 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
987 loadBalancerSourceRanges: []
989 sessionAffinity: None
992 ## Enable gRPC port on service to allow auto discovery with thanos-querier
998 ## If using a statefulSet (statefulSet.enabled=true), configure the
999 ## service to connect to a specific replica to have a consistent view
1005 ## Prometheus server pod termination grace period
1007 terminationGracePeriodSeconds: 300
1009 ## Prometheus data retention period (default if not specified is 15 days)
1014 ## If false, pushgateway will not be installed
1018 ## Use an alternate scheduler, e.g. "stork".
1019 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1023 ## pushgateway container name
1027 ## pushgateway container image
1031 repository: {{ dockerio_image_repository }}/prom/pushgateway
1032 tag: {{ prom_push_gateway_version }}
1034 pullPolicy: IfNotPresent
1036 ## pushgateway priorityClassName
1038 priorityClassName: ""
1040 ## Additional pushgateway container arguments
1042 ## for example: persistence.file: /data/pushgateway.data
1046 ## If true, pushgateway Ingress will be created
1050 ## pushgateway Ingress annotations
1053 # kubernetes.io/ingress.class: nginx
1054 # kubernetes.io/tls-acme: 'true'
1056 ## pushgateway Ingress hostnames with optional path
1057 ## Must be provided if Ingress is enabled
1060 # - pushgateway.domain.com
1061 # - domain.com/pushgateway
1063 ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
1067 # serviceName: ssl-redirect
1068 # servicePort: use-annotation
1070 ## pushgateway Ingress TLS configuration
1071 ## Secrets must be manually created in the namespace
1074 # - secretName: prometheus-alerts-tls
1076 # - pushgateway.domain.com
1078 ## Node tolerations for pushgateway scheduling to nodes with taints
1079 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
1083 # operator: "Equal|Exists"
1085 # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
1087 ## Node labels for pushgateway pod assignment
1088 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
1092 ## Annotations to be added to pushgateway pods
1096 ## Specify if a Pod Security Policy for node-exporter must be created
1097 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
1101 ## Specify pod annotations
1102 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
1103 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
1104 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
1106 # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
1107 # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
1108 # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
1112 ## PodDisruptionBudget settings
1113 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
1115 podDisruptionBudget:
1119 ## pushgateway resource requests and limits
1120 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
1130 ## Security context to be added to push-gateway pods
1138 prometheus.io/probe: pushgateway
1142 ## List of IP addresses at which the pushgateway service is available
1143 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
1148 loadBalancerSourceRanges: []
1152 ## pushgateway Deployment Strategy type
1157 ## If true, pushgateway will create/use a Persistent Volume Claim
1158 ## If false, use emptyDir
1162 ## pushgateway data Persistent Volume access modes
1163 ## Must match those of existing PV or dynamic provisioner
1164 ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
1169 ## pushgateway data Persistent Volume Claim annotations
1173 ## pushgateway data Persistent Volume existing claim name
1174 ## Requires pushgateway.persistentVolume.enabled: true
1175 ## If defined, PVC must be created manually before volume will be bound
1178 ## pushgateway data Persistent Volume mount root path
1182 ## pushgateway data Persistent Volume size
1186 ## pushgateway data Persistent Volume Storage Class
1187 ## If defined, storageClassName: <storageClass>
1188 ## If set to "-", storageClassName: "", which disables dynamic provisioning
1189 ## If undefined (the default) or set to null, no storageClassName spec is
1190 ## set, choosing the default provisioner. (gp2 on AWS, standard on
1191 ## GKE, AWS & OpenStack)
1195 ## pushgateway data Persistent Volume Binding Mode
1196 ## If defined, volumeBindingMode: <volumeBindingMode>
1197 ## If undefined (the default) or set to null, no volumeBindingMode spec is
1198 ## set, choosing the default mode.
1200 # volumeBindingMode: ""
1202 ## Subdirectory of pushgateway data Persistent Volume to mount
1203 ## Useful if the volume's root directory is not empty
1208 ## alertmanager ConfigMap entries
1216 - name: default-receiver
1219 # send_resolved: true
1224 receiver: default-receiver
1227 ## Prometheus server ConfigMap entries
1231 ## Alerts configuration
1232 ## Ref: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/
1233 alerting_rules.yml: {}
1237 # - alert: InstanceDown
1243 # description: '{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.'
1244 # summary: 'Instance {{ $labels.instance }} down'
1245 ## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use alerting_rules.yml
1248 ## Records configuration
1249 ## Ref: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/
1250 recording_rules.yml: {}
1251 ## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use recording_rules.yml
1256 - /etc/config/recording_rules.yml
1257 - /etc/config/alerting_rules.yml
1258 ## Below two files are DEPRECATED will be removed from this default values file
1260 - /etc/config/alerts
1263 - job_name: prometheus
1268 # A scrape configuration for running Prometheus on a Kubernetes cluster.
1269 # This uses separate scrape configs for cluster components (i.e. API server, node)
1270 # and services to allow each to use different authentication configs.
1272 # Kubernetes labels will be added as Prometheus labels on metrics via the
1273 # `labelmap` relabeling action.
1275 # Scrape config for API servers.
1277 # Kubernetes exposes API servers as endpoints to the default/kubernetes
1278 # service so this uses `endpoints` role and uses relabelling to only keep
1279 # the endpoints associated with the default/kubernetes service using the
1280 # default named port `https`. This works for single API server deployments as
1281 # well as HA API server deployments.
1282 - job_name: 'kubernetes-apiservers'
1284 kubernetes_sd_configs:
1287 # Default to scraping over https. If required, just disable this or change to
1291 # This TLS & bearer token file config is used to connect to the actual scrape
1292 # endpoints for cluster components. This is separate to discovery auth
1293 # configuration because discovery & scraping are two separate concerns in
1294 # Prometheus. The discovery auth config is automatic if Prometheus runs inside
1295 # the cluster. Otherwise, more config options have to be provided within the
1296 # <kubernetes_sd_config>.
1298 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
1299 # If your node certificates are self-signed or use a different CA to the
1300 # master CA, then disable certificate verification below. Note that
1301 # certificate verification is an integral part of a secure infrastructure
1302 # so this should only be disabled in a controlled environment. You can
1303 # disable certificate verification by uncommenting the line below.
1305 insecure_skip_verify: true
1306 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
1308 # Keep only the default/kubernetes service endpoints for the https port. This
1309 # will add targets for each API server which Kubernetes adds an endpoint to
1310 # the default/kubernetes service.
1312 - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
1314 regex: default;kubernetes;https
1316 - job_name: 'kubernetes-nodes'
1318 # Default to scraping over https. If required, just disable this or change to
1322 # This TLS & bearer token file config is used to connect to the actual scrape
1323 # endpoints for cluster components. This is separate to discovery auth
1324 # configuration because discovery & scraping are two separate concerns in
1325 # Prometheus. The discovery auth config is automatic if Prometheus runs inside
1326 # the cluster. Otherwise, more config options have to be provided within the
1327 # <kubernetes_sd_config>.
1329 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
1330 # If your node certificates are self-signed or use a different CA to the
1331 # master CA, then disable certificate verification below. Note that
1332 # certificate verification is an integral part of a secure infrastructure
1333 # so this should only be disabled in a controlled environment. You can
1334 # disable certificate verification by uncommenting the line below.
1336 insecure_skip_verify: true
1337 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
1339 kubernetes_sd_configs:
1344 regex: __meta_kubernetes_node_label_(.+)
1345 - target_label: __address__
1346 replacement: kubernetes.default.svc:443
1347 - source_labels: [__meta_kubernetes_node_name]
1349 target_label: __metrics_path__
1350 replacement: /api/v1/nodes/$1/proxy/metrics
1353 - job_name: 'kubernetes-nodes-cadvisor'
1355 # Default to scraping over https. If required, just disable this or change to
1359 # This TLS & bearer token file config is used to connect to the actual scrape
1360 # endpoints for cluster components. This is separate to discovery auth
1361 # configuration because discovery & scraping are two separate concerns in
1362 # Prometheus. The discovery auth config is automatic if Prometheus runs inside
1363 # the cluster. Otherwise, more config options have to be provided within the
1364 # <kubernetes_sd_config>.
1366 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
1367 # If your node certificates are self-signed or use a different CA to the
1368 # master CA, then disable certificate verification below. Note that
1369 # certificate verification is an integral part of a secure infrastructure
1370 # so this should only be disabled in a controlled environment. You can
1371 # disable certificate verification by uncommenting the line below.
1373 insecure_skip_verify: true
1374 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
1376 kubernetes_sd_configs:
1379 # This configuration will work only on kubelet 1.7.3+
1380 # As the scrape endpoints for cAdvisor have changed
1381 # if you are using older version you need to change the replacement to
1382 # replacement: /api/v1/nodes/$1:4194/proxy/metrics
1383 # more info here https://github.com/coreos/prometheus-operator/issues/633
1386 regex: __meta_kubernetes_node_label_(.+)
1387 - target_label: __address__
1388 replacement: kubernetes.default.svc:443
1389 - source_labels: [__meta_kubernetes_node_name]
1391 target_label: __metrics_path__
1392 replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
1394 # Scrape config for service endpoints.
1396 # The relabeling allows the actual service scrape endpoint to be configured
1397 # via the following annotations:
1399 # * `prometheus.io/scrape`: Only scrape services that have a value of `true`
1400 # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need
1401 # to set this to `https` & most likely set the `tls_config` of the scrape config.
1402 # * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
1403 # * `prometheus.io/port`: If the metrics are exposed on a different port to the
1404 # service then set this appropriately.
1405 - job_name: 'kubernetes-service-endpoints'
1407 kubernetes_sd_configs:
1411 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
1414 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
1416 target_label: __scheme__
1418 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
1420 target_label: __metrics_path__
1422 - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
1424 target_label: __address__
1425 regex: ([^:]+)(?::\d+)?;(\d+)
1428 regex: __meta_kubernetes_service_label_(.+)
1429 - source_labels: [__meta_kubernetes_namespace]
1431 target_label: kubernetes_namespace
1432 - source_labels: [__meta_kubernetes_service_name]
1434 target_label: kubernetes_name
1435 - source_labels: [__meta_kubernetes_pod_node_name]
1437 target_label: kubernetes_node
1439 # Scrape config for slow service endpoints; same as above, but with a larger
1440 # timeout and a larger interval
1442 # The relabeling allows the actual service scrape endpoint to be configured
1443 # via the following annotations:
1445 # * `prometheus.io/scrape-slow`: Only scrape services that have a value of `true`
1446 # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need
1447 # to set this to `https` & most likely set the `tls_config` of the scrape config.
1448 # * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
1449 # * `prometheus.io/port`: If the metrics are exposed on a different port to the
1450 # service then set this appropriately.
1451 - job_name: 'kubernetes-service-endpoints-slow'
1456 kubernetes_sd_configs:
1460 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow]
1463 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
1465 target_label: __scheme__
1467 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
1469 target_label: __metrics_path__
1471 - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
1473 target_label: __address__
1474 regex: ([^:]+)(?::\d+)?;(\d+)
1477 regex: __meta_kubernetes_service_label_(.+)
1478 - source_labels: [__meta_kubernetes_namespace]
1480 target_label: kubernetes_namespace
1481 - source_labels: [__meta_kubernetes_service_name]
1483 target_label: kubernetes_name
1484 - source_labels: [__meta_kubernetes_pod_node_name]
1486 target_label: kubernetes_node
1488 - job_name: 'prometheus-pushgateway'
1491 kubernetes_sd_configs:
1495 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
1499 # Example scrape config for probing services via the Blackbox Exporter.
1501 # The relabeling allows the actual service scrape endpoint to be configured
1502 # via the following annotations:
1504 # * `prometheus.io/probe`: Only probe services that have a value of `true`
1505 - job_name: 'kubernetes-services'
1507 metrics_path: /probe
1511 kubernetes_sd_configs:
1515 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
1518 - source_labels: [__address__]
1519 target_label: __param_target
1520 - target_label: __address__
1521 replacement: blackbox
1522 - source_labels: [__param_target]
1523 target_label: instance
1525 regex: __meta_kubernetes_service_label_(.+)
1526 - source_labels: [__meta_kubernetes_namespace]
1527 target_label: kubernetes_namespace
1528 - source_labels: [__meta_kubernetes_service_name]
1529 target_label: kubernetes_name
1531 # Example scrape config for pods
1533 # The relabeling allows the actual pod scrape endpoint to be configured via the
1534 # following annotations:
1536 # * `prometheus.io/scrape`: Only scrape pods that have a value of `true`
1537 # * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
1538 # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`.
1539 - job_name: 'kubernetes-pods'
1541 kubernetes_sd_configs:
1545 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
1548 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
1550 target_label: __metrics_path__
1552 - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
1554 regex: ([^:]+)(?::\d+)?;(\d+)
1556 target_label: __address__
1558 regex: __meta_kubernetes_pod_label_(.+)
1559 - source_labels: [__meta_kubernetes_namespace]
1561 target_label: kubernetes_namespace
1562 - source_labels: [__meta_kubernetes_pod_name]
1564 target_label: kubernetes_pod_name
1566 # Example Scrape config for pods which should be scraped slower. An useful example
1567 # would be stackriver-exporter which querys an API on every scrape of the pod
1569 # The relabeling allows the actual pod scrape endpoint to be configured via the
1570 # following annotations:
1572 # * `prometheus.io/scrape-slow`: Only scrape pods that have a value of `true`
1573 # * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
1574 # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`.
1575 - job_name: 'kubernetes-pods-slow'
1580 kubernetes_sd_configs:
1584 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape_slow]
1587 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
1589 target_label: __metrics_path__
1591 - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
1593 regex: ([^:]+)(?::\d+)?;(\d+)
1595 target_label: __address__
1597 regex: __meta_kubernetes_pod_label_(.+)
1598 - source_labels: [__meta_kubernetes_namespace]
1600 target_label: kubernetes_namespace
1601 - source_labels: [__meta_kubernetes_pod_name]
1603 target_label: kubernetes_pod_name
1605 # adds additional scrape configs to prometheus.yml
1606 # must be a string so you have to add a | after extraScrapeConfigs:
1607 # example adds prometheus-blackbox-exporter scrape config
1609 # - job_name: 'prometheus-blackbox-exporter'
1610 # metrics_path: /probe
1612 # module: [http_2xx]
1615 # - https://example.com
1617 # - source_labels: [__address__]
1618 # target_label: __param_target
1619 # - source_labels: [__param_target]
1620 # target_label: instance
1621 # - target_label: __address__
1622 # replacement: prometheus-blackbox-exporter:9115
1624 # Adds option to add alert_relabel_configs to avoid duplicate alerts in alertmanager
1625 # useful in H/A prometheus with different external labels but the same alerts
1626 alertRelabelConfigs:
1627 # alert_relabel_configs:
1628 # - source_labels: [dc]
1633 ## Enable creation of NetworkPolicy resources.